Prosze o sprawdzenie zeby miec pewnosc czy system jest ok

radeon · 28 Kwiecień 2007 15:31

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CursorXP” = ““C:\Program Files\CursorXP\CursorXP.exe” -s” [" "]

“Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”]

“SpybotSD TeaTimer” = “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [“Safer Networking Limited”]

“BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [“Free Peers, Inc.”]

“Dzieńdobry!” = “C:\Program Files\VSD Software\DzieńDobry!\dziendobry.exe /auto” [“VSD Software”]

“BearShare Accelerator” = ““C:\Program Files\BearShare\Bearshare Accelerator\Bearshare Accelerator.exe” -tray” [“BearshareAccelerator”]

“C:\Program Files\NetMeter\NetMeter.exe” = “C:\Program Files\NetMeter\NetMeter.exe” [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”]

“Odkurzacz-MCD” = “C:\Program Files\Odkurzacz 10.1 Pro\odk_mcd.exe” [“FranmoSoft”]

“SoundMan” = “soundman.exe” [“Avance Logic, Inc.”]

“NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”]

“InCD” = “C:\Program Files\Nero\Nero 7\InCD\InCD.exe” [“Nero AG”]

“NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“NvMediaCenter” = “RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” [MS]

“BearShare” = ““C:\Program Files\BearShare\BearShare.exe” /pause” [“Free Peers, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]

{A5366673-E8CA-11D3-9CD9-0090271D075B}(Default) = (no title provided)

-> {HKLM…CLSID} = “IeCatch2 Class”

\InProcServer32(Default) = “C:\PROGRA~1\FlashGet\jccatch.dll” [file not found]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM…CLSID} = “Google Toolbar Helper”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Eksplorator pulpitów”

-> {HKLM…CLSID} = “Eksplorator pulpitów”

\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

“{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “C:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook”

-> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook”

\InProcServer32(Default) = “C:\PROGRA~1\WIFD1F~1\MpShHook.dll” [MS]

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\

“load” = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

“AppInit_DLLs” = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

<> “System” = “kdvyj.exe” [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler”

-> {HKLM…CLSID} = “NeroDigitalColumnHandler Class”

\InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll” [“Nero AG”]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

EzCddax(Default) = “{46E22146-59C0-4136-9233-52E412E2B428}”

-> {HKLM…CLSID} = “EzCddax Class”

\InProcServer32(Default) = “C:\Program Files\Easy CD-DA Extractor 9\ezcddax9.dll” [null data]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}”

-> {HKLM…CLSID} = “avast”

\InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”]

WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

-> {HKLM…CLSID} = “WinRAR”

\InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“RestrictCpl” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DisallowCpl” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Control Panel|

Hide specified control panel applets / items}

“NoViewOnDrive” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“RestrictRun” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DisallowRun” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoRecycleFiles” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ForceRecycleBinSize” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoPropertiesMyDocuments” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoPropertiesRecycleBin” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoCustomizeWebView” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoCustomizeThisFolder” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoWebView” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DontShowSuperHidden” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoOnlinePrintsWizard” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoPublishingWizard” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHelp” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoStartMenuEjectPC” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDisconnect” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoNtSecurity” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“GreyMSIAds” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ForceMaxRecentDocs” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSMBalloonTip” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSMBalloonTips” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoTaskGrouping” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoWebServices” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFileUrl” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoRunasInstallPrompt” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“PromptRunasInstallNetPath” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

“NoDesktopCleanupWizard” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoThumbnailCache” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“StartRunNoHOMEPATH” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoBandCustomize” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|

Disable customizing browser toolbars}

“NoExpandedNewMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoToolbarCustomize” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|

Disable customizing browser toolbar buttons}

“NoChangeStartMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDevMgrUpdate” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoComputersNearMe” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoControlPanel” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoNetworkConnections” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Network Connections from Start Menu}

“NoSMHelp” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Help menu from Start Menu}

“NoSMMyDocs” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Documents menu from Start Menu}

“NoSMMyPictures” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove My Pictures icon from Start Menu}

“NoStartMenuMyMusic” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“StartMenuLogoff” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ForceStartMenuLogOff” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoChangeAnimation” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoChangeKeyboardNavigationIndicators” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDFSTab” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFileAssociate” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHardwareTab” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoInstrumentation” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoManageMyComputerVerb” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoRecentDocsNetHood” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoResolveTrack” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoShellSearchButton” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSMConfigurePrograms” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoPropertiesMyComputer” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“HideClock” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“LockTaskbar” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoCDBurning” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSecurityTab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Security tab}

