wklejto.pl

Dodane przez: ~lord_daro (2009-03-11 18:10) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
266.
267.
268.
269.
270.
271.
\"Silent Runners.vbs\", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"CTFMON.EXE\" = \"C:\\WINDOWS\\system32\\ctfmon.exe\" [MS]
\"DAEMON Tools Lite\" = \"\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\"\" [\"DT Soft Ltd\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"AVG8_TRAY\" = \"C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe\" [\"AVG Technologies CZ, s.r.o.\"]
\"WheelMouse\" = \"C:\\Program Files\\A4Tech\\Mouse\\Amoumain.exe\" [\"A4Tech Co., Ltd.\"]
\"zBrowser Launcher\" = \"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\" [\"Logitech Inc.\"]
\"Share-to-Web Namespace Daemon\" = \"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\" [\"Hewlett-Packard\"]
\"HP Software Update\" = \"\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\"\" [\"Hewlett-Packard\"]
\"HP Component Manager\" = \"\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"\" [\"Hewlett-Packard Company\"]
\"HPDJ Taskbar Utility\" = \"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe\" [\"HP\"]
\"DeviceDiscovery\" = \"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe\" [\"Hewlett-Packard\"]
\"NvCplDaemon\" = \"RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup\" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\\(Default) = \"WormRadar.com IESiteBlocker.NavFilter\"
  -> {HKLM...CLSID} = \"AVG Safe Search\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG8\\avgssie.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
\"{42071714-76d4-11d1-8b24-00a0c9068ff3}\" = \"Rozszerzenie CPL kadrowania wyświetlania\"
  -> {HKLM...CLSID} = \"Rozszerzenie CPL kadrowania wyświetlania\"
                   \\InProcServer32\\(Default) = \"deskpan.dll\" [file not found]
\"{88895560-9AA2-1069-930E-00AA0030EBC8}\" = \"Rozszerzenie ikony HyperTerminalu\"
  -> {HKLM...CLSID} = \"HyperTerminal Icon Ext\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\hticons.dll\" [\"Hilgraeve, Inc.\"]
\"{A70C977A-BF00-412C-90B7-034C51DA2439}\" = \"NvCpl DesktopContext Class\"
  -> {HKLM...CLSID} = \"DesktopContext Class\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvcpl.dll\" [\"NVIDIA Corporation\"]
\"{FFB699E0-306A-11d3-8BD1-00104B6F7516}\" = \"Play on my TV helper\"
  -> {HKLM...CLSID} = \"NVIDIA CPL Extension\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvcpl.dll\" [\"NVIDIA Corporation\"]
\"{1CDB2949-8F65-4355-8456-263E7C208A5D}\" = \"Desktop Explorer\"
  -> {HKLM...CLSID} = \"Desktop Explorer\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}\" = \"Desktop Explorer Menu\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}\" = \"nView Desktop Context Menu\"
  -> {HKLM...CLSID} = \"nView Desktop Context Menu\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\" = \"AVG8 Shell Extension\"
  -> {HKLM...CLSID} = \"AVG8 Shell Extension Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG8\\avgse.dll\" [\"AVG Technologies CZ, s.r.o.\"]
\"{A4DF5659-0801-4A60-9607-1C48695EFDA9}\" = \"Folder przesyłania Share-to-Web\"
  -> {HKLM...CLSID} = \"Folder przesyłania Share-to-Web\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\HPGS2WNS.DLL\" [\"Hewlett-Packard\"]
\"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\" = \"WinRAR shell extension\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
\"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}\" = \"NeroCoverEd Live Icons\"
  -> {HKLM...CLSID} = \"NeroCoverEdLiveIcons Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Nero\\Nero8\\Nero CoverDesigner\\CoverEdExtension.dll\" [\"Nero AG\"]
\"{42042206-2D85-11D3-8CFF-005004838597}\" = \"Microsoft Office HTML Icon Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office12\\msohevi.dll\" [MS]
\"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\" = \"Microsoft Office Metadata Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Metadata Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
\"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}\" = \"Microsoft Office Thumbnail Handler\"
  -> {HKLM...CLSID} = \"Microsoft Office Thumbnail Handler\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\msoshext.dll\" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\
<<!>> avgrsstarter\\DLLName = \"avgrsstx.dll\" [\"AVG Technologies CZ, s.r.o.\"]
 
HKLM\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\
<<!>> text/xml\\CLSID = \"{807563E5-5146-11D5-A672-00B0D022E945}\"
  -> {HKLM...CLSID} = \"Microsoft Office InfoPath XML Mime Filter\"
                   \\InProcServer32\\(Default) = \"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL\" [MS]
 
HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\
AVG8 Shell Extension\\(Default) = \"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\"
  -> {HKLM...CLSID} = \"AVG8 Shell Extension Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG8\\avgse.dll\" [\"AVG Technologies CZ, s.r.o.\"]
Cover Designer\\(Default) = \"{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}\"
  -> {HKLM...CLSID} = \"NeroCoverEdContextMenu Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Nero\\Nero8\\Nero CoverDesigner\\CoverEdExtension.dll\" [\"Nero AG\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
AVG8 Shell Extension\\(Default) = \"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\"
  -> {HKLM...CLSID} = \"AVG8 Shell Extension Class\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AVG\\AVG8\\avgse.dll\" [\"AVG Technologies CZ, s.r.o.\"]
WinRAR\\(Default) = \"{B41DB860-8EE4-11D2-9906-E49FADC173CA}\"
  -> {HKLM...CLSID} = \"WinRAR\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\WinRAR\\rarext.dll\" [null data]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"shutdownwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
 
