Przepraszam, ale jak już pisałem "znajomy" ma ten problem. Dzieli nas ok. 50km więc wszystkie informajce lecą z opóźnieniem. Załączam dwa logi. (Silent Runners, Spy Sweeper). Ewido jeszcze nie dostałem.
" Silent Runners.vbs " , revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by " {++} "
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
" PicoZip " = " F:\INSTAL~1\PICOZIP\PicoZipTray.exe " [file not found]
" ctfmon.exe " = " C:\WINDOWS\system32\ctfmon.exe " [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
" WOOWATCH " = " C:\PROGRA~1\WANADOO\Watch.exe " [ " France Télécom R & D " ]
" WOOTASKBARICON " = " C:\Program Files\Wanadoo\taskbaricon.exe " [ " France Télécom R & D " ]
" SoundMan " = " SOUNDMAN.EXE " [ " Realtek Semiconductor Corp. " ]
" TkBellExe " = " " C:\Program Files\Common Files\Real\Update_OB\realsched.exe " -osboot " [ " RealNetworks, Inc. " ]
" SCANINICIO " = " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe " " [ " Panda Software International " ]
" APVXDWIN " = " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE " /s " [ " Panda Software International " ]
" ATIPTA " = " C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe " [ " ATI Technologies, Inc. " ]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe " [ " Sun Microsystems, Inc. " ]
" QuickTime Task " = " " G:\roboty\qttask.exe " -atboottime " [ " Apple Computer, Inc. " ]
" CloneCDTray " = " " C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe " /s " [ " SlySoft, Inc. " ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = " AcroIEHlprObj Class " [from CLSID]
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll " [ " Adobe Systems Incorporated " ]
{19F301FE-5CBC-45E8-9E15-5194A7D3AD43}\(Default) = (no title provided)
- & gt; {CLSID}\InProcServer32\(Default) = " C:\WINDOWS\system32\ciaSvbClsSvr.dll " [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = " SSVHelper Class " [from CLSID]
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll " [ " Sun Microsystems, Inc. " ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
" {88895560-9AA2-1069-930E-00AA0030EBC8} " = " Rozszerzenie ikony HyperTerminalu "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\WINDOWS\System32\hticons.dll " [ " Hilgraeve, Inc. " ]
" {0006F045-0000-0000-C000-000000000046} " = " Microsoft Outlook Custom Icon Handler "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL " [MS]
" {42042206-2D85-11D3-8CFF-005004838597} " = " Microsoft Office HTML Icon Handler "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Microsoft Office\Office10\msohev.dll " [MS]
" {32020A01-506E-484D-A2A8-BE3CF17601C3} " = " AlcoholShellEx "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll " [ " Alcohol Soft Development Team " ]
" {B41DB860-8EE4-11D2-9906-E49FADC173CA} " = " WinRAR shell extension "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
" {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} " = " Shell Extensions for RealOne Player "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Real\RealOne Player\rpshell.dll " [ " RealNetworks, Inc. " ]
" {65756541-C65C-11CD-0000-4B656E696100} " = " Panda Antivirus "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PAVOLE.DLL " [ " Panda Software " ]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = " Ati2evxx.dll " [ " ATI Technologies Inc. " ]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = " {65756541-C65C-11CD-0000-4B656E696100} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PAVOLE.DLL " [ " Panda Software " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Panda Antivirus\(Default) = " {65756541-C65C-11CD-0000-4B656E696100} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PAVOLE.DLL " [ " Panda Software " ]
WinRAR\(Default) = " {B41DB860-8EE4-11D2-9906-E49FADC173CA} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\WinRAR\rarext.dll " [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
" Wallpaper " = " C:\Documents and Settings\xxx\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp "
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
" SCRNSAVE.EXE " = " C:\WINDOWS\System32\sstext3d.scr " [MS]
Startup items in " xxx " & " All Users " startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
" Microsoft Office " - & gt; shortcut to: " C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l " [MS]
" hpoddt01.exe " - & gt; shortcut to: " C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe " [ " Hewlett-Packard " ]
" hp psc 1000 series " - & gt; shortcut to: " C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe " [ " Hewlett-Packard Co. " ]
" DSLMON " - & gt; shortcut to: " C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W " [empty string]
Enabled Scheduled Tasks:
------------------------
" FRU Task #Hewlett-Packard#hp psc 1200 series#1089475350 " - & gt; launches: " C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I " #Hewlett-Packard#hp psc 1200 series#1089475350 " " [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]
000000000002\LibraryPath = " %SystemRoot%\System32\winrnr.dll " [MS]
000000000003\LibraryPath = " %SystemRoot%\System32\mswsock.dll " [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavlsp.dll [ " Panda Software " ], 01 - 03, 19
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
" MenuText " = " Sun Java Console "
" CLSIDExtension " = " {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} "
- & gt; {CLSID}\InProcServer32\(Default) = " C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll " [ " Sun Microsystems, Inc. " ]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, " C:\WINDOWS\system32\Ati2evxx.exe " [ " ATI Technologies Inc. " ]
Machine Debug Manager, MDM, " " C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe " " [MS]
Panda anti-virus service, PAVSRV, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe " " [ " Panda Software " ]
Panda Antispam Server Service, PASSRV, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe " " [null data]
Panda Firewall Service, PAVFIRES, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe " " [ " Panda Software " ]
Panda Function Service, PAVFNSVR, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe " " [ " Panda Software " ]
Panda IManager Service, PSIMSVC, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe " " [ " Panda Software Internacional " ]
Panda Pavkre, Pavkre, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe " " [ " Panda Software " ]
Panda PavProt, PavProt, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe " " [ " Panda Software " ]
Panda Preventium+ Service, PREVSRV, " " C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe " " [ " Panda Software " ]
Panda Process Protection Service, PavPrSrv, " " C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe " " [ " Panda Software " ]
SecuROM User Access Service (V7), UserAccess7, " C:\WINDOWS\system32\UAService7.exe " [null data]
Windows User Mode Driver Framework, UMWdf, " C:\WINDOWS\System32\wdfmgr.exe " [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzsnt07\Driver = " hpzsnt07.dll " [ " HP " ]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 60 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 14 seconds.
---------- (total run time: 111 seconds)