wklejto.pl

Dodane przez: ~Bzyku (2008-06-29 10:31) -> text
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
\"Silent Runners.vbs\", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by \"{++}\"
 
 
Startup items buried in registry:
---------------------------------
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"Gadu-Gadu\" = \"\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray\" [\"Gadu-Gadu S.A.\"]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ {++}
\"avgnt\" = \"\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min\" [\"Avira GmbH\"]
\"RTHDCPL\" = \"RTHDCPL.EXE\" [\"Realtek Semiconductor Corp.\"]
\"nwiz\" = \"nwiz.exe /install\" [\"NVIDIA Corporation\"]
\"NvMediaCenter\" = \"RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit\" [MS]
\"NvCplDaemon\" = \"RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup\" [MS]
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved\\
\"{42071714-76d4-11d1-8b24-00a0c9068ff3}\" = \"Rozszerzenie CPL kadrowania wyświetlania\"
  -> {HKLM...CLSID} = \"Rozszerzenie CPL kadrowania wyświetlania\"
                   \\InProcServer32\\(Default) = \"deskpan.dll\" [file not found]
\"{88895560-9AA2-1069-930E-00AA0030EBC8}\" = \"Rozszerzenie ikony HyperTerminalu\"
  -> {HKLM...CLSID} = \"HyperTerminal Icon Ext\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\hticons.dll\" [\"Hilgraeve, Inc.\"]
\"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\" = \"Shell Extension for Malware scanning\"
  -> {HKLM...CLSID} = \"Shell Extension for Malware scanning\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll\" [\"Avira GmbH\"]
\"{42042206-2D85-11D3-8CFF-005004838597}\" = \"Microsoft Office HTML Icon Handler\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\Microsoft Office\\Office10\\msohev.dll\" [MS]
\"{A70C977A-BF00-412C-90B7-034C51DA2439}\" = \"NvCpl DesktopContext Class\"
  -> {HKLM...CLSID} = \"DesktopContext Class\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvcpl.dll\" [\"NVIDIA Corporation\"]
\"{FFB699E0-306A-11d3-8BD1-00104B6F7516}\" = \"Play on my TV helper\"
  -> {HKLM...CLSID} = \"NVIDIA CPL Extension\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvcpl.dll\" [\"NVIDIA Corporation\"]
\"{1CDB2949-8F65-4355-8456-263E7C208A5D}\" = \"Desktop Explorer\"
  -> {HKLM...CLSID} = \"Desktop Explorer\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}\" = \"Desktop Explorer Menu\"
  -> {HKLM...CLSID} = (no title provided)
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}\" = \"nView Desktop Context Menu\"
  -> {HKLM...CLSID} = \"nView Desktop Context Menu\"
                   \\InProcServer32\\(Default) = \"C:\\WINDOWS\\system32\\nvshell.dll\" [\"NVIDIA Corporation\"]
\"{AD392E40-428C-459F-961E-9B147782D099}\" = \"UltraISO\"
  -> {HKLM...CLSID} = \"UIContextMenu Class\"
                   \\InProcServer32\\(Default) = \"D:\\Programy\\UltraISO\\isoshell.dll\" [\"EZB Systems, Inc.\"]
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\
<<!>> \"BootExecute\" = \"autocheck autochk *\"|\"lsdelete\" [null data]
 
HKLM\\SOFTWARE\\Classes\\*\\shellex\\ContextMenuHandlers\\
Shell Extension for Malware scanning\\(Default) = \"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\"
  -> {HKLM...CLSID} = \"Shell Extension for Malware scanning\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll\" [\"Avira GmbH\"]
 
HKLM\\SOFTWARE\\Classes\\Directory\\shellex\\ContextMenuHandlers\\
UltraISO\\(Default) = \"{AD392E40-428C-459F-961E-9B147782D099}\"
  -> {HKLM...CLSID} = \"UIContextMenu Class\"
                   \\InProcServer32\\(Default) = \"D:\\Programy\\UltraISO\\isoshell.dll\" [\"EZB Systems, Inc.\"]
 
HKLM\\SOFTWARE\\Classes\\Folder\\shellex\\ContextMenuHandlers\\
Shell Extension for Malware scanning\\(Default) = \"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}\"
  -> {HKLM...CLSID} = \"Shell Extension for Malware scanning\"
                   \\InProcServer32\\(Default) = \"C:\\Program Files\\AntiVir PersonalEdition Classic\\shlext.dll\" [\"Avira GmbH\"]
UltraISO\\(Default) = \"{AD392E40-428C-459F-961E-9B147782D099}\"
  -> {HKLM...CLSID} = \"UIContextMenu Class\"
                   \\InProcServer32\\(Default) = \"D:\\Programy\\UltraISO\\isoshell.dll\" [\"EZB Systems, Inc.\"]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\
 
\"NoDrives\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"HideLegacyLogonScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLogoffScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"RunLogonScriptSync\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"RunStartupScriptSync\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideStartupScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\
 
\"shutdownwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
 
\"undockwithoutlogon\" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
 
\"DisableRegistryTools\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLegacyLogonScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideLogoffScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"RunLogonScriptSync\" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
\"RunStartupScriptSync\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
\"HideStartupScripts\" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoplayHandlers\\Handlers\\
 
