x-kom hosting

czy mozna usunac rundll32 .exe?

moxia
utworzono
utworzono

jak w temacie,chodzi mi o to czy programem msconfig cleanup moz usunac to?

Mateusz J.
komentarz
komentarz

Ale czego dotyczy ten rundll32 .exe ?

Może to być np. od jakiegoś Twojego programu, czy też szkodnika.

moxia
komentarz
komentarz

uruchomilem prgram msconfig cleanup i zauwazylem cos takiego nie mam pojecia czego to moze dotyczyc,ale gdy wpisuje normalnie na pasku msconfig to tego nie widac,jak sprawdzic co to jest,wczoraj skonowalem kasp.online i nie mialem zadnych wirusow

Mateusz J.
komentarz
komentarz

Pokaż log z programu Silent Runners.

Opis pod opisem HjackThis: http://www.forumpc.pl/index.php?showtopic=11017

moxia
komentarz
komentarz

prosze

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/Operating System: Windows VistaOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]"ehTray.exe" = "C:\Windows\ehome\ehTray.exe" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]"WarReg_PopUp" = "C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [null data]"OWS Setup CmdLine" = ""C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\bin\cfgwiz.exe" /pkg  "Office 2000 Server Extensions"" [MS]"ArcadeDeluxeAgent" = ""C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"" ["CyberLink Corp."]"Windows Defender" = "%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [MS]"eDataSecurity Loader" = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" ["Egis Incorporated"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = (no title provided)  -> {HKLM...CLSID} = "&Yahoo! Toolbar Helper"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"  -> {HKLM...CLSID} = "Adobe PDF Link Helper"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\(Default) = (no title provided)  -> {HKLM...CLSID} = "ShowBarObj Class"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll" ["Egis"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Google Toolbar Helper"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)  -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"				   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"				   \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]"{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" = "eDS psd drag drop protection"  -> {HKLM...CLSID} = "DragDropProtect Class"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll" ["Egis Incorporated"]"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"  -> {HKLM...CLSID} = "EPM-PO Shell Extensions"				   \InProcServer32\(Default) = "epm-po.dll" [file not found]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"  -> {HKLM...CLSID} = "Nokia Phone Browser"				   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll" ["Nokia"]"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"  -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"				   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7842554E-6BED-11D2-8CDB-B05550C10000}" = "Monitor"  -> {HKLM...CLSID} = "Monitor Class"				   \InProcServer32\(Default) = "C:\Windows\system32\btncopy.dll" ["Broadcom Corporation."]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"				   \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"]"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "ESET Smart Security - Context Menu Shell Extension"  -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"				   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll" ["Nero AG"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"  -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"				   \InProcServer32\(Default) = "C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"  -> {HKLM...CLSID} = "eDSshlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll" ["Egis Incorporated."]ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"  -> {HKLM...CLSID} = "eDSshlExt Class"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSshellExt.dll" ["Egis Incorporated."]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"  -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"				   \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Default executables:--------------------<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoDrives" = (REG_DWORD) dword:0x00000000{unrecognized setting}HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}"ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Behavior Of The Elevation Prompt For Standard Users}"EnableInstallerDetection" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Detect Application Installations And Prompt For Elevation}"EnableLUA" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Run All Administrators In Admin Approval Mode}"EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Only elevate UIAccess applications that are installed in secure locations}"EnableVirtualization" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Virtualize file and registry write failures to per-user locations}"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Switch to the secure desktop when prompting for elevation}"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"FilterAdministratorToken" = (REG_DWORD) dword:0x00000000{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|User Account Control: Admin Approval Mode for the Built-in Administrator Account}"EnableUIADesktopToggle" = (REG_DWORD) dword:0x00000000{unrecognized setting}"DisableRegistryTools" = (REG_DWORD) dword:0x00000000{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Users\mhj\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg"Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\GOMPlayDVDOnArrival\"Provider" = "GOM