Cześć
Ostatnio trochę wczytywanie stron zamuliło,no i nie działa panel sterowania,jak i windows update.Gdy próbuję otworzyć panel sterowania wyskakuje samo puste okienko.Gdy klikam na windows update,nic się nie dzieje.Proszę o pomoc.
“Silent Runners.vbs”, revision 59, http://www.silentrunners.org/
Operating System: Windows Vista
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“NvCplDaemon” = “RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup” [MS]
“COMODO SafeSurf” = ““C:\Program Files\Comodo\SafeSurf\cssurf.exe” -s” [“COMODO”]
“COMODO Internet Security” = ““C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h” [“COMODO”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”
-> {HKLM…CLSID} = “DesktopContext Class”
\InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”
-> {HKLM…CLSID} = “NVIDIA CPL Extension”
\InProcServer32(Default) = “C:\Windows\system32\nvcpl.dll” [“NVIDIA Corporation”]
“{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL” [MS]
“{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”
-> {HKLM…CLSID} = “Microsoft Office Metadata Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
“{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”
-> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS]
“{4255A182-CAD9-4214-A19B-7BA7FB633BBD}” = “Comodo Antivirus”
-> {HKLM…CLSID} = “Comodo AntiVirus”
\InProcServer32(Default) = “C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll” [null data]
“{85D26561-0241-4BE2-A8DF-8F921A0EF948}” = “a-squared Free Shell Extension x64”
-> {HKLM…CLSID} = “a-squared Free Shell Extension x64”
\InProcServer32(Default) = “C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll” [“Emsi Software GmbH”]
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<> “BootExecute” = “PDBoot.exe” [“Raxco Software, Inc.”]|“autocheck autochk *”
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}”
-> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter”
\InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
Comodo Antivirus(Default) = “{4255A182-CAD9-4214-A19B-7BA7FB633BBD}”
-> {HKLM…CLSID} = “Comodo AntiVirus”
\InProcServer32(Default) = “C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll” [null data]
WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
a-squared Free Shell Extension x64(Default) = “{85D26561-0241-4BE2-A8DF-8F921A0EF948}”
-> {HKLM…CLSID} = “a-squared Free Shell Extension x64”
\InProcServer32(Default) = “C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll” [“Emsi Software GmbH”]
Comodo Antivirus(Default) = “{4255A182-CAD9-4214-A19B-7BA7FB633BBD}”
-> {HKLM…CLSID} = “Comodo AntiVirus”
\InProcServer32(Default) = “C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll” [null data]
WinRAR(Default) = “{B41DB860-64E4-11D2-9906-E49FADC173CA}”
-> {HKLM…CLSID} = “WinRAR”
\InProcServer32(Default) = “C:\Program Files (x86)\WinRAR\rarext64.dll” [null data]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
a-squared Free Shell Extension x64(Default) = “{85D26561-0241-4BE2-A8DF-8F921A0EF948}”
-> {HKLM…CLSID} = “a-squared Free Shell Extension x64”
\InProcServer32(Default) = “C:\Program Files (x86)\a-squared Free\a2freecontmenu64.dll” [“Emsi Software GmbH”]
Default executables:
HKLM\SOFTWARE\Classes.hta(Default) = “htafile”
<> HKLM\SOFTWARE\Classes\htafile\shell\open\command(Default) = “C:\Windows\SysWOW64\mshta.exe “%1” %*” [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“DisableThumbnails” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
“NoActiveDesktop” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“NoActiveDesktopChanges” = (REG_DWORD) dword:0x00000001
{unrecognized setting}
“ForceActiveDesktopOn” = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“DisableRegistryTools” = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKCU\Software\Policies\Microsoft\Windows\System\
“DisableCMD” = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to the command prompt}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“ConsentPromptBehaviorAdmin” = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}
“ConsentPromptBehaviorUser” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}
“EnableInstallerDetection” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}