AlcoholAutoPlayV2.BurnDisc\\
\"Provider\" = \"Alcohol 120%\"
\"InvokeProgID\" = \"AlcoholAutoPlayV2\"
\"InvokeVerb\" = \"BurnDisc\"
HKLM\\SOFTWARE\\Classes\\AlcoholAutoPlayV2\\shell\\BurnDisc\\command\\(Default) = \"\"D:\\Programy\\Alkochol\\Alcohol 120\\Alcohol.exe\" %1\" [\"Alcohol Soft Development Team\"]
 
AlcoholAutoPlayV2.ReadDisc\\
\"Provider\" = \"Alcohol 120%\"
\"InvokeProgID\" = \"AlcoholAutoPlayV2\"
\"InvokeVerb\" = \"ReadDisc\"
HKLM\\SOFTWARE\\Classes\\AlcoholAutoPlayV2\\shell\\ReadDisc\\command\\(Default) = \"\"D:\\Programy\\Alkochol\\Alcohol 120\\Alcohol.exe\" %1\" [\"Alcohol Soft Development Team\"]
 
VLCPlayCDAudioOnArrival\\
\"Provider\" = \"VideoLAN VLC media player\"
\"InvokeProgID\" = \"VLC.CDAudio\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\VLC.CDAudio\\shell\\play\\command\\(Default) = \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe --started-from-file cdda:%1\" [\"VideoLAN Team\"]
 
VLCPlayDVDMovieOnArrival\\
\"Provider\" = \"VideoLAN VLC media player\"
\"InvokeProgID\" = \"VLC.DVDMovie\"
\"InvokeVerb\" = \"play\"
HKLM\\SOFTWARE\\Classes\\VLC.DVDMovie\\shell\\play\\command\\(Default) = \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe --started-from-file dvd:%1\" [\"VideoLAN Team\"]
 
WinampPlayMediaOnArrival\\
\"Provider\" = \"Winamp\"
\"InvokeProgID\" = \"Winamp.File\"
\"InvokeVerb\" = \"Play\"
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\command\\(Default) = \"\"D:\\Programy\\Winamp\\winamp.exe\" \"%1\"\" [\"Nullsoft\"]
HKLM\\SOFTWARE\\Classes\\Winamp.File\\shell\\Play\\DropTarget\\CLSID = \"{46986115-84D6-459c-8F95-52DD653E532E}\"
  -> {HKLM...CLSID} = (no title provided)
                   \\LocalServer32\\(Default) = \"\"D:\\Programy\\Winamp\\winamp.exe\"\" [\"Nullsoft\"]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\ {++}
000000000001\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
000000000002\\LibraryPath = \"%SystemRoot%\\System32\\winrnr.dll\" [MS]
000000000003\\LibraryPath = \"%SystemRoot%\\System32\\mswsock.dll\" [MS]
 
Transport Service Providers
 
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Winsock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\ {++}
0000000000##\\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\\system32\\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\\system32\\rsvpsp.dll [MS], 04 - 05
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Extensions\\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\\
\"ButtonText\" = \"Messenger\"
\"MenuText\" = \"Windows Messenger\"
\"Exec\" = \"C:\\Program Files\\Messenger\\msmsgs.exe\" [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
AntiVir PersonalEdition Classic Guard, AntiVirService, \"C:\\Program Files\\AntiVir PersonalEdition Classic\\avguard.exe\" [\"Avira GmbH\"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, \"C:\\Program Files\\AntiVir PersonalEdition Classic\\sched.exe\" [\"Avira GmbH\"]
Firebird Guardian - DefaultInstance, FirebirdGuardianDefaultInstance, \"C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbguard.exe -s\" [\"FirebirdSQL Project\"]
Firebird Server - DefaultInstance, FirebirdServerDefaultInstance, \"C:\\Program Files\\Firebird\\Firebird_2_0\\bin\\fbserver.exe -s\" [\"FirebirdSQL Project\"]
Lavasoft Ad-Aware Service, aawservice, \"\"C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe\"\" [\"Lavasoft\"]
NVIDIA Display Driver Service, NVSvc, \"C:\\WINDOWS\\system32\\nvsvc32.exe\" [\"NVIDIA Corporation\"]
PnkBstrA, PnkBstrA, \"C:\\WINDOWS\\system32\\PnkBstrA.exe\" [null data]
Windows User Mode Driver Framework, UMWdf, \"C:\\WINDOWS\\system32\\wdfmgr.exe\" [MS]
 
 
Print Monitors:
---------------
 
HKLM\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors\\
EPSON Stylus D68 Series 2KMonitor5E\\Driver = \"E_FLMAAE.DLL\" [\"SEIKO EPSON CORPORATION\"]
 
 
---------- (launch time: 2008-06-29 10:34:01)
<<!>>: Suspicious data at a malware launch point.
 
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer \"No\" at the
  first message box and \"Yes\" at the second message box.
---------- (total run time: 14 seconds, including 4 seconds for message boxes)
 
Wygenerowano w 0.079s, przy pomocy GeSHi 1.0.8
'
Podziel się na Facebook Podziel się na BLIP Podziel się na Twitter Podziel się na Buzz Podziel się na Flaker Dodaj zakładkę Google Podziel się na Delicious Wykop to!

Nowy Komentarz:

Komentarze:

Brak Komentarzy!