“NoSharedDocuments” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}

“NoSimpleStartMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoStartMenuMFUprogramsList” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoStartMenuMorePrograms” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove All Programs list from the Start menu}

“NoStartMenuNetworkPlaces” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoStartMenuPinnedList” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoThemesTab” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoToolbarsOnTaskbar” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoTrayItemsDisplay” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Hide the notification area}

“NoUserNameInStartMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ForceCopyAclwithFile” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoNetConnectDisconnect” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoResolveSearch” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ClassicShell” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Enable Classic Shell / Turn on Classic Shell}

“ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“EnforceShellExtensionSecurity” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|

Enable Active Desktop}

“LinkResolveIgnoreLinkInfo” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoActiveDesktop” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|

Disable Active Desktop}

“NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|

Prohibit changes}

“NoAddPrinter” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoClose” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoCommonGroups” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDeletePrinter” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDesktop” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDrives” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFavoritesMenu” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Favorites menu from Start Menu}

“NoFileMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFind” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFolderOptions” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Removes the Folder Options menu item from the Tools menu}

“NoInternetIcon” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|

Hide Internet Explorer icon on desktop}

“NoLogOff” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|Logon/Logoff|

Disable Logoff}

“NoNetHood” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoRecentDocsMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoRecentDocsHistory” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoRun” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSaveSettings” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Desktop|

Don’t save settings at exit}

“NoSetFolders” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSetTaskbar” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Prevent changes to Taskbar and Start Menu Settings}

“NoStartBanner” = (REG_BINARY) hex:00 00 00 00

{Remove “Click here to begin” from Start button}

“NoStartMenuSubFolders” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoTrayContextMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoViewContextMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoWindowsUpdate” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove links and access to Windows Update}

“NoWinKeys” = (REG_DWORD) hex:0x00000000

{Disable Windows+X hotkeys}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

“NoActiveDesktopChanges” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoCDBurning” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoWelcomeScreen” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“DisableChangePassword” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DisableLockWorkstation” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DisableTaskMgr” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|

Remove Task Manager}

“HideLegacyLogonScripts” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“HideLogonScripts” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“HideLogoffScripts” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoColorChoice” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSizeChoice” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoVisualStyleChoice” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DisableRegistryTools” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

“NoDispAppearancePage” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispBackgroundPage” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Hide Desktop tab}

“NoDispCPL” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Control Panel|Display|

Remove Display in Control Panel}

“NoDispScrSavPage” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoDispSettingsPage” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

“CertifPub” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“IEAKContext” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Privacy Settings” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Accessibility” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Advanced” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable changing Advanced page settings}

“AdvancedTab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|

Disable the Advanced page}

“Autoconfig” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Cache” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“CalendarContact” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Certificates” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“CertifPers” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“CertifSite” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Check_If_Default” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Colors” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Connection Settings” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable changing connection settings}

“Connection Wizard” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ConnectionsTab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|

Disable the Connections page}

“Connwiz Admin Lock” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ContentTab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|

Disable the Content page}

“Fonts” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“FormSuggest” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“FormSuggest Passwords” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“GeneralTab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|

Disable the General page}

“History” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“HomePage” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable changing home page settings}

“Languages” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Links” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Messaging” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Privacytab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|

Disable the Privacy page}

“Profiles” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ProgramsTab” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Proxy” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable changing proxy settings}

“Ratings” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ResetWebSettings” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Disable the Reset Web Settings feature}

“SecAddSites” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“SecChangeSettings” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“SecurityTab” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel|

Disable the Security page}

“Settings” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Prevent the deletion of temporary Internet files and cookies}

“Wallet” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

“NoSplash” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSearchCustomization” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|

Search: Disable Search Customization}

“NoBrowserSaveWebComplete” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoAddingSubScriptions” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

“No_LaunchMediaBar” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“No_MediaBarOnlineContent” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“AlwaysPromptWhenDownload” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoBrowserBars” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoBrowserClose” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoBrowserContextMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoBrowserOptions” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus|

