Ratunku! mam problemy z trojanamii!! Avast cały czas wykrywa jakies konie 23exhm.exe, 48exinjs.txt itd. nie wiem co mam robić bo one cały czas wyskakuja i róznia sie tylko liczba przed exhm. Proszę o pomoc.
Pozdrawiam, Wróg Wirusów
Ratunku! mam problemy z trojanamii!! Avast cały czas wykrywa jakies konie 23exhm.exe, 48exinjs.txt itd. nie wiem co mam robić bo one cały czas wyskakuja i róznia sie tylko liczba przed exhm. Proszę o pomoc.
Pozdrawiam, Wróg Wirusów
“Piotrek” - 2007-06-07 0:29:01 Dodatek Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: “C:\Documents and Settings\Piotrek\Pulpit”
((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-06 )))))))))))))))))))))))))))))))
2007-06-07 00:21 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 16:33 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-06-03 16:33 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-03 16:32 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-24 07:32
2007-05-24 07:32
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-06 22:30:35 -------- d-----w C:\DOCUME~1\Piotrek\DANEAP~1\Skype
2007-06-03 14:37:55 4,212 —h–w C:\WINDOWS\system32\zllictbl.dat
2007-05-24 15:52:25 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-06 17:21:58 -------- d-----w C:\DOCUME~1\Piotrek\DANEAP~1\Nokia Multimedia Player
2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 16:06:12 -------- d–h--w C:\Program Files\InstallShield Installation Information
2007-03-25 08:28:12 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-03-25 08:28:12 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2001-10-26 15:45:30 94,832 --sh–w C:\WINDOWS\twain.dll
2004-08-03 22:44:14 50,688 --sh–w C:\WINDOWS\twain_32.dll
2004-08-03 22:44:02 1,028,096 --sh–w C:\WINDOWS\system32\mfc42.dll
2004-08-03 22:44:06 54,784 --sh–w C:\WINDOWS\system32\msvcirt.dll
2004-08-03 22:44:06 413,696 --sh–w C:\WINDOWS\system32\msvcp60.dll
2004-08-03 22:44:06 343,040 --sh–w C:\WINDOWS\system32\msvcrt.dll
2004-08-03 22:44:08 553,472 --sh–w C:\WINDOWS\system32\oleaut32.dll
2004-08-03 22:44:08 83,456 --sh–w C:\WINDOWS\system32\olepro32.dll
2004-08-03 22:44:28 12,288 --sh–w C:\WINDOWS\system32\regsvr32.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-11-22 14:46]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 13:02]
{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}=C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll [2006-11-06 11:22]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2006-10-12 11:38]
{b5146c40-189a-4311-bda9-fbae3e023187}=C:\Program Files\Multi_Media\tbMult.dll [2007-03-07 12:01]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“nwiz”=“nwiz.exe” [2004-05-05 16:34 C:\WINDOWS\system32\nwiz.exe]
“SoundMan”=“SOUNDMAN.EXE” [2004-07-01 12:23 C:\WINDOWS\SOUNDMAN.EXE]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42]
“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-03-24 12:41]
“Ad-aware”=“C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe” [2003-07-12 21:00]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-01-15 18:28]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03]
“QuickTime Task”=“C:\program files\camedia\qttask.exe” [2005-08-31 23:01]
“Adobe Photo Downloader”=“D:\photoshop\3.0\Apps\apdproxy.exe” [2005-06-06 23:46]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-01-06 19:22]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 00:00]
“WinampAgent”=“D:\Winamp\winampa.exe” [2006-05-25 19:35]
“CloneCDTray”=“D:\CloneCD\CloneCDTray.exe” [2004-09-02 23:57]
“UserFaultCheck”="%systemroot%\system32\dumprep 0 -u" []
“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2005-12-21 11:00]
“@”="" []
“HPUsageTracking”=“C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe” [2006-06-09 12:23]
“DataLayer”=“C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [2005-06-07 12:31]
“PCSuiteTrayApplication”=“D:\PCSuite\Nokia PC Suite 6\LaunchApplication.exe” [2005-06-29 16:29]
“ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-03-09 01:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2005-10-24 20:37]
“Creative Detector”=“C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” [2004-12-02 19:23]
“Gadu-Gadu”=“D:\Gadu-Gadu 7.5\Gadu-Gadu\gg.exe” [2006-09-14 17:49]
“PcSync”=“D:\PCSuite\Nokia PC Suite 6\PcSync2.exe” [2005-06-24 15:08]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-07 00:31:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HPUsageTracking = C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe “C:\Program Files\Hewlett-Packard\HP UT”???
