prosze o sprawdzenie loga

[lolexander]

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 20:35:52, on 27.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Programmeewido anti-malwareewidoctrl.exe
C:ProgrammeEset
od32krn.exe
C:WINDOWSsystem32
vsvc32.exe
C:ProgrammeAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:ProgrammeEset
od32kui.exe
C:ProgrammeUnlockerUnlockerAssistant.exe
C:ProgrammeQuickTimeqttask.exe
C:ProgrammeSkypePhoneSkype.exe
C:ProgrammeSteamSteam.exe
C:ProgrammeMozilla Firefoxfirefox.exe
C:ProgrammeKodakKodak EasyShare softwareinEasyShare.exe
C:ProgrammeKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe
C:WINDOWSsystem32svchost.exe
C:mIRCmirc.exe
C:ProgrammeeMuleemule.exe
C:Dokumente und EinstellungenPCEigene DateienprogramikihijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.whatsfind.com/route.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammeAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgrammeJavajre1.5.0_06inssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmegooglegoogletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmegooglegoogletoolbar1.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [nod32kui] "C:ProgrammeEset
od32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [UnlockerAssistant] "C:ProgrammeUnlockerUnlockerAssistant.exe"
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammeQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Outpost Firewall] C:PROGRA~1AgnitumOUTPOS~1outpost.exe /waitservice
O4 - HKLM..Run: [OutpostFeedBack] C:ProgrammeAgnitumOutpost Firewallfeedback.exe /dump:os_startup
O4 - HKCU..Run: [Konnekt] "C:ProgrammeKonnektkonnekt.exe" /autostart
O4 - HKCU..Run: [Wengo] "C:/Programme/Wengo/wengophone.exe" -background
O4 - HKCU..Run: [Skype] "C:ProgrammeSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [Steam] "C:ProgrammeSteamSteam.exe" -silent
O4 - Startup: Adobe Gamma.lnk = C:ProgrammeGemeinsame DateienAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:ProgrammeAdobeAcrobat 7.0Reader eader_sl.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:ProgrammeKodakKodak EasyShare softwareinEasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:ProgrammeKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe
O8 - Extra context menu item: &Google-Suche - res://c:programmegoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:programmegoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:programmegoogleGoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:programmegoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:programmegoogleGoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammeJavajre1.5.0_06inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammeJavajre1.5.0_06inssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:ProgrammeAgnitumOutpost FirewallPluginsBrowserBarie_bar.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_20.cab
O17 - HKLMSystemCCSServicesTcpip..{98C1CC83-7294-41CC-8EB7-97AA35CFEA14}: NameServer = 213.191.74.12 213.191.92.84
O20 - AppInit_DLLs: C:PROGRA~1AgnitumOUTPOS~1wl_hook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:ProgrammeGemeinsame DateienAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:Programmeewido anti-malwareewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgrammeGemeinsame DateienInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:ProgrammeEset
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:ProgrammeAgnitumOutpost Firewalloutpost.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:ProgrammeAlcohol SoftAlcohol 120StarWindStarWindService.exe

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"Konnekt" = ""C:ProgrammeKonnektkonnekt.exe" /autostart" ["Stamina"]
"Wengo" = ""C:/Programme/Wengo/wengophone.exe" -background" [file not found]
"Skype" = ""C:ProgrammeSkypePhoneSkype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Steam" = ""C:ProgrammeSteamSteam.exe" -silent" ["Valve Corporation"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS]
"nod32kui" = ""C:ProgrammeEset
od32kui.exe" /WAITSERVICE" ["Eset "]
"UnlockerAssistant" = ""C:ProgrammeUnlockerUnlockerAssistant.exe"" [null data]
"QuickTime Task" = ""C:ProgrammeQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"Outpost Firewall" = "C:PROGRA~1AgnitumOUTPOS~1outpost.exe /waitservice" ["Agnitum Ltd."]
"OutpostFeedBack" = "C:ProgrammeAgnitumOutpost Firewallfeedback.exe /dump:os_startup" ["Agnitum Ltd."]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx {++}
"(Default)" = (empty string)
"Register Homesite+.exe" = "C:ProgrammeMacromediaHomeSite+Homesite+.exe /REGSERVER" ["Macromedia, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   InProcServer32(Default) = "C:ProgrammeAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   InProcServer32(Default) = "C:ProgrammeJavajre1.5.0_06inssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
                   InProcServer32(Default) = "c:programmegooglegoogletoolbar1.dll" ["Google Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   InProcServer32(Default) = "C:WINDOWSsystem32
vshell.dll" ["NVIDIA Corporation"]
"{acb4a560-3606-11d3-aef4-00104bd0f92d}" = "KodakShellExtension"
  -> {HKLM...CLSID} = "KodakShellExtension"
                   InProcServer32(Default) = "C:ProgrammeGemeinsame DateienKodakifscoreKodakShX.dll" ["Eastman Kodak Company"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:ProgrammeWinRAR arext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   InProcServer32(Default) = "C:ProgrammeEset
odshex.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {HKLM...CLSID} = "AlcoholShellEx"
                   InProcServer32(Default) = "C:PROGRA~1ALCOHO~1ALCOHO~1axshlex.dll" ["Alcohol Soft Development Team"]
"{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare"
  -> {HKLM...CLSID} = "NetWare Objects"
                   InProcServer32(Default) = "nwprovau.dll" [MS]
"{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
  -> {HKLM...CLSID} = "NetWare UNC Folder Menu"
                   InProcServer32(Default) = "nwprovau.dll" [MS]
"{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare"
  -> {HKLM...CLSID} = "NetWare Hood Verbs"
                   InProcServer32(Default) = "nwprovau.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                   InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS]
"{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS"
  -> {HKLM...CLSID} = "Macromedia FTP & RDS"
                   InProcServer32(Default) = "C:WINDOWSsystem32CfShellFtpRds.dll" ["Macromedia, Inc."]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   InProcServer32(Default) = "C:ProgrammeUnlockerUnlockerCOM.dll" [null data]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
  -> {HKLM...CLSID} = "GMail Drive"
                   InProcServer32(Default) = "C:WINDOWSsystem32ShellExtGMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
  -> {HKLM...CLSID} = "GMailFS Property Sheet"
                   InProcServer32(Default) = "C:WINDOWSsystem32ShellExtGMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
  -> {HKLM...CLSID} = "GMailFS Drop Handler"
                   InProcServer32(Default) = "C:WINDOWSsystem32ShellExtGMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
  -> {HKLM...CLSID} = "GMailFS Context Menu"
                   InProcServer32(Default) = "C:WINDOWSsystem32ShellExtGMailFS.dll" ["Bjarke Viksoe"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   InProcServer32(Default) = "C:Programmeewido anti-malwareshellhook.dll" ["TODO: <Firmenname>"]