“EnableLUA” = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}
“EnableSecureUIAPaths” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}
“EnableVirtualization” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}
“PromptOnSecureDesktop” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
“FilterAdministratorToken” = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}
“EnableUIADesktopToggle” = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\Windows\system32\logon.scr” [MS]
Windows Portable Device AutoPlay Handlers
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
AlcoholAutoPlayV2.BurnDisc\
“Provider” = “Alcohol 120%”
“InvokeProgID” = “AlcoholAutoPlayV2”
“InvokeVerb” = “BurnDisc”
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ““C:\Program Files (x86)\Alcohol Soft\Alcohol 120\alcohol_.exe” %1” [“Alcohol Soft Development Team”]
AlcoholAutoPlayV2.ReadDisc\
“Provider” = “Alcohol 120%”
“InvokeProgID” = “AlcoholAutoPlayV2”
“InvokeVerb” = “BurnDisc”
HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ““C:\Program Files (x86)\Alcohol Soft\Alcohol 120\alcohol_.exe” %1” [“Alcohol Soft Development Team”]
MSPlayCDAudioOnArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.AudioCD”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /device:AudioCD “%L”” [MS]
MSPlayDVDMovieOnArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.DVD”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:4 /device:DVD “%L”” [MS]
MSPlaySuperVideoCDMovieOnArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.VCD”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:4 /device:VCD “%L”” [MS]
MSPlayVideoCDMovieOnArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.VCD”
“InvokeVerb” = “play”
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:4 /device:VCD “%L”” [MS]
MSRipCDAudioOnArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.RipCD”
“InvokeVerb” = “Rip”
HKLM\SOFTWARE\Classes\WMP.RipCD\shell\Rip\Command(Default) = "“C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /RipAudioCD “%L” " [MS]
MSWMPBurnCDOnArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.BurnCD”
“InvokeVerb” = “Burn”
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /Task:CDWrite /Device:”%L" " [MS]
MSWMPBurnDataDVDArrival\
“Provider” = “@wmploc.dll,-6502”
“InvokeProgID” = “WMP.BurnDVD”
“InvokeVerb” = “Burn”
HKLM\SOFTWARE\Classes\WMP.BurnDVD\shell\Burn\Command(Default) = ““C:\Program Files (x86)\Windows Media Player\wmplayer.exe” /prefetch:3 /Task:DVDWrite /Device:”%L" " [MS]
NeroAutoPlay7AudioToNeroDigital\
“Provider” = “Nero Burning ROM”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “AudioToNeroDigital_PlayCDAudioOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L” [“Nero AG”]
NeroAutoPlay7CDAudio\
“Provider” = “Nero Express”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “CDAudio_HandleCDBurningOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:AudioCD” [“Nero AG”]
NeroAutoPlay7CopyCD\
“Provider” = “Nero Burning ROM”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “CopyCD_PlayMusicFilesOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L” [“Nero AG”]
NeroAutoPlay7DataDisc\
“Provider” = “Nero Express”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “DataDisc_HandleCDBurningOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe -w /New:ISODisc” [“Nero AG”]
NeroAutoPlay7LaunchNeroStartSmart\
“Provider” = “Nero StartSmart”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “LaunchNeroStartSmart_HandleCDBurningOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay” [“Nero AG”]
NeroAutoPlay7PlayAudioCD\
“Provider” = “Nero ShowTime”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “PlayAudioCD_PlayMusicFilesOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L” [“Nero AG”]
NeroAutoPlay7PlayDVD\
“Provider” = “Nero ShowTime”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “PlayDVD_PlayVideoFilesOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L” [“Nero AG”]
NeroAutoPlay7RipCD\
“Provider” = “Nero Burning ROM”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “RipCD_PlayCDAudioOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L” [“Nero AG”]
