Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

log z Silent Runners. Możecie go przeskanować?

06 Paź 2006 09:44 1233 1
  • Poziom 15  
    moglibyści przeskanować mi tego loga w pamięci?

    Cytat:

    "Silent Runners.vbs", revision 48, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "TorCP" = ""C:\Program Files\Tor\TorCP\torcp.exe"" [file not found]
    "Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" [null data]
    "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
    "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
    "AQQ" = "C:\PROGRA~1\Wapster\AQQ\AQQ.exe" [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [file not found]
    "Siemens SmartSync - ScheduleSync" = "C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" ["Siemens"]
    "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
    "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
    "LanguageShortcut" = ""C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    {AB41010D-4804-4793-A6A2-3B5EBE2348DD}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Little Fighter 2 Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll" [null data]
    {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
    -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\NVCPL.DLL" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{3E307794-57B9-473A-98CC-4A039255063F}" = "OpenOffice.org/ZipGenius Shell Extension"
    -> {HKLM...CLSID} = "Openoffice.org/ZipGenius 5 Zip Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\oodll.dll" [file not found]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
    "{D3796116-94D3-4009-96D7-51578411CC7D}" = "Outpost Shell Extension"
    -> {HKLM...CLSID} = "oshdlr.ShellHandler"
    \InProcServer32\(Default) = "C:\PROGRA~1\Agnitum\OUTPOS~1.0\oshdlr.dll" [file not found]
    "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"
    -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" [file not found]
    "{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
    -> {HKLM...CLSID} = "Siemens Device"
    \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]
    "{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
    -> {HKLM...CLSID} = "Siemens Device ContextMenuHandler"
    \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]
    "{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
    -> {HKLM...CLSID} = "Siemens Device PropertySheetHandler"
    \InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" [null data]
    "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"
    -> {HKLM...CLSID} = "My Phones"
    \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    INFECTION WARNING! winpfp32\DLLName = "winpfp32.dll" [file not found]
    INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {00020000-0000-1011-8004-0000C06B5161}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "WIBU-SYSTEMS Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
    -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" [file not found]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" [file not found]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


    Default executables:
    --------------------

    HKLM\Software\Classes\.exe\(Default) = "xefile"
    INFECTION WARNING! HKLM\Software\Classes\xefile\shell\open\command\(Default) = ""C:\WINDOWS\system32\Regsvr16.exe" "%1" %*" [null data]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


    Startup items in "pumpyjeje" & "All Users" startup folders:
    -----------------------------------------------------------

    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
    INFECTION WARNING! "Adobe Acrobat Speed Launcher.lnk.disabled" [null data]
    INFECTION WARNING! "Adobe Gamma Loader.lnk.disabled" [null data]
    INFECTION WARNING! "Kalendarz XP.lnk.disabled" [null data]
    INFECTION WARNING! "Microsoft Office.lnk.disabled" [null data]
    "Trend Micro Anti-Spyware" -> shortcut to: "C:\Program Files\Trend Micro\Tmas\Tmas.exe -autostart" ["Trend Micro Incorporated"]
    INFECTION WARNING! "Trend Micro Anti-Spyware.lnk.disabled" [null data]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    "{C11483F7-D7D8-4804-98D8-6055470BB989}"
    -> {HKLM...CLSID} = "Little Fighter 2 Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll" [null data]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
    "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
    "{C11483F7-D7D8-4804-98D8-6055470BB989}" = "Little Fighter 2 Toolbar"
    -> {HKLM...CLSID} = "Little Fighter 2 Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Little Fighter 2 Toolbar\v2.0.0.1\Little_Fighter_2_Toolbar.dll" [null data]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Shell Search Band"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Adobe PDF"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

    Dormant Explorer Bars in "View, Explorer Bar" menu

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {04849C74-016E-4A43-8AA5-1F01DE57F4A1}\
    "ButtonText" = "Trace"
    "MenuText" = "VisualRoute Trace"
    "CLSIDExtension" = "{8C85E2EE-9FD6-11D5-B770-504D54C10000}"
    -> {HKLM...CLSID} = "vrie"
    \InProcServer32\(Default) = "C:\Program Files\VisualRoute\vrie.dll" ["VisualWare"]

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Badanie"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\CyberLink\Shared files\RichVideo.exe"" [empty string]
    Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
    LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
    Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    NetOp Remote Print Port Monitor NT\Driver = "NRPMONNT.DLL" ["Danware Data A/S"]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 362 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 36 seconds.
    ---------- (total run time: 449 seconds)
  • Poziom 15  
    ok, pomyliłem fora - nikt tu sie nie zna na SIlent Runners
    Temat Zamykam