Tools menu: Disable Internet Options… menu option}

“NoBrowserSaveAs” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFavorites” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFileOpen” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFileNew” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoFindFiles” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHelpItemNetscapeHelp” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHelpItemSendFeedback” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHelpItemTipOfTheDay” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHelpMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoNavButtons” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoOpeninNewWnd” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoPrinting” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“RestGoMenu” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoSelectDownloadDir” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoTheaterMode” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoViewSource” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“NoHelpItemTutorial” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\

“Allow Browse” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Disable Advanced” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“DragAndDrop” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Execution” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Property Pages” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Task Creation” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“Task Deletion” = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|Windows Components|Task Scheduler|

Prohibit Task deletion}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

“undockwithoutlogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

“VerboseStatus” = (REG_DWORD) hex:0x00000001

{unrecognized setting}

“DisableTaskMgr” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“ShutdownWithoutLogon” = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

“HideShutdownScripts” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“HideStartupScripts” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“RunLogonScriptSync” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

“RunStartupScriptSync” = (REG_DWORD) hex:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

“Wallpaper” = “C:\Documents and Settings\Rako\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”

Enabled Screen Saver:

HKCU\Control Panel\Desktop\

“SCRNSAVE.EXE” = “C:\WINDOWS\system32\AVASTSS.scr” [“ALWIL Software”]

DESKTOP.INI DLL launch in local fixed drive directories:

C:\Documents and Settings\Marycha\Ustawienia lokalne\Historia\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Historia\History.IE5\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\4E4GWO46\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6MVITTPE\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CL012F8T\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CN9RA2F1\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\D7RJ9DGE\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\EJIVMTEV\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ELCJQ5I5\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\GG99QWOH\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ODUNSDA3\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OXEZ0XI3\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\QZAGRVHL\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\S1OFSZWN\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\SHUR0LIJ\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\UDT2BQLS\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\VQ0JB589\DESKTOP.INI – cannot be opened!

C:\Documents and Settings\Marycha\Ustawienia lokalne\Temporary Internet Files\Content.IE5\WT2ROD6V\DESKTOP.INI – cannot be opened!

Enabled Scheduled Tasks:

“A257CE03917848D7” -> launches: “c:\docume~1\rako\daneap~1\exitshow\FLAPDOWNLOADNEW.exe” [null data]

“MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]

000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]

000000000004\LibraryPath = “C:\WINDOWS\system32\pnrpnsp.dll” [MS]

000000000005\LibraryPath = “C:\WINDOWS\system32\pnrpnsp.dll” [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)

-> {HKLM…CLSID} = “&Google”

\InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\

“ButtonText” = “FlashGet”

“MenuText” = “&FlashGet”

“Exec” = “C:\PROGRA~1\FlashGet\flashget.exe” [“Amaze Soft”]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

“ButtonText” = “Messenger”

“MenuText” = “Windows Messenger”

Running Services (Display Name, Service Name, Path {Service DLL}):

avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”]

avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”]

avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”]

avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”]

InCD Helper, InCDsrv, “C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe” [“Nero AG”]

Menedżer tożsamości sieci równorzędnej, p2pimsvc, “C:\WINDOWS\system32\svchost.exe -k p2psvc” {“C:\WINDOWS\system32\p2psvc.dll” [MS]}

NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”]

Uwierzytelnianie grup sieci równorzędnej, p2pgasvc, “C:\WINDOWS\system32\svchost.exe -k p2psvc” {“C:\WINDOWS\system32\p2pgasvc.dll” [MS]}

Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS]

<>: Suspicious data at a malware launch point.

This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

The search for DESKTOP.INI DLL launch points on all local fixed drives

took 143 seconds.

---------- (total run time: 313 seconds)

Monczkin · 28 Kwiecień 2007 15:35

Proszę sie zapoznać z tematami o prawidłowym wklejaniu logów w dziale bezpieczeństwo.

Popraw tytuł i post z logiem

adam9870 · 28 Kwiecień 2007 19:39

W trybie awaryjnym usuń z dysku ręcznie ten plik (jeśli będzie):

C:\Program Files\BearShare\Bearshare Accelerator -> sam instalowałeś? Jeśli nie to również usuń.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Użyj narzędzia FixWareOut.

Zwykła wersja programu BearShare posiada w sobie syf dlatego proponuję go usunąć. A jeśli koniecznie chcesz z niego korzystać to zainstaluj wersję Lite, która jest pozbawiona syfu.

Po wykonaniu pokaż nowy log z Silenta, Hijacka oraz zawartość pliku c:\fixwareout\report.txt