\"undockwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\\Software\\Microsoft\\Internet Explorer\\Desktop\\General\\
\"Wallpaper\" = \"C:\\WINDOWS\\web\\wallpaper\\Idylla.bmp\"
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\\Control Panel\\Desktop\\
\"Wallpaper\" = \"C:\\WINDOWS\\web\\wallpaper\\Idylla.bmp\"
 
 
Enabled Screen Saver:
---------------------
 
HKCU\\Control Panel\\Desktop\\
\"SCRNSAVE.EXE\" = \"C:\\WINDOWS\\system32\\logon.scr\" [MS]
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\
 
MPCPlayCDAudioOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayCDAudio\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayCDAudio\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1 /cd\" [\"Gabest\"]
 
MPCPlayDVDMovieOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayDVDMovie\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayDVDMovie\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1 /dvd\" [\"Gabest\"]
 
MPCPlayMusicFilesOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayMusicFiles\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayMusicFiles\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1\" [\"Gabest\"]
 
MPCPlayVideoFilesOnArrival\\
\"Provider\" = \"Media Player Classic\"
\"InvokeProgID\" = \"MediaPlayerClassic.Autorun\"
\"InvokeVerb\" = \"PlayVideoFiles\"
HKLM\\SOFTWARE\\Classes\\MediaPlayerClassic.Autorun\\shell\\PlayVideoFiles\\command\\(Default) = \"\"C:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe\" %1\" [\"Gabest\"]
 
MSPlayCDAudioOnArrival\\
\"Provider\" = \"ALLPlayer\"
\"InvokeProgID\" = \"AllPlayerFile\"
\"InvokeVerb\" = \"play\"
HKCU\\Software\\Classes\\AllPlayerFile\\shell\\play\\command\\(Default) = \"\"C:\\Program Files\\ALLPlayer\\ALLPlayer.exe\" \"%1\"\" [\"ALLPlayer\"]
 
WinampMTPHandler\\
\"Provider\" = \"Winamp\"
\"ProgID\" = \"Shell.HWEventHandlerShellExecute\"
\"InitCmdLine\" = \"C:\\Program Files\\Winamp\\winamp.exe\"
HKLM\\SOFTWARE\\Classes\\Shell.HWEventHandlerShellExecute\\CLSID\\(Default) = \"{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\"
  -> {HKLM...CLSID} = \"ShellExecute HW Event Handler\"
                   \\LocalServer32\\(Default) = \"rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}\" [MS]
 
WinampPlayMediaOnArrival\\
\"Provider\" = \"Winamp\"
\"InvokeProgID\" = \"Winamp.File\"
\"InvokeVerb\" = \"Play\"
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\command\\(Default) = \"\"C:\\Program Files\\Winamp\\winamp.exe\" \"%1\"\" [\"Nullsoft\"]
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\DropTarget\\CLSID = \"{46986115-84D6-459c-8F95-52DD653E532E}\"
  -> {HKLM...CLSID} = (no title provided)
                   \\LocalServer32\\(Default) = \"\"C:\\Program Files\\Winamp\\winamp.exe\"\" [\"Nullsoft\"]
 
 
Enabled Scheduled Tasks:
------------------------
 
\"AppleSoftwareUpdate\" -> launches: \"C:\\Program Files\\Apple Software Update\\SoftwareUpdate.exe -task\" [\"Apple Inc.\"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
 
Transport Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\\system32\\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\\system32\\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Explorer Bars
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Explorer Bars\\
 
HKLM\\SOFTWARE\\Classes\\CLSID\\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\\(Default) = \"&Poszukaj\"
Implemented Categories\\{00021493-0000-0000-C000-000000000046}\\ [vertical bar]
InProcServer32\\(Default) = \"C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL\" [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\\
\"ButtonText\" = \"Research\"
 
{E2E2DD38-D088-4134-82B7-F2BA38496583}\\
\"MenuText\" = \"@xpsp3res.dll,-20001\"
\"Exec\" = \"%windir%\\Network Diagnostic\\xpnetdiag.exe\" [MS]
 
{FB5F1910-F110-11D2-BB9E-00C04F795683}\\
\"ButtonText\" = \"Messenger\"
\"MenuText\" = \"Windows Messenger\"
\"Exec\" = \"C:\\Program Files\\Messenger\\msmsgs.exe\" [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
AVG Free8 E-mail Scanner, avg8emc, \"C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe\" [\"AVG Technologies CZ, s.r.o.\"]
AVG Free8 WatchDog, avg8wd, \"C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe\" [\"AVG Technologies CZ, s.r.o.\"]
 
 
Print Monitors:
---------------
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors\\
hpzsnt09\\Driver = \"hpzsnt09.dll\" [\"HP\"]
 
 
---------- (launch time: 2009-03-11 18:13:19)
<<!>>: Suspicious data at a malware launch point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 53 seconds.
---------- (total run time: 83 seconds)
 
Wygenerowano w 0.093s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!