wklejto.pl

Dodane przez: ~orenz (2009-02-22 18:42) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
272.
273.
274.
275.
276.
277.
278.
279.
280.
281.
282.
283.
284.
285.
286.
287.
288.
289.
290.
291.
292.
293.
294.
295.
296.
297.
298.
299.
300.
301.
302.
303.
304.
305.
\"Silent Runners.vbs\", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"PC Suite Tray\" = \"\"D:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe\" -onlytray\" [\"Nokia\"]
\"SpybotSD TeaTimer\" = \"D:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\" [\"Safer Networking Limited\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"avgnt\" = \"\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min\" [\"Avira GmbH\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\\(Default) = \"AcroIEHelperStub\"
  -> {HKLM...CLSID} = \"Adobe PDF Link Helper\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll\" [\"Adobe Systems Incorporated\"]
{53707962-6F74-2D53-2644-206D7942484F}\\(Default) = (no title provided)
  -> {HKLM...CLSID} = \"Spybot-S&D IE Protection\"
                   \\InProcServer32\\(Default) = \"D:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll\" [\"Safer Networking Limited\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
\"{88895560-9AA2-1069-930E-00AA0030EBC8}\" = \"Rozszerzenie ikony HyperTerminalu\"
  -> {HKLM...CLSID} = \"HyperTerminal Icon Ext\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\hticons.dll\" [\"Hilgraeve, Inc.\"]
\"{3028902F-6374-48b2-8DC6-9725E775B926}\" = \"IE Microsoft AutoComplete\"
  -> {HKLM...CLSID} = \"IE Microsoft AutoComplete\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\browseui.dll\" [MS]
\"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}\" = \"History Band\"
  -> {HKLM...CLSID} = \"History Band\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\shdocvw.dll\" [MS]
\"{23170F69-40C1-278A-1000-000100020000}\" = \"7-Zip Shell Extension\"
  -> {HKLM...CLSID} = \"7-Zip Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\7-Zip\\7-zip.dll\" [\"Igor Pavlov\"]
\"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\" = \"Shell Extension for Malware scanning\"
  -> {HKLM...CLSID} = \"Shell Extension for Malware scanning\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\shlext.dll\" [\"Avira GmbH\"]
\"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}\" = \"Nokia Phone Browser\"
  -> {HKLM...CLSID} = \"Nokia Phone Browser\"
                   \\InProcServer32\\(Default) = \"D:\\Program Files\\Nokia\\Nokia PC Suite 7\\PhoneBrowser.dll\" [\"Nokia\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\
<<!>> AtiExtEvent\\DLLName = \"Ati2evxx.dll\" [\"ATI Technologies Inc.\"]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ColumnHandlers\\
{F9DB5320-233E-11D1-9F84-707F02C10627}\\(Default) = \"PDF Column Info\"
  -> {HKLM...CLSID} = \"PDF Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\PDFShell.dll\" [\"Adobe Systems, Inc.\"]
 
HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\
7-Zip\\(Default) = \"{23170F69-40C1-278A-1000-000100020000}\"
  -> {HKLM...CLSID} = \"7-Zip Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\7-Zip\\7-zip.dll\" [\"Igor Pavlov\"]
Shell Extension for Malware scanning\\(Default) = \"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\"
  -> {HKLM...CLSID} = \"Shell Extension for Malware scanning\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\shlext.dll\" [\"Avira GmbH\"]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
7-Zip\\(Default) = \"{23170F69-40C1-278A-1000-000100020000}\"
  -> {HKLM...CLSID} = \"7-Zip Shell Extension\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\7-Zip\\7-zip.dll\" [\"Igor Pavlov\"]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
Shell Extension for Malware scanning\\(Default) = \"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\"
  -> {HKLM...CLSID} = \"Shell Extension for Malware scanning\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\shlext.dll\" [\"Avira GmbH\"]
 
 
Default executables:
--------------------
 
<<!>> HKLM\\SOFTWARE\\Classes\\.com\\(Default) = \"ComFile\"
 
 
Group Policies {policy setting}:
--------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoSMBalloonTip\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoRecentDocsHistory\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"CDRAutoRun\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"NoLowDiskSpaceChecks\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"MemCheckBoxInRunDlg\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoAutoTrayNotify\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoResolveTrack\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoResolveSearch\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"LinkResolveIgnoreLinkInfo\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoStartBanner\" = (REG_BINARY) hex:00 00 00 00
{Remove \"Click here to begin\" from Start button}
 
\"NoWelcomeScreen\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoRecentDocsNetHood\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoDesktopCleanupWizard\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoSharedDocuments\" = (REG_DWORD) dword:0x00000000
{Remove Shared Documents from My Computer}
 
\"ForceClassicControlPanel\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoRemoteRecursiveEvents\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoStrCmpLogical\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions\\
 
\"NoUpdateCheck\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"shutdownwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
 
\"undockwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
 
\"SynchronousMachineGroupPolicy\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"SynchronousUserGroupPolicy\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"DisableRegistryTools\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\\Software\\Microsoft\\Internet Explorer\\Desktop\\General\\
\"Wallpaper\" = \"C:\\WINDOWS\\system32\\config\\systemprofile\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Wallpaper1.bmp\"
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\\Control Panel\\Desktop\\
\"Wallpaper\" = \"C:\\Documents and Settings\\Domek\\Ustawienia lokalne\\Dane aplikacji\\Microsoft\\Wallpaper1.bmp\"
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\
 
MPCPlayCDAudioOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayCDAudio\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayCDAudio\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1 /cd\" [\"mpc-hc@Sourceforge\"]
 
MPCPlayDVDMovieOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayDVDMovie\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayDVDMovie\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1 /dvd\" [\"mpc-hc@Sourceforge\"]
 
MPCPlayMusicFilesOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayMusicFiles\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayMusicFiles\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1\" [\"mpc-hc@Sourceforge\"]
 
MPCPlayVideoFilesOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayVideoFiles\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayVideoFiles\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1\" [\"mpc-hc@Sourceforge\"]
 
NMMPlayCDAudioOnArrival\\
\"Provider\" = \"Nokia Music Manager\"
\"InvokeProgID\" = \"NokiaMusicManager\"
\"InvokeVerb\" = \"NMMPlayCD\"
HKLM\\SOFTWARE\\Classes\\NokiaMusicManager\\shell\\NMMPlayCD\\command\\(Default) = \"D:\\Program Files\\Nokia\\Nokia PC Suite 7\\MusicManager.exe /playCD \"%L\"\" [\"Nokia\"]
 
NMMRipCDAudioOnArrival\\
\"Provider\" = \"Nokia Music Manager\"
\"InvokeProgID\" = \"NokiaMusicManager\"
\"InvokeVerb\" = \"NMMRipCD\"
HKLM\\SOFTWARE\\Classes\\NokiaMusicManager\\shell\\NMMRipCD\\command\\(Default) = \"D:\\Program Files\\Nokia\\Nokia PC Suite 7\\MusicManager.exe /ripCD \"%L\"\" [\"Nokia\"]
 
Picasa2ImportPicturesOnArrival\\
\"Provider\" = \"Picasa3\"
\"InvokeProgID\" = \"picasa2.autoplay\"
\"InvokeVerb\" = \"import\"
HKLM\\SOFTWARE\\Classes\\picasa2.autoplay\\shell\\import\\command\\(Default) = \"d:\\Program Files\\Google\\Picasa3\\Picasa3.exe \"%1\"\" [\"Google Inc.\"]
 
WinampMTPHandler\\
\"Provider\" = \"Winamp\"
\"ProgID\" = \"Shell.HWEventHandlerShellExecute\"
\"InitCmdLine\" = \"C:\\Program Files\\Winamp\\winamp.exe\"
HKLM\\SOFTWARE\\Classes\\Shell.HWEventHandlerShellExecute\\CLSID\\(Default) = \"{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\"
  -> {HKLM...CLSID} = \"ShellExecute HW Event Handler\"
                   \\LocalServer32\\(Default) = \"rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\" [MS]
 
WinampPlayMediaOnArrival\\
\"Provider\" = \"Winamp\"
\"InvokeProgID\" = \"Winamp.File\"
\"InvokeVerb\" = \"Play\"
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\command\\(Default) = \"\"C:\\Program Files\\Winamp\\winamp.exe\" \"%1\"\" [\"Nullsoft\"]
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\DropTarget\\CLSID = \"{46986115-84D6-459c-8F95-52DD653E532E}\"
  -> {HKLM...CLSID} = (no title provided)
                   \\LocalServer32\\(Default) = \"\"C:\\Program Files\\Winamp\\winamp.exe\"\" [\"Nullsoft\"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
 
Transport Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\\system32\\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\\system32\\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\\
\"MenuText\" = \"Spybot - Search & Destroy Configuration\"
\"CLSIDExtension\" = \"{53707962-6F74-2D53-2644-206D7942484F}\"
  -> {HKLM...CLSID} = \"Spybot-S&D IE Protection\"
                   \\InProcServer32\\(Default) = \"D:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll\" [\"Safer Networking Limited\"]
 
{E2E2DD38-D088-4134-82B7-F2BA38496583}\\
\"MenuText\" = \"@xpsp3res.dll,-20001\"
\"Exec\" = \"%windir%\\Network Diagnostic\\xpnetdiag.exe\" [MS]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\\
\"ButtonText\" = \"Messenger\"
\"MenuText\" = \"Windows Messenger\"
\"Exec\" = \"C:\\Program Files\\Messenger\\msmsgs.exe\" [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Ati HotKey Poller, Ati HotKey Poller, \"C:\\WINDOWS\\system32\\Ati2evxx.exe\" [\"ATI Technologies Inc.\"]
Avira AntiVir Personal - Free Antivirus Guard, AntiVirService, \"\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avguard.exe\"\" [\"Avira GmbH\"]
Avira AntiVir Personal - Free Antivirus Scheduler, AntiVirScheduler, \"\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe\"\" [\"Avira GmbH\"]
ServiceLayer, ServiceLayer, \"\"C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe\"\" [\"Nokia.\"]
Windows User Mode Driver Framework, UMWdf, \"C:\\WINDOWS\\system32\\wdfmgr.exe\" [MS]
 
 
---------- (launch time: 2009-02-22 18:46:40)
<<!>>: Suspicious data at a malware launch point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 43 seconds.
---------- (total run time: 113 seconds)
 
Wygenerowano w 0.094s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!