NeroAutoPlay7TranscodeVideo\
“Provider” = “Nero Recode”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “TranscodeVideo_PlayDVDMovieOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo” [“Nero AG”]
NeroAutoPlay7VideoCapture\
“Provider” = “Nero Vision”
“ProgID” = “Shell.HWEventHandlerShellExecute”
“InitCmdLine” = ““C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe” /New:VideoCapture”
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}”
-> {HKLM…CLSID} = “Shell Execute Hardware Event Handler”
\LocalServer32(Default) = “C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS]
NeroAutoPlay7ViewPhotos\
“Provider” = “Nero PhotoSnap Viewer”
“InvokeProgID” = “Nero.AutoPlay7”
“InvokeVerb” = “ViewPhotos_ShowPicturesOnArrival”
HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command(Default) = “C:\Program Files (x86)\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /” [“Nero AG”]
WIA_{72D4AB6D-7603-48DE-97C6-9B78AE78182E}\
“Provider” = “Microsoft Office Publisher”
“CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”
“InitCmdLine” = “/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_STI /StiDevice:%1 /StiEvent:%2;”
-> {HKLM…CLSID} = “WPDShextAutoplay”
\LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS]
WIA_{C127208D-2367-4116-B14D-7761E1C14986}\
“Provider” = “Microsoft Office Publisher”
“CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”
“InitCmdLine” = “/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE /IMG_WIA;”
-> {HKLM…CLSID} = “WPDShextAutoplay”
\LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS]
WIA_{EB2D27F5-BBA0-4E65-ADC9-0426417F30B0}\
“Provider” = “Microsoft Office Word”
“CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”
“InitCmdLine” = “/WiaCmd;C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE /IMG_WIA;”
-> {HKLM…CLSID} = “WPDShextAutoplay”
\LocalServer32(Default) = “C:\Windows\system32\WPDShextAutoplay.exe” [MS]
Non-disabled Scheduled Tasks:
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
“AD RMS Rights Policy Template Management (Manual)” -> launches: “{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}”
-> {HKLM…CLSID} = “AD RMS Rights Policy Template Management (Manual) Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\msdrm.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
“UninstallDeviceTask” -> launches: “BthUdTask.exe $(Arg0)” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
“SystemTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
“UserTask” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
“UserTask-Roam” -> launches: “{58fb76b9-ac85-4e55-ac04-427593b1d060}”
-> {HKLM…CLSID} = “Certificate Services Client Task Handler”
\InProcServer32(Default) = “C:\Windows\system32\dimsjob.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
“Consolidator” -> launches: “%SystemRoot%\System32\wsqmcons.exe” [MS]
“OptinNotification” -> launches: “%SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
“ScheduledDefrag” -> launches: “%windir%\system32\defrag.exe -c -i” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
“Microsoft-Windows-DiskDiagnosticDataCollector” -> (HIDDEN!) launches: “%windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
“ehDRMInit” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DRMInit” [MS]
“mcupdate” -> launches: “%SystemRoot%\ehome\mcupdate $(Arg0) -gc” [MS]
“OCURActivate” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate” [MS]
“OCURDiscovery” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery” [MS]
“UpdateRecordPath” -> launches: “%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
“HotStart” -> launches: “{06DA0625-9701-43da-BFD7-FBEEA2180A1E}”
-> {HKLM…CLSID} = “HotStart User Agent”
\InProcServer32(Default) = “C:\Windows\System32\HotStartUserAgent.dll” [MS]
“TMM” -> launches: “{35EF4182-F900-4632-B072-8639E4478A61}”
-> {HKLM…CLSID} = “Transient Multi-Monitor Manager”
\InProcServer32(Default) = “C:\Windows\System32\TMM.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
“LPRemove” -> launches: “%windir%\system32\lpremove.exe” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
“SystemSoundsService” -> launches: “{2DEA658F-54C1-4227-AF9B-260AB5FC3543}”