Player""InvokeProgID" = "GomPlayer.DVD""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\GomPlayer.DVD\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]GOMPlayMediaOnArrival\"Provider" = "GOM Player""InvokeProgID" = "GomPlayer.MediaFile""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\command\(Default) = ""C:\Program Files\GRETECH\GomPlayer\GOM.exe" /open "%1"" ["Gretech Corp."]HKLM\SOFTWARE\Classes\GomPlayer.MediaFile\shell\open\DropTarget\CLSID = "{D0F0AD6B-ECCC-401E-8E71-C4363D41399C}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = ""C:\PROGRA~1\GRETECH\GOMPLA~1\GOM.exe"" ["Gretech Corp."]LightScribeOnArrivalAP\"Provider" = "LightScribe Direct Disc Labeling""InvokeProgID" = "LightScribe.AutoPlayHandler""InvokeVerb" = "LabelLightScribeDisc"HKLM\SOFTWARE\Classes\LightScribe.AutoPlayHandler\shell\LabelLightScribeDisc\command\(Default) = "C:\Program Files\Common Files\LightScribe\LsLauncher.exe" ["Hewlett-Packard Company"]NeroAutoPlay8AudioToNeroDigital\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay8CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]NeroAutoPlay8CopyCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]NeroAutoPlay8DataDisc_CD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:CD %L" ["Nero AG"]NeroAutoPlay8DataDisc_DVD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:ISODisc /Media:DVD %L" ["Nero AG"]NeroAutoPlay8LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "LaunchNeroStartSmart_HandleDVDBurningOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"]NeroAutoPlay8PlayAudioCD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay8PlayDVD\"Provider" = "Nero ShowTime""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"]NeroAutoPlay8RipCD\"Provider" = "Nero Burning ROM""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "RipCD_PlayCDAudioOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]NeroAutoPlay8TranscodeVideo\"Provider" = "Nero Recode""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"]NeroAutoPlay8VideoCapture\"Provider" = "Nero Vision""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""C:\Program Files\Nero\Nero8\Nero Vision\NeroVision.exe" /New:VideoCapture"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"				   \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]NeroAutoPlay8ViewPhotos\"Provider" = "Nero PhotoSnap Viewer""InvokeProgID" = "Nero.AutoPlay8""InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival"HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"]NMMPlayCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMPlayCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /playCD "%L"" ["Nokia"]NMMRipCDAudioOnArrival\"Provider" = "Nokia Music Manager""InvokeProgID" = "NokiaMusicManager""InvokeVerb" = "NMMRipCD"HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 7\MusicManager.exe /ripCD "%L"" ["Nokia"]NTIBurner\"Provider" = "NTI Media Maker""InvokeProgID" = "NTIBurnerOpen""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\command\(Default) = ""C:\Program Files\NewTech Infosystems\NTI Media Maker 8\DiscLaunchPad.exe"" ["NewTech Infosystems, Inc."]PCinemaPlayCDAudioOnArrival\"Provider" = "Acer Arcade Deluxe""InvokeProgID" = "AudioCD""InvokeVerb" = "PlayWithPowerCinema"HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerCinema\Command\(Default) = ""C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe" AUTOPLAY CD "%L"" ["Acer Incorporated"]PDirDVArrival\"Provider" = "PowerDirector""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = ""c:\Program Files\CyberLink\PowerDirector\PDR.exe" /DV"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"				   \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]Picasa2ImportPicturesOnArrival\"Provider" = "Picasa3""InvokeProgID" = "picasa2.autoplay""InvokeVerb" = "import"HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files\Google\Picasa3\Picasa3.exe "%1"" ["Google Inc."]PlayMoviePlayDVDMovieOnArrival\"Provider" = "Acer Arcade Deluxe""InvokeProgID" = "DVD""InvokeVerb" = "PlayWithPlayMovie"HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPlayMovie\Command\(Default) = ""C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe" AUTOPLAY MOVIE "%L"" ["Acer Incorporated"]PlayMoviePlayVideoCDMovieOnArrival\"Provider" = "Acer Arcade Deluxe""InvokeProgID" = "VCD""InvokeVerb" = "PlayWithPlayMovie"HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPlayMovie\Command\(Default) = ""C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe" AUTOPLAY MOVIE "%L"" ["Acer Incorporated"]VirtualCD9BurnCD\"Provider" = "Virtual CD v9 Burner""InvokeProgID" = "VirtualCD.9""InvokeVerb" = "burn"HKLM\SOFTWARE\Classes\VirtualCD.9\shell\burn\command\(Default) = ""C:\Program Files\Virtual CD v9\System\vc9burn.exe" %L" [file not found]VirtualCD9CreateVCD\"Provider" = "Virtual CD v9 Image Wizard""InvokeProgID" = "VirtualCD.9""InvokeVerb" = "create"HKLM\SOFTWARE\Classes\VirtualCD.9\shell\create\command\(Default) = ""C:\Program Files\Virtual CD v9\System\vc9build.exe" %L" [file not found]WIA_{7C5B369A-0038-4BCA-8B39-A19BC867221E}\"Provider" = "Picasa3""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = "/WiaCmd;C:\Program Files\Google\Picasa3\Picasa3.exe /StiDevice:%1 /StiEvent:%2;"  -> {HKLM...CLSID} = "WPDShextAutoplay"				   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]WIA_{C4DE4F03-AB86-47C7-928D-2347756B3B77}\"Provider" = "Picasa2""CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}""InitCmdLine" = "/WiaCmd;C:\Program Files\Picasa2\PicasaMediaDetector.exe /StiDevice:%1 /StiEvent:%2;"  -> {HKLM...CLSID} = "WPDShextAutoplay"				   \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]WinampMTPHandler\"Provider" = "Winamp""ProgID" = "Shell.HWEventHandlerShellExecute""InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"  -> {HKLM...CLSID} = "Shell Execute Hardware Event Handler"				   \LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]WinampPlayMediaOnArrival\"Provider" = "Winamp""InvokeProgID" = "Winamp.File""InvokeVerb" = "Play"HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"  -> {HKLM...CLSID} = (no title provided)				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]Startup items in "mhj" & "All Users" startup folders:-----------------------------------------------------C:\Users\mhj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"BTTray" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000004\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]000000000005\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000006\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000007\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 38Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}"  -> {HKLM...CLSID} = "Acer eDataSecurity Management"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll" ["Egis Incorporated."]HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"  -> {HKLM...CLSID} = "&Google"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]"{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}" = (no title provided)  -> {HKLM...CLSID} = "Acer eDataSecurity Management"				   \InProcServer32\(Default) = "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll" ["Egis Incorporated."]"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)  -> {HKLM...CLSID} = "&Google"				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll" [MS]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{CCA281CA-C863-46EF-9331-5C8D4460577F}\"ButtonText" = "@btrez.dll,-4015""MenuText" = "@btrez.dll,-12650""Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data]Miscellaneous IE Hijack Points------------------------------HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)  -> {HKLM...CLSID} = "Yahoo! Toolbar"				   \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\<<H>> "Tabs" = "tbr:res?id=tabs&rep=1" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Agere Modem Call Progress Audio, AgereModemAudio, "C:\Windows\system32\agrsmsvc.exe" ["Agere Systems"]Autokonfiguracja sieci WLAN, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]}Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]Capture Device Service, Capture Device Service, ""C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"" ["InterVideo Inc."]CLHNService, CLHNService, "C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe" [empty string]Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Program Files\Cyberlink\Shared files\RichVideo.exe"" [empty string]Dostęp do urządzeń interfejsu HID, hidserv, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\system32\hidserv.dll" [MS]}eDataSecurity Service, eDataSecurity Service, ""C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe"" ["Egis Incorporated"]Empowering Technology Service, ETService, "C:\Program Files\Acer\Empowering Technology\Service\ETService.exe" [null data]ESET Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"]Izolacja klucza CNG, KeyIso, "C:\Windows\system32\lsass.exe" [MS]LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]MobilityService, MobilityService, "C:\Acer\Mobility Center\MobilityService.exe -p" [null data]Nero BackItUp Scheduler 3, Nero BackItUp Scheduler 3, "C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe" ["Nero AG"]NTI Backup Now 5 Agent Service, BUNAgentSvc, ""C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe"" ["NewTech Infosystems, Inc."]NTI Backup Now 5 Backup Service, NTIBackupSvc, "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" ["NewTech InfoSystems, Inc."]NTI Backup Now 5 Scheduler Service, NTISchedulerSvc, "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" [null data]NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" ["NVIDIA Corporation"]PnkBstrA, PnkBstrA, "C:\Windows\system32\PnkBstrA.exe" [null data]Połącz teraz w systemie Windows ? Rejestrator konfiguracji, wcncsvc, "C:\Windows\System32\svchost.exe -k LocalService" {"C:\Windows\System32\wcncsvc.dll" [MS]}Protokół uwierzytelniania rozszerzonego (EAP), EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]}Przeglądarka komputera, Browser, "C:\Windows\system32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]}Raw Socket Service, RS_Service, "C:\Program Files\Acer\Acer VCM\RS_Service.exe" ["Acer Incorporated"]Usługa monitora podczerwieni, Irmon, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\irmon.dll" [MS]}Usługa obsługi Bluetooth, BthServ, "C:\Windows\system32\svchost.exe -k bthsvcs" {"C:\Windows\System32\bthserv.dll" [MS]}Usługa Protokół SSTP, SstpSvc, "C:\Windows\system32\svchost.exe -k LocalService" {"C:\Windows\system32\sstpsvc.dll" [MS]}Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS]Windows Driver Foundation ? User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]}Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]}Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\LIDIL hpzlllhn\Driver = "hpzlllhn.dll" ["Hewlett-Packard Company"]Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2009-06-15 23:22:27)<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ The search for DESKTOP.INI DLL launch points on all local fixed drives  took 237 seconds.---------- (total run time: 307 seconds)
Mateusz J.
komentarz
komentarz

W logu nie widać żadnego rundll32 w autostarcie.

Nie da się sprawdzić od czego to?

Osobiście zostawiłbym, może pochodzić usługi jakiegoś programu.

moxia
komentarz
komentarz

nie mam pomyslu jak dojsc z czego to pochodzi,ale ok zostawie,dziekuje bardzo za pomoc,mozna usunac

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.