wklejto.pl

Dodane przez: ~zyta_ (2008-09-14 11:52) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
Silent Runners.vbs\", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"AcroIEHlprObj Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\ActiveX\\AcroIEHelper.ocx\" [empty string]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\\(Default) = \"flashget urlcatch\"
  -> {HKLM...CLSID} = \"FGCatchUrl\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\FlashGet\\jccatch.dll\" [\"www.flashget.com\"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"SSVHelper Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
{E5A1691B-D188-4419-AD02-90002030B8EE}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"FlashFXP Helper for Internet Explorer\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\FlashFXP\\IEFlash.dll\" [\"IniCom Networks, Inc.\"]
{F156768E-81EF-470C-9057-481BA8380DBA}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"FlashGet GetFlash Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\FlashGet\\getflash.dll\" [\"www.flashget.com\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
\"{88895560-9AA2-1069-930E-00AA0030EBC8}\" = \"Rozszerzenie ikony HyperTerminalu\"
  -> {HKLM...CLSID} = \"HyperTerminal Icon Ext\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\hticons.dll\" [\"Hilgraeve, Inc.\"]
\"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}\" = \"History Band\"
  -> {HKLM...CLSID} = \"History Band\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\shdocvw.dll\" [MS]
\"{A70C977A-BF00-412C-90B7-034C51DA2439}\" = \"NvCpl DesktopContext Class\"
  -> {HKLM...CLSID} = \"DesktopContext Class\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvcpl.dll\" [\"NVIDIA Corporation\"]
\"{FFB699E0-306A-11d3-8BD1-00104B6F7516}\" = \"Play on my TV helper\"
  -> {HKLM...CLSID} = \"NVIDIA CPL Extension\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvcpl.dll\" [\"NVIDIA Corporation\"]
\"{1CDB2949-8F65-4355-8456-263E7C208A5D}\" = \"Desktop Explorer\"
  -> {HKLM...CLSID} = \"Desktop Explorer\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}\" = \"Desktop Explorer Menu\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}\" = \"nView Desktop Context Menu\"
  -> {HKLM...CLSID} = \"nView Desktop Context Menu\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\" = \"OpenOffice.org Column Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"\"C:\\Program Files\\OpenOffice.org 2.4\\program\\shlxthdl.dll\"\" [\"Sun Microsystems, Inc.\"]
\"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\" = \"OpenOffice.org Infotip Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"\"C:\\Program Files\\OpenOffice.org 2.4\\program\\shlxthdl.dll\"\" [\"Sun Microsystems, Inc.\"]
\"{63542C48-9552-494A-84F7-73AA6A7C99C1}\" = \"OpenOffice.org Property Sheet Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"\"C:\\Program Files\\OpenOffice.org 2.4\\program\\shlxthdl.dll\"\" [\"Sun Microsystems, Inc.\"]
\"{3B092F0C-7696-40E3-A80F-68D74DA84210}\" = \"OpenOffice.org Thumbnail Viewer\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"\"C:\\Program Files\\OpenOffice.org 2.4\\program\\shlxthdl.dll\"\" [\"Sun Microsystems, Inc.\"]
\"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\" = \"WinRAR shell extension\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad\\
\"WPDShServiceObj\" = \"{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\"
  -> {HKLM...CLSID} = \"WPDShServiceObj Class\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\WPDShServiceObj.dll\" [MS]
 
HKLM\\SOFTWA    RE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\
<<!>> \"Shell\" = \"explorer.exe \" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\
<<!>> dimsntfy\\DLLName = \"C:\\WINDOWS\\System32\\dimsntfy.dll\" [MS]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ColumnHandlers\\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\\(Default) = \"OpenOffice.org Column Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"\"C:\\Program Files\\OpenOffice.org 2.4\\program\\shlxthdl.dll\"\" [\"Sun Microsystems, Inc.\"]
 
HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
 
Default executables:
--------------------
 
<<!>> HKLM\\SOFTWARE\\Classes\\.com\\(Default) = \"ComFile\"
 
 
Group Policies {policy setting}:
--------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoSaveSettings\" = (REG_DWORD) dword:0x00000000
{Don\'t save settings at exit}
 