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = “C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R???l??|q??|???|???|???$???|???|x??|???|p??|???m??|???|???|???w ??w6???s???<???rl?wUV?w???|?k?w
scanning hidden files …
**************************************************************************
Completion time: 2007-06-07 0:33:06
C:\ComboFix-quarantined-files.txt … 2007-06-07 00:32
— E O F —
Złączono Posta : 07.06.2007 (Czw) 10:41
cop dalej z tym logiem??
Korzystając z apletu Dodaj/usuń programy odinstaluj Multi_Media.
Uruchom system w trybie awaryjnym i usuń z dysku ręcznie katalog C:\Program Files** Multi_Media**
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Po wykonaniu wklej log z SilentRunners.
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“Creative Detector” = ““C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R” [“Creative Technology Ltd”]
“Gadu-Gadu” = ““D:\Gadu-Gadu 7.5\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z o.o.”]
“PcSync” = “D:\PCSuite\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Ahead Software AG”]
“Ad-aware” = ““C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe” +c” [“Lavasoft Sweden”]
“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“QuickTime Task” = ““C:\program files\camedia\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“Adobe Photo Downloader” = ““D:\photoshop\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]
“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]
“DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“WinampAgent” = “D:\Winamp\winampa.exe” [null data]
“CloneCDTray” = ““D:\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]
“UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u”
“OrderReminder” = “C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [“Hewlett-Packard”]
“(Default)” = “(empty string)” [file not found]
“HPUsageTracking” = “C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe “C:\Program Files\Hewlett-Packard\HP UT”” [null data]
“DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”]
“PCSuiteTrayApplication” = “D:\PCSuite\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”]
“ZoneAlarm Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Zone Labs, LLC”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}(Default) = “ShprRprts”
-> {HKLM…CLSID} = “ShprRprts”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”
-> {HKLM…CLSID} = “Desktop Explorer”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”
-> {HKLM…CLSID} = “nView Desktop Context Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS]
“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”
-> {HKLM…CLSID} = “Shell Extension for CDRW”
\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{0E40CBF0-0263-4AD4-A71B-11316667CBB7}” = “MuVo V200 Media Explorer”
-> {HKLM…CLSID} = “MuVo V200 Media Explorer”
\InProcServer32(Default) = “D:\creative\CTMvns.dll” [“Creative Technology Ltd”]
“{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D}” = “Sorcerer Shell Extension”
-> {HKLM…CLSID} = “Sorcerer Shell Extension”
\InProcServer32(Default) = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005SX.DLL” [“Software 2000 Limited”]
“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser”
-> {HKLM…CLSID} = “Nokia Phone Browser”
\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]
“{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View”
-> {HKLM…CLSID} = “Contact View”
\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\ContactView.dll” [“Nokia”]
“{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View”
-> {HKLM…CLSID} = “Message View”
\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\MessageView.dll” [“Nokia”]
“{D9872D13-7651-4471-9EEE-F0A00218BEBB}” = “Multiscan”
-> {HKLM…CLSID} = “ZLAVShExt Class”
\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}”
-> {HKLM…CLSID} = “ZLAVShExt Class”
\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}”
-> {HKLM…CLSID} = “ZLAVShExt Class”
\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Startup items in “Piotrek” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]
“Witryna internetowa myPrintMileage” -> shortcut to: “C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe” [null data]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}(Default) = (no title provided)
-> {HKLM…CLSID} = “ShopperReports”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{946B3E9E-E21A-49C8-9F63-900533FAFE14}\
“ButtonText” = “ShopperReports - Compare product prices”
“CLSIDExtension” = “{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}”
-> {HKLM…CLSID} = “IEButton”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
{946B3E9E-E21A-49C8-9F63-900533FAFE15}\
“ButtonText” = “ShopperReports - Compare travel rates”
“CLSIDExtension” = “{454b4812-e572-4703-a1bb-63490809eac0}”
-> {HKLM…CLSID} = “IEButtonA”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data]
avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data]
avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]
Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”]
InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [null data]
TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP LaserJet M1005 Language Monitor\Driver = “HP1005LM.DLL” [“Software 2000 Limited”]
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
took 169 seconds.
---------- (total run time: 229 seconds)
Złączono Posta : 07.06.2007 (Czw) 13:58
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”]
“Creative Detector” = ““C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R” [“Creative Technology Ltd”]
“Gadu-Gadu” = ““D:\Gadu-Gadu 7.5\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z o.o.”]
“PcSync” = “D:\PCSuite\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]
“SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”]
“RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”]
“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Ahead Software AG”]
“Ad-aware” = ““C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe” +c” [“Lavasoft Sweden”]
“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data]
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”]
“QuickTime Task” = ““C:\program files\camedia\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“Adobe Photo Downloader” = ““D:\photoshop\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”]
“TkBellExe” = ““C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot” [“RealNetworks, Inc.”]
“DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”]
“WinampAgent” = “D:\Winamp\winampa.exe” [null data]
“CloneCDTray” = ““D:\CloneCD\CloneCDTray.exe” /s” [“SlySoft, Inc.”]
“UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u”
“OrderReminder” = “C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [“Hewlett-Packard”]
“(Default)” = “(empty string)” [file not found]
“HPUsageTracking” = “C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe “C:\Program Files\Hewlett-Packard\HP UT”” [null data]
“DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”]
“PCSuiteTrayApplication” = “D:\PCSuite\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”]
“ZoneAlarm Client” = ““C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”” [“Zone Labs, LLC”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar Helper”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx” [empty string]
{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}(Default) = “ShprRprts”
-> {HKLM…CLSID} = “ShprRprts”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”]
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”]
“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”
-> {HKLM…CLSID} = “Desktop Explorer”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”
-> {HKLM…CLSID} = “nView Desktop Context Menu”
\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]
“{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler”
-> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook”
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL” [MS]
“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”
-> {HKLM…CLSID} = “Shell Extension for CDRW”
\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”]
“{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”
-> {HKLM…CLSID} = “Portable Media Devices Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS]
“{472083B0-C522-11CF-8763-00608CC02F24}” = “avast”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
“{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
“{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player”
-> {HKLM…CLSID} = “RealOne Player Context Menu Class”
\InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”]
“{0E40CBF0-0263-4AD4-A71B-11316667CBB7}” = “MuVo V200 Media Explorer”
-> {HKLM…CLSID} = “MuVo V200 Media Explorer”
\InProcServer32(Default) = “D:\creative\CTMvns.dll” [“Creative Technology Ltd”]
“{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D}” = “Sorcerer Shell Extension”
-> {HKLM…CLSID} = “Sorcerer Shell Extension”
\InProcServer32(Default) = “C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1005SX.DLL” [“Software 2000 Limited”]
“{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser”
-> {HKLM…CLSID} = “Nokia Phone Browser”
\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”]
“{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View”
-> {HKLM…CLSID} = “Contact View”
\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\ContactView.dll” [“Nokia”]
“{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View”
-> {HKLM…CLSID} = “Message View”
\InProcServer32(Default) = “D:\PCSuite\Nokia PC Suite 6\MessageView.dll” [“Nokia”]
“{D9872D13-7651-4471-9EEE-F0A00218BEBB}” = “Multiscan”
-> {HKLM…CLSID} = “ZLAVShExt Class”
\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}”
-> {HKLM…CLSID} = “ZLAVShExt Class”
\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”
-> {HKLM…CLSID} = “avast”
\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]
WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]
ZLAVShExt(Default) = “{D9872D13-7651-4471-9EEE-F0A00218BEBB}”
-> {HKLM…CLSID} = “ZLAVShExt Class”
\InProcServer32(Default) = “C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll” [“Zone Labs, LLC”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Piotrek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Startup items in “Piotrek” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS]
“Witryna internetowa myPrintMileage” -> shortcut to: “C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe” [null data]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}”
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided)
-> {HKLM…CLSID} = “Yahoo! Toolbar”
\InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar3.dll” [“Google Inc.”]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1}(Default) = (no title provided)
-> {HKLM…CLSID} = “ShopperReports”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
{946B3E9E-E21A-49C8-9F63-900533FAFE14}\
“ButtonText” = “ShopperReports - Compare product prices”
“CLSIDExtension” = “{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}”
-> {HKLM…CLSID} = “IEButton”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
{946B3E9E-E21A-49C8-9F63-900533FAFE15}\
“ButtonText” = “ShopperReports - Compare travel rates”
“CLSIDExtension” = “{454b4812-e572-4703-a1bb-63490809eac0}”
-> {HKLM…CLSID} = “IEButtonA”
\InProcServer32(Default) = “C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll” [“ShopperReports”]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
“ButtonText” = “Messenger”
“MenuText” = “Windows Messenger”
“Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data]
avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data]
avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]
avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]
Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”]
InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”]
NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”]
SecuROM User Access Service (V7), UserAccess7, “C:\WINDOWS\system32\UAService7.exe” [null data]
TrueVector Internet Monitor, vsmon, “C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service” [“Zone Labs, LLC”]
Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP LaserJet M1005 Language Monitor\Driver = “HP1005LM.DLL” [“Software 2000 Limited”]
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
took 169 seconds.
---------- (total run time: 229 seconds)
Usuń folder na czerwono w trybie awaryjnym.
Do notatnika wklej:
Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na
pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.
Podaj lokalizację (ścieżkę).
Wklej nowe logi.