"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"Komunikator" = "C:\Program Files\Tlen.pl\tlen.exe" [file not found]
"eMuleAutoStart" = "C:\eMule\emule.exe -AutoStart" ["http://www.emule-project.net"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"NeroCheck" = "C:\WINDOWS\System32\\NeroCheck.exe" ["Ahead Software Gmbh"]
"Lexmark X74-X75" = ""C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"" ["Lexmark International, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{76764EB2-AF1B-4D4C-9E82-1C771020C32E}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\alctres.dll" [file not found]
"{4D6E2D52-3C49-4AEB-AA50-3956F284B22E}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cpmpstui.dll" [file not found]
"{53DE1BA2-0E13-4BC0-908D-9373E9E24E12}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\msiqtz32.dll" [file not found]
"{729F2909-C7D3-48F5-925A-072A6E89D0CD}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mmcertui.dll" [file not found]
"{D38B5D2E-940D-4228-843C-43846864ADDD}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dimsrpcn.dll" [file not found]
"{CF1BE403-ACB7-4E11-A1A1-074C307816FB}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\doound.dll" [file not found]
"{40C600D7-D286-41D7-82E9-2E720F04E731}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\muiqtz32.dll" [file not found]
"{6FC75766-E2AE-462A-980C-22DD1EABB881}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\sphedsvc.dll" [file not found]
"{7AF42B24-1A3C-456F-837F-F190B3F562E7}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cTmocx.dll" [file not found]
"{1C6CAF7D-36E7-42B3-A192-8F845FF7B6F6}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mmexch40.dll" [file not found]
"{E09F8BD4-2BF7-40CC-900E-6A815A828BE4}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vusapi.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\smoluch.SMOLUCHS-YF027C\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "smoluch" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart
"22M WLAN Adapter" -> shortcut to: "C:\Program Files\22M WLAN Adapter\WLANMON.exe" [empty string]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Uruchom pełne skanowanie systemu - smoluch" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Norton AntiVirus - Uruchom szybkie skanowanie - smoluch" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE /TASK:"C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\quick.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Usługa Auto-Protect programu Norton AntiVirus, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Usługa Norton Protection Center, NSCService, ""C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 58 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 17 seconds.
---------- (total run time: 165 seconds)
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG Przejście do trybu awaryjnego Windows i uruchomienie pliku FIX.REG.
Daj nowy log z Silenta