Witam.Mam pytanie gdzie jest powerpoint 95 pracujący w windows xp.Proszę podać link do programu?
“Silent Runners.vbs”, revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”]
“MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS]
“swg” = “C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
“kav” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”” [“Kaspersky Lab”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “Adobe PDF Reader Link Helper”
\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{85589B5D-D53D-4237-A677-46B82EA275F3}(Default) = “WebAssist”
-> {HKLM…CLSID} = “WebAssist”
\InProcServer32(Default) = “C:\WINDOWS\WebAssist.dll” [file not found]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM…CLSID} = “Google Toolbar Helper”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”
-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”
\InProcServer32(Default) = “deskpan.dll” [file not found]
“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”
-> {HKLM…CLSID} = “HyperTerminal Icon Ext”
\InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]
“{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}” = “jetAudio”
-> {HKLM…CLSID} = “JetFlExt”
\InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”]
“{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}” = “Eudora’s Shell Extension”
-> {HKLM…CLSID} = “Eudora’s Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Qualcomm\Eudora\EuShlExt.dll” [“Qualcomm Inc.”]
“{8e9d6600-f84a-11ce-8daa-00aa004a5691}” = “Shell extensions for NetWare”
-> {HKLM…CLSID} = “NetWare Objects”
\InProcServer32(Default) = “nwprovau.dll” [MS]
“{e3f2bac0-099f-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare”
-> {HKLM…CLSID} = “NetWare UNC Folder Menu”
\InProcServer32(Default) = “nwprovau.dll” [MS]
“{52c68510-09a0-11cf-8daa-00aa004a5691}” = “Shell extensions for NetWare”
-> {HKLM…CLSID} = “NetWare Hood Verbs”
\InProcServer32(Default) = “nwprovau.dll” [MS]
“{85E0B171-04FA-11D1-B7DA-00A0C90348D6}” = “Ochrona WWW”
-> {HKLM…CLSID} = “Ochrona WWW”
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<> “{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}” = “Eudora’s Shell Extension”
-> {HKLM…CLSID} = “Eudora’s Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Qualcomm\Eudora\EuShlExt.dll” [“Qualcomm Inc.”]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”
-> {HKLM…CLSID} = “WPDShServiceObj Class”
\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> klogon\DLLName = “C:\WINDOWS\system32\klogon.dll” [“Kaspersky Lab”]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}”
-> {HKLM…CLSID} = “JetFlExt”
\InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
jetAudio(Default) = “{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}”
-> {HKLM…CLSID} = “JetFlExt”
\InProcServer32(Default) = “C:\Program Files\JetAudio\JetFlExt.dll” [“JetAudio, Inc.”]
Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\shellex.dll” [“Kaspersky Lab”]
NetWareUNCMenu(Default) = “{e3f2bac0-099f-11cf-8daa-00aa004a5691}”
-> {HKLM…CLSID} = “NetWare UNC Folder Menu”
\InProcServer32(Default) = “nwprovau.dll” [MS]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Enabled Scheduled Tasks:
“At1” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At2” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At3” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At4” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At5” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At6” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At7” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At8” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At9” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At10” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At11” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At12” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At13” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At14” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At15” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At16” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At17” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At18” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At19” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At20” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At21” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At22” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At23” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
“At24” -> launches: “C:\WINDOWS\system32\Rfxu84G0.exe” [file not found]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}”
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
“{12C65305-B33D-4963-8905-C39CC1813C44}” = (no title provided)
-> {HKLM…CLSID} = “&Gooru Toolbar”
\InProcServer32(Default) = “C:\PROGRA~1\Gooru\GOORUT~1.DLL” [null data]
“{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided)
-> {HKLM…CLSID} = “&Google”
\InProcServer32(Default) = “c:\program files\google\googletoolbar1.dll” [“Google Inc.”]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID{12C65305-B33D-4963-8905-C39CC1813C44}(Default) = “&Gooru Toolbar”
Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32(Default) = “C:\PROGRA~1\Gooru\GOORUT~1.DLL” [null data]
HKLM\SOFTWARE\Classes\CLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = “Ochrona WWW”
Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll” [“Kaspersky Lab”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
“ButtonText” = “Ochrona WWW”
Running Services (Display Name, Service Name, Path {Service DLL}):
Kaspersky Anti-Virus Home Edition 6.0, AVP, ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” -r” [“Kaspersky Lab”]
Usługa klienta dla systemu NetWare, NWCWorkstation, “C:\WINDOWS\system32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\nwwks.dll” [MS]}
---------- (launch time: 2008-01-16 14:55:38)
<>: Suspicious data at a malware launch point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer “No” at the
first message box and “Yes” at the second message box.
---------- (total run time: 245 seconds, including 8 seconds for message boxes)
przypuszczam że nie mam tego programu ale znam się na logach