SystemLook 30.07.11 by jpshortstuff
Log created at 19:41 on 20/06/2013 by Krzysztof
Administrator - Elevation successful

========== regfind ==========

Searching for "{54848076-14D0-45E7-851E-CAF7EF0125F1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{54848076-14D0-45E7-851E-CAF7EF0125F1}]

Searching for "eScan"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\DOWNLOAD.EXE]
"Path"="C:\Program Files (x86)\eScan\DOWNLOAD.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\eFlash.EXE]
"Path"="C:\Program Files (x86)\eScan\eFlash.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\escanmon.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\escanmon.exe]
"Path"="C:\Program Files (x86)\eScan\Vista\escanmon.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\escanpro.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\escanpro.exe]
"Path"="C:\Program Files (x86)\eScan\escanpro.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\FRIGHTS.EXE]
"Path"="C:\Program Files (x86)\eScan\FRIGHTS.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\LICENSE.EXE]
"Path"="C:\Program Files (x86)\eScan\LICENSE.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\TRAYICOS.EXE]
"Path"="C:\Program Files (x86)\eScan\TRAYICOS.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\DOWNLOAD.EXE]
"Path"="C:\Program Files (x86)\eScan\DOWNLOAD.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\eFlash.EXE]
"Path"="C:\Program Files (x86)\eScan\eFlash.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\escanmon.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\escanmon.exe]
"Path"="C:\Program Files (x86)\eScan\Vista\escanmon.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\escanpro.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\escanpro.exe]
"Path"="C:\Program Files (x86)\eScan\escanpro.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\FRIGHTS.EXE]
"Path"="C:\Program Files (x86)\eScan\FRIGHTS.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\LICENSE.EXE]
"Path"="C:\Program Files (x86)\eScan\LICENSE.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\TRAYICOS.EXE]
"Path"="C:\Program Files (x86)\eScan\TRAYICOS.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Killer"="C:\Program Files (x86)\eScan\is-V7ALS.tmp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\eScanShellExt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{3E458037-0CA6-41aa-A594-2AA6C02D709B}]
"FriendlyName"="SBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Skanuj w poszukiwaniu wirusów przy użyciu programu eScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Skanuj w poszukiwaniu wirusów przy użyciu programu eScan\command]
@="rundll32.exe C:\PROGRA~2\eScan\eScans64.dll,ScanMyC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E458037-0CA6-41aa-A594-2AA6C02D709B}]
@="SBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\eScanShellExt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\eut]
"ScanEScanQuarantinedItems"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\eScanShellExt]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CD822A6-6A57-11D3-A47C-0060B0F8AA86}]
@="DIHPAiOLightResponseScanTest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CD822A8-6A57-11D3-A47C-0060B0F8AA86}]
@="_DIHPAiOLightResponseScanTestEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bbe95fc-c53f-11d1-b3a2-00a0c9083365}]
@="IGatewayInstanceScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bbe95fd-c53f-11d1-b3a2-00a0c9083365}]
@="IGatewayInstanceScanSink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E2BF5A5-4F96-4899-A1A3-75E8BE9A5AC0}]
@="ISBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{3E458037-0CA6-41aa-A594-2AA6C02D709B}]
"FriendlyName"="SBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Skanuj w poszukiwaniu wirusów przy użyciu programu eScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Skanuj w poszukiwaniu wirusów przy użyciu programu eScan\command]
@="rundll32.exe C:\PROGRA~2\eScan\eScanshx.dll,ScanMyC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E458037-0CA6-41aa-A594-2AA6C02D709B}]
@="SBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CD822A6-6A57-11D3-A47C-0060B0F8AA86}]
@="DIHPAiOLightResponseScanTest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2CD822A8-6A57-11D3-A47C-0060B0F8AA86}]
@="_DIHPAiOLightResponseScanTestEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E2BF5A5-4F96-4899-A1A3-75E8BE9A5AC0}]
@="ISBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{54848076-14D0-45E7-851E-CAF7EF0125F1}]
"Exec"="C:\PROGRA~2\eScan\VKBoard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{54848076-14D0-45E7-851E-CAF7EF0125F1}]
"HotIcon"="C:\PROGRA~2\eScan\vkhot.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{54848076-14D0-45E7-851E-CAF7EF0125F1}]
"Icon"="C:\PROGRA~2\eScan\vk.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCCFE6DCA9A67F49B5D325B5FDAE74C]
"7E31197DC472B074DB64101B2091FDA6"="C?\Program Files (x86)\HP\Digital Imaging\bin\hpqpsescan01.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{66B1FB35-3BDD-45A3-9035-E178E6D8CED9}"="eScanShellExt extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73AA9C0E-C321-42D2-B89E-59C3C4AA9A48}]
"Path"="\eScan Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eScan Updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{66B1FB35-3BDD-45A3-9035-E178E6D8CED9}"="eScanShellExt extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{3E458037-0CA6-41aa-A594-2AA6C02D709B}]
"FriendlyName"="SBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Skanuj w poszukiwaniu wirusów przy użyciu programu eScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Skanuj w poszukiwaniu wirusów przy użyciu programu eScan\command]
@="rundll32.exe C:\PROGRA~2\eScan\eScanshx.dll,ScanMyC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E458037-0CA6-41aa-A594-2AA6C02D709B}]
@="SBE2FileScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CD822A6-6A57-11D3-A47C-0060B0F8AA86}]
