TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.  [X]
Nick Data Język
Krupaa 02/07/2011 16:49:41 Plain Text

Startup Programs (SYSOP) 2011-07-02 17.33.32

  1. "Silent Runners.vbs", revision 63, http://www.silentrunners.org/
  2. Operating System: Windows XP SP2
  3. Output limited to non-default values, except where indicated by "{++}"
  4.  
  5.  
  6. Startup items buried in registry:
  7. ---------------------------------
  8.  
  9. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
  10. "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
  11. "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]
  12. "PowerBar" = ""C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime" ["Cyberlink, Corp."]
  13. "ares" = ""C:\Program Files\Ares\Ares.exe" -h" ["Ares Development Group"]
  14.  
  15. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  16. "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
  17. "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
  18. "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
  19. "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
  20. "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
  21. "WinampAgent" = ""D:\Program Files\Winamp\winampa.exe"" [file not found]
  22. "SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
  23. "RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
  24. "InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
  25. "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
  26. "LGODDFU" = ""C:\Program Files\lg_fwupdate\fwupdate.exe" blrun" ["BitLeader"]
  27.  
  28. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  29.  
  30. {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  31.   -> {HKLM...CLSID} = "AcroIEHlprObj Class"
  32.                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
  33.  
  34. {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  35.   -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
  36.                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
  37.  
  38. {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
  39.   -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
  40.                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]
  41.  
  42. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  43.  
  44. "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  45.   -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
  46.                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
  47.  
  48. "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  49.   -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
  50.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
  51.  
  52. "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  53.   -> {HKLM...CLSID} = "WinRAR"
  54.                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  55.  
  56. "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  57.   -> {HKLM...CLSID} = "DesktopContext Class"
  58.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
  59.  
  60. "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  61.   -> {HKLM...CLSID} = "NVIDIA CPL Extension"
  62.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
  63.  
  64. "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  65.   -> {HKLM...CLSID} = "Desktop Explorer"
  66.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
  67.  
  68. "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  69.   -> {HKLM...CLSID} = (no title provided)
  70.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
  71.  
  72. "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  73.   -> {HKLM...CLSID} = "nView Desktop Context Menu"
  74.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
  75.  
  76. "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
  77.   -> {HKLM...CLSID} = "Shell Extension for CDRW"
  78.                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
  79.  
  80. HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
  81.  
  82. WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  83.   -> {HKLM...CLSID} = "WinRAR"
  84.                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  85.  
  86. HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
  87.  
  88. WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  89.   -> {HKLM...CLSID} = "WinRAR"
  90.                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  91.  
  92. HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
  93.  
  94. WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  95.   -> {HKLM...CLSID} = "WinRAR"
  96.                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  97.  
  98. HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
  99.  
  100. 00nView\(Default) = "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"
  101.   -> {HKLM...CLSID} = "nView Desktop Context Menu"
  102.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
  103.  
  104. InCDMenu\(Default) = "{950FF917-7A57-46BC-8017-59D9BF474000}"
  105.   -> {HKLM...CLSID} = "Shell Extension for CDRW"
  106.                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
  107.  
  108. NvCplDesktopContext\(Default) = "{A70C977A-BF00-412C-90B7-034C51DA2439}"
  109.   -> {HKLM...CLSID} = "DesktopContext Class"
  110.                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
  111.  
  112. HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
  113.  
  114. WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  115.   -> {HKLM...CLSID} = "WinRAR"
  116.                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  117.  
  118. HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
  119.  
  120. WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  121.   -> {HKLM...CLSID} = "WinRAR"
  122.                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
  123.  
  124.  
  125. Active Desktop and Wallpaper:
  126. -----------------------------
  127.  
  128. Active Desktop may be disabled at this entry:
  129. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
  130.  
  131. Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
  132. HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
  133. "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
  134.  
  135. Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
  136. HKCU\Control Panel\Desktop\
  137. "Wallpaper" = "C:\Documents and Settings\Arkadiusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
  138.  
  139.  
  140. Enabled Screen Saver:
  141. ---------------------
  142.  
  143. HKCU\Control Panel\Desktop\
  144. "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]
  145.  
  146.  
  147. Windows Portable Device AutoPlay Handlers
  148. -----------------------------------------
  149.  
  150. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
  151.  
  152. NeroAutoPlay2CDAudio\
  153. "Provider" = "Nero Express"
  154. "InvokeProgID" = "Nero.AutoPlay2"
  155. "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
  156. HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
  157.  
  158. NeroAutoPlay2CopyCD\
  159. "Provider" = "Nero Express"
  160. "InvokeProgID" = "Nero.AutoPlay2"
  161. "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
  162. HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
  163.  
  164. NeroAutoPlay2DataDisc\
  165. "Provider" = "Nero Express"
  166. "InvokeProgID" = "Nero.AutoPlay2"
  167. "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
  168. HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
  169.  
  170. NeroAutoPlay2LaunchNeroStartSmart\
  171. "Provider" = "Nero StartSmart"
  172. "InvokeProgID" = "Nero.AutoPlay2"
  173. "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
  174. HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
  175.  
  176. PDVDPlayCDAudioOnArrival\
  177. "Provider" = "PowerDVD"
  178. "InvokeProgID" = "AudioCD"
  179. "InvokeVerb" = "PlayWithPowerDVD"
  180. HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]
  181.  
  182. PDVDPlayDVDMovieOnArrival\
  183. "Provider" = "PowerDVD"
  184. "InvokeProgID" = "DVD"
  185. "InvokeVerb" = "PlayWithPowerDVD"
  186. HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
  187.  
  188. PDVDPlayVCDMovieOnArrival\
  189. "Provider" = "PowerDVD"
  190. "InvokeProgID" = "VCD"
  191. "InvokeVerb" = "PlayWithPowerDVD"
  192. HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]
  193.  
  194. PPCDBurningOnArrival\
  195. "Provider" = "PowerProducer"
  196. "InvokeProgID" = "Picture"
  197. "InvokeVerb" = "OpenWithPowerProducer"
  198. HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerProducer\Producer.exe"" ["CyberLink"]
  199.  
  200. PPDCameraArrival\
  201. "Provider" = "PowerProducer"
  202. "InvokeProgID" = "Picture"
  203. "InvokeVerb" = "OpenWithPowerProducer"
  204. HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerProducer\Producer.exe"" ["CyberLink"]
  205.  
  206. PPDVArrival\
  207. "Provider" = "PowerProducer"
  208. "ProgID" = "Shell.HWEventHandlerShellExecute"
  209. "InitCmdLine" = ""C:\Program Files\CyberLink DVD Solution\PowerProducer\Producer.exe""
  210. HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  211.   -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
  212.                   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
  213.  
  214.  
  215. DESKTOP.INI DLL launch in local fixed drive directories:
  216. --------------------------------------------------------
  217.  
  218. WARNING! D: is an unreadable partition!
  219.  
  220.  
  221. Startup items in "Arkadiusz" & "All Users" startup folders:
  222. -----------------------------------------------------------
  223.  
  224. C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
  225. "Ralink Wireless Utility" -> shortcut to: "C:\Program Files\RALINK\Common\RaUI.exe" ["Ralink Technology, Corp."]
  226.  
  227.  
  228. Enabled Scheduled Tasks:
  229. ------------------------
  230.  
  231. "User_Feed_Synchronization-{D19A9DE7-56E4-4FD3-8209-27CC5465685E}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]
  232.  
  233.  
  234. Winsock2 Service Provider DLLs:
  235. -------------------------------
  236.  
  237. Namespace Service Providers
  238.  
  239. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
  240. 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
  241. 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
  242. 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
  243.  
  244. Transport Service Providers
  245.  
  246. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
  247. 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  248. %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
  249. %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
  250.  
  251.  
  252. Toolbars, Explorer Bars, Extensions:
  253. ------------------------------------
  254.  
  255. Extensions (Tools menu items, main toolbar menu buttons)
  256.  
  257. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
  258. {FB5F1910-F110-11D2-BB9E-00C04F795683}\
  259. "ButtonText" = "Messenger"
  260. "MenuText" = "Windows Messenger"
  261. "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
  262.  
  263.  
  264. Running Services (Display Name, Service Name, Path {Service DLL}):
  265. ------------------------------------------------------------------
  266.  
  267. InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
  268. Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]
  269. NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
  270.  
  271.  
  272. Safe Mode Drivers & Services (subkey name, subkey default value):
  273. -----------------------------------------------------------------
  274.  
  275. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
  276.  
  277. <<!>> {1a3e09be-1e45-494b-9174-d7385b45bbf5}, (null value)
  278.  
  279.  
  280. ---------- (launch time: 2011-07-02 17:33:32)
  281. <<!>>: Suspicious data at a malware launch point.
  282.  
  283. + This report excludes default entries except where indicated.
  284. + To see *everywhere* the script checks and *everything* it finds,
  285.   launch it from a command prompt or a shortcut with the -all parameter.
  286. + The search for DESKTOP.INI DLL launch points on all local fixed drives
  287.   took 64 seconds.
  288. ---------- (total run time: 121 seconds)
  289.