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows
INFECTION WARNING! "AppInit_DLLs" = "C:PROGRA~1AgnitumOUTPOS~1wl_hook.dll" ["Agnitum Ltd."]

HKLMSoftwareClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   InProcServer32(Default) = "C:ProgrammeAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
                   InProcServer32(Default) = "C:ProgrammeAgnitumOutpost Firewallop_shell.dll" ["Agnitum Ltd."]
ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                   InProcServer32(Default) = "C:Programmeewido anti-malwarecontext.dll" ["ewido networks"]
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   InProcServer32(Default) = "C:ProgrammeEset
odshex.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:ProgrammeWinRAR arext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
                   InProcServer32(Default) = "C:ProgrammeAgnitumOutpost Firewallop_shell.dll" ["Agnitum Ltd."]
ewido(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
  -> {HKLM...CLSID} = "Ctest Object"
                   InProcServer32(Default) = "C:Programmeewido anti-malwarecontext.dll" ["ewido networks"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:ProgrammeWinRAR arext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
ASW(Default) = "{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
  -> {HKLM...CLSID} = "Outpost.ASWShellExt Component"
                   InProcServer32(Default) = "C:ProgrammeAgnitumOutpost Firewallop_shell.dll" ["Agnitum Ltd."]
NetWareUNCMenu(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}"
  -> {HKLM...CLSID} = "NetWare UNC Folder Menu"
                   InProcServer32(Default) = "nwprovau.dll" [MS]
NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   InProcServer32(Default) = "C:ProgrammeEset
odshex.dll" [null data]
UnlockerShellExtension(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
  -> {HKLM...CLSID} = "UnlockerShellExtension"
                   InProcServer32(Default) = "C:ProgrammeUnlockerUnlockerCOM.dll" [null data]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   InProcServer32(Default) = "C:ProgrammeWinRAR arext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

HKCUControl PanelDesktop
"Wallpaper" = "C:Dokumente und EinstellungenPCAnwendungsdatenMozillaFirefoxTapeta pulpitu.bmp"


Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]


Startup items in "PC" & "All Users" startup folders:
----------------------------------------------------

C:Dokumente und EinstellungenPCStartmenüProgrammeAutostart
"Adobe Gamma" -> shortcut to: "C:ProgrammeGemeinsame DateienAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:Dokumente und EinstellungenAll UsersStartmenüProgrammeAutostart
"Adobe Reader Speed Launch" -> shortcut to: "C:ProgrammeAdobeAcrobat 7.0Reader eader_sl.exe" ["Adobe Systems Incorporated"]
"Kodak EasyShare Software" -> shortcut to: "C:ProgrammeKodakKodak EasyShare softwareinEasyShare.exe -hx" [null data]
"Kodak software updater" -> shortcut to: "C:ProgrammeKodakKODAK Software Updater7288971ProgramKodak Software Updater.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "%SystemRoot%System32
wprovau.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:WINDOWSsystem32imon.dll ["Eset "], 01 - 08, 31
%SystemRoot%system32mswsock.dll [MS], 09 - 11, 14 - 30
%SystemRoot%system32 svpsp.dll [MS], 12 - 13


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   InProcServer32(Default) = "c:programmegooglegoogletoolbar1.dll" ["Google Inc."]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
                   InProcServer32(Default) = "c:programmegooglegoogletoolbar1.dll" ["Google Inc."]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLMSoftwareClassesCLSID{A1A7E22D-1587-4230-8F16-081C68D21448}(Default) = "Outpost Firewall Pro Quick Tune"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "C:ProgrammeAgnitumOutpost FirewallPluginsBrowserBarie_bar.dll" ["Agnitum Ltd."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in"
                   InProcServer32(Default) = "C:ProgrammeJavajre1.5.0_06inssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
                   InProcServer32(Default) = "C:ProgrammeJavajre1.5.0_06in
pjpi150_06.dll" ["Sun Microsystems, Inc."]

{44627E97-789B-40D4-B5C2-58BD171129A1}
"ButtonText" = "Outpost Firewall Pro Quick Tune"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Client Service für NetWare, NWCWorkstation, "C:WINDOWSsystem32svchost.exe -k netsvcs" {"C:WINDOWSSystem32
wwks.dll" [MS]}
ewido security suite control, ewido security suite control, "C:Programmeewido anti-malwareewidoctrl.exe" ["ewido networks"]
NOD32 Kernel Service, NOD32krn, ""C:ProgrammeEset
od32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32
vsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "C:ProgrammeAlcohol SoftAlcohol 120StarWindStarWindService.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 126 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
  took 15 seconds.
---------- (total run time: 177 seconds)

z gory thx