@="DIHPAiOLightResponseScanTest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{2CD822A8-6A57-11D3-A47C-0060B0F8AA86}]
@="_DIHPAiOLightResponseScanTestEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{3E2BF5A5-4F96-4899-A1A3-75E8BE9A5AC0}]
@="ISBE2FileScan"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}]
"LocDescription"="@oem26.inf,%econceal_desc%;eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}]
"Description"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}\Ndi]
"HelpText"="eScan Firewall NDIS LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ECONCEAL\0000]
"DeviceDesc"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Parameters]
"NullSessionShares"="escanavx$"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Shares]
"escanavx$"="CSCFlags=0 MaxUses=4294967295 Path=C:\ProgramData\MicroWorld\eScanBD Permissions=0 ShareName=escanavx$ Type=0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProcObsrvesx]
"ImagePath"="\??\C:\PROGRA~2\eScan\ProcObsrvesx.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}]
"LocDescription"="@oem26.inf,%econceal_desc%;eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}]
"Description"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}\Ndi]
"HelpText"="eScan Firewall NDIS LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ECONCEAL\0000]
"DeviceDesc"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfsfltr]
"Description"="eScan Monitor (DB) Minifilter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\econceal]
"DisplayName"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\econceal]
"Description"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\LanmanServer\Parameters]
"NullSessionShares"="escanavx$"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\LanmanServer\Shares]
"escanavx$"="CSCFlags=0 MaxUses=4294967295 Path=C:\ProgramData\MicroWorld\eScanBD Permissions=0 ShareName=escanavx$ Type=0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ProcObsrvesx]
"ImagePath"="\??\C:\PROGRA~2\eScan\ProcObsrvesx.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}]
"LocDescription"="@oem26.inf,%econceal_desc%;eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}]
"Description"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{E2272475-3128-40DE-B567-AC79362DBC4B}\Ndi]
"HelpText"="eScan Firewall NDIS LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ECONCEAL\0000]
"DeviceDesc"="eScan Firewall LightWeight Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
"NullSessionShares"="escanavx$"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares]
"escanavx$"="CSCFlags=0 MaxUses=4294967295 Path=C:\ProgramData\MicroWorld\eScanBD Permissions=0 ShareName=escanavx$ Type=0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProcObsrvesx]
"ImagePath"="\??\C:\PROGRA~2\eScan\ProcObsrvesx.sys"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\DOWNLOAD.EXE]
"Path"="C:\Program Files (x86)\eScan\DOWNLOAD.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\eFlash.EXE]
"Path"="C:\Program Files (x86)\eScan\eFlash.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\escanmon.exe]
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\escanmon.exe]
"Path"="C:\Program Files (x86)\eScan\Vista\escanmon.exe"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\escanpro.exe]
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\escanpro.exe]
"Path"="C:\Program Files (x86)\eScan\escanpro.exe"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\FRIGHTS.EXE]
"Path"="C:\Program Files (x86)\eScan\FRIGHTS.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\LICENSE.EXE]
"Path"="C:\Program Files (x86)\eScan\LICENSE.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliPoint\AppSpecific\TRAYICOS.EXE]
"Path"="C:\Program Files (x86)\eScan\TRAYICOS.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\DOWNLOAD.EXE]
"Path"="C:\Program Files (x86)\eScan\DOWNLOAD.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\eFlash.EXE]
"Path"="C:\Program Files (x86)\eScan\eFlash.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\escanmon.exe]
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\escanmon.exe]
"Path"="C:\Program Files (x86)\eScan\Vista\escanmon.exe"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\escanpro.exe]
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\escanpro.exe]
"Path"="C:\Program Files (x86)\eScan\escanpro.exe"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\FRIGHTS.EXE]
"Path"="C:\Program Files (x86)\eScan\FRIGHTS.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\LICENSE.EXE]
"Path"="C:\Program Files (x86)\eScan\LICENSE.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\IntelliType Pro\AppSpecific\TRAYICOS.EXE]
"Path"="C:\Program Files (x86)\eScan\TRAYICOS.EXE"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"Killer"="C:\Program Files (x86)\eScan\is-V7ALS.tmp"

Searching for "MicroWorld"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"b"="C:\Users\Krzysztof\AppData\Roaming\MicroWorld\1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url1"="C:\Users\Krzysztof\AppData\Roaming\MicroWorld"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer\Shares]
"escanavx$"="CSCFlags=0 MaxUses=4294967295 Path=C:\ProgramData\MicroWorld\eScanBD Permissions=0 ShareName=escanavx$ Type=0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\LanmanServer\Shares]
"escanavx$"="CSCFlags=0 MaxUses=4294967295 Path=C:\ProgramData\MicroWorld\eScanBD Permissions=0 ShareName=escanavx$ Type=0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares]
"escanavx$"="CSCFlags=0 MaxUses=4294967295 Path=C:\ProgramData\MicroWorld\eScanBD Permissions=0 ShareName=escanavx$ Type=0"
[HKEY_USERS\.DEFAULT\Software\MicroWorld]
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"b"="C:\Users\Krzysztof\AppData\Roaming\MicroWorld\1"
[HKEY_USERS\S-1-5-21-3549533353-104778185-2176030813-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url1"="C:\Users\Krzysztof\AppData\Roaming\MicroWorld"
[HKEY_USERS\S-1-5-18\Software\MicroWorld]

-= EOF =-