log.txt

Cos mi miesza w googlach :(

Wszystkie ustawienia sieci mam przydzielane automatycznie, skany zaraz porobie, log z tego pierwszego linka -


" Silent Runners.vbs " , revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by " {++} "


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe " [ " Sun Microsystems, Inc. " ]
" Easy-PrintToolBox " = " C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon " [ " CANON INC. " ]
" IntelliPoint " = " " C:\Program Files\Microsoft IntelliPoint\point32.exe " " [MS]
" avgnt " = " " C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe " /min " [ " H+BEDV Datentechnik GmbH " ]
" dmeiz.exe " = " C:\WINDOWS\system32\dmeiz.exe " [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = " SSVHelper Class " [from CLSID]
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll " [ " Sun Microsystems, Inc. " ]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = " IeCatch2 Class " [from CLSID]
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\FLASHGET\jccatch.dll " [ " Amaze Soft " ]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
" {42071714-76d4-11d1-8b24-00a0c9068ff3} " = " Rozszerzenie CPL kadrowania wyświetlania "
- & gt; {CLSID}\InProcServer32\(Default) = " deskpan.dll " [file not found]
" {88895560-9AA2-1069-930E-00AA0030EBC8} " = " Rozszerzenie ikony HyperTerminalu "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\WINDOWS\System32\hticons.dll " [ " Hilgraeve, Inc. " ]
" {E0D79304-84BE-11CE-9641-444553540000} " = " WinZip "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]
" {E0D79305-84BE-11CE-9641-444553540000} " = " WinZip "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]
" {E0D79306-84BE-11CE-9641-444553540000} " = " WinZip "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]
" {E0D79307-84BE-11CE-9641-444553540000} " = " WinZip "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]
" {B41DB860-8EE4-11D2-9906-E49FADC173CA} " = " WinRAR shell extension "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
" {640167b4-59b0-47a6-b335-a6b3c0695aea} " = " Portable Media Devices "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\WINDOWS\system32\Audiodev.dll " [MS]
" {cc86590a-b60a-48e6-996b-41d25ed39a1e} " = " Portable Media Devices Menu "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\WINDOWS\system32\Audiodev.dll " [MS]
" {42042206-2D85-11D3-8CFF-005004838597} " = " Microsoft Office HTML Icon Handler "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Microsoft Office\Office10\msohev.dll " [MS]
" {e57ce731-33e8-4c51-8354-bb4de9d215d1} " = " Uniwersalne urz?dzenia Plug and Play "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\WINDOWS\system32\upnpui.dll " [MS]
" {20082881-FC36-4E47-9A7A-644C95FF749F} " = " IntelliPoint Wireless Control Panel Property Page "
- & gt; {CLSID}\InProcServer32\(Default) = " " C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll " " [MS]
" {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} " = " IntelliPoint Wheel Control Panel Property Page "
- & gt; {CLSID}\InProcServer32\(Default) = " " C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll " " [MS]
" {653DCCC2-13DB-45B2-A389-427885776CFE} " = " IntelliPoint Activities Control Panel Property Page "
- & gt; {CLSID}\InProcServer32\(Default) = " " C:\Program Files\Microsoft IntelliPoint\ipcplact.dll " " [MS]
" {124597D8-850A-41AE-849C-017A4FA99CA2} " = " IntelliPoint Buttons Control Panel Property Page "
- & gt; {CLSID}\InProcServer32\(Default) = " " C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll " " [MS]
" {45AC2688-0253-4ED8-97DE-B5370FA7D48A} " = " Shell Extension for Malware scanning "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll " [ " H+BEDV Datentechnik GmbH " ]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! " System " = " csmkt.exe " [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = " Ati2evxx.dll " [ " ATI Technologies Inc. " ]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = " {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll " [ " H+BEDV Datentechnik GmbH " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
WinZip\(Default) = " {E0D79304-84BE-11CE-9641-444553540000} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
WinZip\(Default) = " {E0D79304-84BE-11CE-9641-444553540000} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = " {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll " [ " H+BEDV Datentechnik GmbH " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
WinZip\(Default) = " {E0D79304-84BE-11CE-9641-444553540000} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\WINZIP\WZSHLSTB.DLL " [ " WinZip Computing, Inc. " ]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
" Wallpaper " = " C:\WINDOWS\ACD Wallpaper.bmp "


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]
000000000002\LibraryPath = " %SystemRoot%\System32\winrnr.dll " [MS]
000000000003\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\NetLimiter\nl_lsp.dll [null data], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
" {E0E899AB-F487-11D5-8D29-0050BA6940E3} " = " FlashGet Bar "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\FLASHGET\fgiebar.dll " [ " Amaze Soft " ]

" {327C2873-E90D-4C37-AA9D-10AC9BABA46C} " = " Easy-WebPrint "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Canon\Easy-WebPrint\Toolband.dll " [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
" MenuText " = " Sun Java Console "
" CLSIDExtension " = " {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll " [ " Sun Microsystems, Inc. " ]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
" ButtonText " = " FlashGet "
" MenuText " = " & FlashGet "
" Exec " = " C:\PROGRA~1\FLASHGET\flashget.exe " [ " Amaze Soft " ]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Service, AntiVirService, " C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe " [ " H+BEDV Datentechnik GmbH " ]
AntiVir Scheduler, AntiVirScheduler, " C:\Program Files\AntiVir PersonalEdition Classic\sched.exe " [ " H+BEDV Datentechnik GmbH " ]
Ati HotKey Poller, Ati HotKey Poller, " C:\WINDOWS\system32\Ati2evxx.exe " [ " ATI Technologies Inc. " ]
Windows User Mode Driver Framework, UMWdf, " C:\WINDOWS\system32\wdfmgr.exe " [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP2000\Driver = " CNMLM66.DLL " [ " CANON INC. " ]
Microsoft Shared Fax Monitor\Driver = " FXSMON.DLL " [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer " No " at the first message box.
---------- (total run time: 59 seconds, including 18 seconds for message boxes)


Download file - link to post