-> {HKLM…CLSID} = “Microsoft PlaySoundService Class”
\InProcServer32(Default) = “C:\Windows\System32\PlaySndSrv.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
“NAPStatus UI” -> launches: “{f09878a1-4652-4292-aa63-8c7d4fd7648f}”
-> {HKLM…CLSID} = “Nap ITask Handler Implementation”
\InProcServer32(Default) = “C:\Windows\System32\QAgent.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
“ConvertLogEntries” -> (HIDDEN!) launches: “%windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
“RACAgent” -> (HIDDEN!) launches: “%windir%\system32\RacAgent.exe” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
“RemoteAssistanceTask” -> (HIDDEN!) launches: “%windir%\system32\RAServer.exe /offerraupdate” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
“CrawlStartPages” -> launches: “{51653423-e62d-4ff7-894a-dabb2b8e21e2}”
-> {HKLM…CLSID} = “CrawlStartPages Task Handler”
\InProcServer32(Default) = “C:\Windows\System32\srchadmin.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
“GadgetManager” -> launches: “{FF87090D-4A9A-4f47-879B-29A80C355D61}”
-> {HKLM…CLSID} = “GadgetsManager Class”
\InProcServer32(Default) = “C:\Windows\System32\AuxiliaryDisplayServices.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
“SR” -> launches: “%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
“IpAddressConflict1” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem” [MS]
“IpAddressConflict2” -> launches: “rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
“MsCtfMonitor” -> (HIDDEN!) launches: “{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}”
-> {HKLM…CLSID} = “MsCtfMonitor task handler”
\InProcServer32(Default) = “C:\Windows\system32\MsCtfMonitor.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
“UPnPHostConfig” -> launches: “sc.exe config upnphost start= auto” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
“ResolutionHost” -> (HIDDEN!) launches: “{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}”
-> {HKLM…CLSID} = “DiagnosticInfrastructureCustomHandler”
\InProcServer32(Default) = “C:\Windows\System32\wdi.dll” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
“QueueReporting” -> launches: “%windir%\system32\wermgr.exe -queuereporting” [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wired
“GatherWiredInfo” -> launches: “%windir%\system32\gatherWiredInfo.vbs” [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Wireless
“GatherWirelessInfo” -> launches: “%windir%\system32\gatherWirelessInfo.vbs” [null data]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
“MP Scheduled Scan” -> (HIDDEN!) launches: “c:\program files\windows defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\system32\NLAapi.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\system32\napinsp.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\system32\pnrpnsp.dll” [MS]
000000000005\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000006\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 10
Running Services (Display Name, Service Name, Path {Service DLL}):
a-squared Free Service, a2free, ““C:\Program Files (x86)\a-squared Free\a2service.exe”” [“Emsi Software GmbH”]
COMODO Internet Security Helper Service, cmdAgent, ““C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe”” [“COMODO”]
PDAgent, PDAgent, ““C:\Program Files (x86)\Raxco\PerfectDisk\PDAgent.exe”” [“Raxco Software, Inc.”]
PDEngine, PDEngine, ““C:\Program Files (x86)\Raxco\PerfectDisk\PDEngine.exe”” [“Raxco Software, Inc.”]
StarWind AE Service, StarWindServiceAE, “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe” [“Rocket Division Software”]
Usługa Protokół SSTP, SstpSvc, “C:\Windows\system32\svchost.exe -k LocalService” {“C:\Windows\system32\sstpsvc.dll” [MS]}
Windows Driver Foundation — User-mode Driver Framework, wudfsvc, “C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted” {“C:\Windows\System32\WUDFSvc.dll” [MS]}
Windows Image Acquisition (WIA), stisvc, “C:\Windows\system32\svchost.exe -k imgsvc” {“C:\Windows\System32\wiaservc.dll” [MS]}
---------- (launch time: 2009-03-05 20:38:03)
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 105 seconds.
---------- (total run time: 142 seconds)
Dałbym jeszcze log z combofix’a ale wyskakuje błąd:
