Help
co mam zle i jak co usuwac ?
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "D:\Programy\Spybot – Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Gadu–Gadu" = ""D:\Programy\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"Winamp Control" = "D:\Program Files\control winamp\WCtrl.exe" ["Krzysztof Mortka / kRk Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"zBrowser Launcher" = "D:\Programy\Logitech\iTouch\iTouch.exe" ["Logitech Inc. "]
"EM_EXEC" = "D:\Programy\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"SunJavaUpdateSched" = "D:\Programy\Java\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NetPanel" = ""D:\Programy\NetPanel\Starter.exe" /path="D:\Programy\NetPanel"" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
"{1FABC9A7–B578–4BC8–9FB3–40A077070E24}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MJCUIA32.DLL" [file not found]
"{A83B737C–6EC5–4792–8E52–B3CEE6A2D70E}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dtrgsnap.dll" [file not found]
"{270B19B2–1503–49C7–80D5–55D17D68D62A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ozbccr32.dll" [null data]
"{4300A439–82C6–4265–B9AA–72E7628DCB01}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dzsetup.dll" [null data]
"{A6E85429–F27F–4261–998D–13D013EB42A0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\neinstnt.dll" [null data]
"{63237A62–3360–4BEA–B1A9–D148486601D8}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iyetcfg.dll" [null data]
"{9A3851E9–076D–4F1C–B992–E0B9AECB110A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{5E1EDA4E–AD03–40E5–B165–04B277A0A2EE}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kmdusx.dll" [null data]
"{EF1FBEB8–650B–4D48–B433–76077F44649C}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\IcagX7.dll" [null data]
"{96D0D2E8–3E37–4D0C–9498–0F210995A257}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wzpshell.dll" [null data]
"{D07FE819–B165–4DD1–B150–27CEE793E630}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{3271FBEA–4435–458B–B4C3–7477665D313C}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vzs_ps.dll" [null data]
"{BDEDBEE0–A5CC–4ABF–BAA4–E142DC59B6CD}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\duquery.dll" [null data]
"{70F70DC4–0D15–4130–83D3–0EA21A880A8A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dYtaclen.dll" [null data]
"{70BBD927–41DE–4C46–BC9E–D86C55B2BDF0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nttapi32.dll" [null data]
"{F856D854–3A85–456D–B9D2–D2A972C33720}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wtecedit.dll" [null data]
"{77B90A3F–2C75–402E–A0E1–B06791EE0253}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wttdecod.dll" [null data]
"{0BD1B037–CF5F–44DA–8E4E–0033C50BA675}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\szgtab.dll" [null data]
"{9733F9BD–B968–449F–8BC5–B9ABDF8745D0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mexbde40.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! OptimalLayout\DLLName = "C:\WINDOWS\system32\azau0579e.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\GAZORMISTRZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "GAZORMISTRZ" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"22M WLAN Adapter" –> shortcut to: "D:\Programy\wlan\WLANMON.exe" [empty string]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}" = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\Java\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\Programy\FlashGet\flashget.exe" ["Amaze Soft"]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]
Keyboard Driver Filters:
––––––––––––––––––––––––
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B–E325–11CE–BFC1–08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 50 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 18 seconds.
–––––––––– (total run time: 100 seconds)
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non–default values, except where indicated by "{++}"
Startup items buried in registry:
–––––––––––––––––––––––––––––––––
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [null data]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "D:\Programy\Spybot – Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Gadu–Gadu" = ""D:\Programy\Gadu–Gadu\gg.exe" /tray" ["Gadu–Gadu Sp. z oo"]
"Winamp Control" = "D:\Program Files\control winamp\WCtrl.exe" ["Krzysztof Mortka / kRk Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"zBrowser Launcher" = "D:\Programy\Logitech\iTouch\iTouch.exe" ["Logitech Inc. "]
"EM_EXEC" = "D:\Programy\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"SunJavaUpdateSched" = "D:\Programy\Java\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NetPanel" = ""D:\Programy\NetPanel\Starter.exe" /path="D:\Programy\NetPanel"" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714–76d4–11d1–8b24–00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
–> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560–9AA2–1069–930E–00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949–8F65–4355–8456–263E7C208A5D}" = "Eksplorator pulpitów"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB–F9E5–4718–997B–B8DA88302A47}" = "Desktop Explorer Menu"
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860–8EE4–11D2–9906–E49FADC173CA}" = "WinRAR shell extension"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
"{1FABC9A7–B578–4BC8–9FB3–40A077070E24}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MJCUIA32.DLL" [file not found]
"{A83B737C–6EC5–4792–8E52–B3CEE6A2D70E}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dtrgsnap.dll" [file not found]
"{270B19B2–1503–49C7–80D5–55D17D68D62A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ozbccr32.dll" [null data]
"{4300A439–82C6–4265–B9AA–72E7628DCB01}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dzsetup.dll" [null data]
"{A6E85429–F27F–4261–998D–13D013EB42A0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\neinstnt.dll" [null data]
"{63237A62–3360–4BEA–B1A9–D148486601D8}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iyetcfg.dll" [null data]
"{9A3851E9–076D–4F1C–B992–E0B9AECB110A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{5E1EDA4E–AD03–40E5–B165–04B277A0A2EE}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kmdusx.dll" [null data]
"{EF1FBEB8–650B–4D48–B433–76077F44649C}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\IcagX7.dll" [null data]
"{96D0D2E8–3E37–4D0C–9498–0F210995A257}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wzpshell.dll" [null data]
"{D07FE819–B165–4DD1–B150–27CEE793E630}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{3271FBEA–4435–458B–B4C3–7477665D313C}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vzs_ps.dll" [null data]
"{BDEDBEE0–A5CC–4ABF–BAA4–E142DC59B6CD}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\duquery.dll" [null data]
"{70F70DC4–0D15–4130–83D3–0EA21A880A8A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dYtaclen.dll" [null data]
"{70BBD927–41DE–4C46–BC9E–D86C55B2BDF0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nttapi32.dll" [null data]
"{F856D854–3A85–456D–B9D2–D2A972C33720}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wtecedit.dll" [null data]
"{77B90A3F–2C75–402E–A0E1–B06791EE0253}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wttdecod.dll" [null data]
"{0BD1B037–CF5F–44DA–8E4E–0033C50BA675}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\szgtab.dll" [null data]
"{9733F9BD–B968–449F–8BC5–B9ABDF8745D0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mexbde40.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! OptimalLayout\DLLName = "C:\WINDOWS\system32\azau0579e.dll" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860–8EE4–11D2–9906–E49FADC173CA}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\WinRar\rarext.dll" [null data]
Active Desktop and Wallpaper:
–––––––––––––––––––––––––––––
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\GAZORMISTRZ\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
–––––––––––––––––––––
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Startup items in "GAZORMISTRZ" & "All Users" startup folders:
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"22M WLAN Adapter" –> shortcut to: "D:\Programy\wlan\WLANMON.exe" [empty string]
Winsock2 Service Provider DLLs:
–––––––––––––––––––––––––––––––
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 – 03, 06 – 11
%SystemRoot%\system32\rsvpsp.dll [MS], 04 – 05
Toolbars, Explorer Bars, Extensions:
––––––––––––––––––––––––––––––––––––
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB–F487–11D5–8D29–0050BA6940E3}" = "FlashGet Bar"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{2318C2B1–4965–11D4–9B18–009027A5CD4F}" = "&Google" [from CLSID]
–> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0–4FCB–11CF–AAA5–00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC–0015–0000–0005–ABCDEFFEDCBC}"
–> {CLSID}\InProcServer32\(Default) = "D:\Programy\Java\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{D6E814A0–E0C5–11D4–8D29–0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "D:\Programy\FlashGet\flashget.exe" ["Amaze Soft"]
Running Services (Display Name, Service Name, Path {Service DLL}):
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]
Keyboard Driver Filters:
––––––––––––––––––––––––
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B–E325–11CE–BFC1–08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"]
––––––––––
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the –all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 50 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 18 seconds.
–––––––––– (total run time: 100 seconds)
Odpowiedzi: 1
Co się dzieje? Nie sądzisz ze jakieś zdanie wstępu wypada umieścić?
Masz VX2/Look2me
O usuwaniu tego dziadostwa było pisane na forum sporo.
Przenosiny do bezpieczenstwa.
Masz VX2/Look2me
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"1" = "C:\WINDOWS\System32\service\explorer.exe" [null data]
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\MJCUIA32.DLL" [file not found]
"{A83B737C–6EC5–4792–8E52–B3CEE6A2D70E}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dtrgsnap.dll" [file not found]
"{270B19B2–1503–49C7–80D5–55D17D68D62A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\ozbccr32.dll" [null data]
"{4300A439–82C6–4265–B9AA–72E7628DCB01}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dzsetup.dll" [null data]
"{A6E85429–F27F–4261–998D–13D013EB42A0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\neinstnt.dll" [null data]
"{63237A62–3360–4BEA–B1A9–D148486601D8}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\iyetcfg.dll" [null data]
"{9A3851E9–076D–4F1C–B992–E0B9AECB110A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{5E1EDA4E–AD03–40E5–B165–04B277A0A2EE}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\kmdusx.dll" [null data]
"{EF1FBEB8–650B–4D48–B433–76077F44649C}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\IcagX7.dll" [null data]
"{96D0D2E8–3E37–4D0C–9498–0F210995A257}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wzpshell.dll" [null data]
"{D07FE819–B165–4DD1–B150–27CEE793E630}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\guard.tmp" [null data]
"{3271FBEA–4435–458B–B4C3–7477665D313C}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\vzs_ps.dll" [null data]
"{BDEDBEE0–A5CC–4ABF–BAA4–E142DC59B6CD}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\duquery.dll" [null data]
"{70F70DC4–0D15–4130–83D3–0EA21A880A8A}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dYtaclen.dll" [null data]
"{70BBD927–41DE–4C46–BC9E–D86C55B2BDF0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nttapi32.dll" [null data]
"{F856D854–3A85–456D–B9D2–D2A972C33720}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wtecedit.dll" [null data]
"{77B90A3F–2C75–402E–A0E1–B06791EE0253}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\wttdecod.dll" [null data]
"{0BD1B037–CF5F–44DA–8E4E–0033C50BA675}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\szgtab.dll" [null data]
"{9733F9BD–B968–449F–8BC5–B9ABDF8745D0}" = (no title provided)
–> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\mexbde40.dll" [null data]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! OptimalLayout\DLLName = "C:\WINDOWS\system32\azau0579e.dll" [null data]
O usuwaniu tego dziadostwa było pisane na forum sporo.
Przenosiny do bezpieczenstwa.
Strona 1 / 1