\"ClearRecentDocsOnExit\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoRemoteRecursiveEvents\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"ClearRecentDocsOnExit\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"HideLegacyLogonScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLogoffScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"RunLogonScriptSync\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"RunStartupScriptSync\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideStartupScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"shutdownwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
 
\"undockwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
 
\"DisableRegistryTools\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLegacyLogonScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLogoffScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"RunLogonScriptSync\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"RunStartupScriptSync\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideStartupScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\\Software\\Microsoft\\Internet Explorer\\Desktop\\General\\
\"Wallpaper\" = \"C:\\WINDOWS\\web\\wallpaper\\Idylla.bmp\"
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\\Control Panel\\Desktop\\
\"Wallpaper\" = \"C:\\WINDOWS\\web\\wallpaper\\Idylla.bmp\"
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\
 
MSWPDShellNamespaceHandler\\
\"Provider\" = \"@%SystemRoot%\\System32\\WPDShextRes.dll,-501\"
\"CLSID\" = \"{A55803CC-4D53-404c-8557-FD63DBA95D24}\"
\"InitCmdLine\" = \" \"
  -> {HKLM...CLSID} = \"WPDShextAutoplay\"
                   \\LocalServer32\\(Default) = \"C:\\WINDOWS\\system32\\WPDShextAutoplay.exe\" [MS]
 
WinampPlayMediaOnArrival\\
\"Provider\" = \"Winamp\"
\"InvokeProgID\" = \"Winamp.File\"
\"InvokeVerb\" = \"Play\"
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\command\\(Default) = \"\"C:\\Program Files\\Winamp\\winamp.exe\" \"%1\"\" [\"Nullsoft\"]
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\DropTarget\\CLSID = \"{46986115-84D6-459c-8F95-52DD653E532E}\"
  -> {HKLM...CLSID} = (no title provided)
                   \\LocalServer32\\(Default) = \"\"C:\\Program Files\\Winamp\\winamp.exe\"\" [\"Nullsoft\"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
 
Transport Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\\system32\\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\\system32\\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\\
\"MenuText\" = \"Sun Java Console\"
\"CLSIDExtension\" = \"{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\"
  -> {HKCU...CLSID} = \"Java Plug-in 1.6.0_07\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll\" [\"Sun Microsystems, Inc.\"]
  -> {HKLM...CLSID} = \"Java Plug-in 1.6.0_07\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\npjpi160_07.dll\" [\"Sun Microsystems, Inc.\"]
 
{85D1F590-48F4-11D9-9669-0800200C9A66}\\
\"MenuText\" = \"Uninstall BitDefender Online Scanner v8\"
 
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\\
\"ButtonText\" = \"FlashGet\"
\"MenuText\" = \"FlashGet\"
\"Exec\" = \"C:\\Program Files\\FlashGet\\FlashGet.exe\" [\"FlashGet.com\"]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\\
\"ButtonText\" = \"Messenger\"
\"MenuText\" = \"Windows Messenger\"
\"Exec\" = \"C:\\Program Files\\Messenger\\msmsgs.exe\" [MS]
 
 
HOSTS file
----------
 
C:\\WINDOWS\\System32\\drivers\\etc\\HOSTS
 
maps: 5 domain names to IP addresses,
      4 of the IP addresses are *not* localhost!
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
NVIDIA Display Driver Service, NVSvc, \"C:\\WINDOWS\\system32\\nvsvc32.exe\" [\"NVIDIA Corporation\"]
 
 
Print Monitors:
---------------
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors\\
EPSON Stylus DX4400 Series 32MonitorBE\\Driver = \"E_FLBCAE.DLL\" [\"SEIKO EPSON CORPORATION\"]
 
 
---------- (launch time: 2008-09-13 16:07:24)
<<!>>: Suspicious data at a malware launch point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer \"No\" at the
  first message box and \"Yes\" at the second message box.
---------- (total run time: 61 seconds, including 3 seconds for message boxes)
Wygenerowano w 0.091s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!