witam, moja Avira wykryła WORM/VB.DW , który to przeniosłem do kwarantanny, czy muszę coś jeszcze zrobic?
Możesz dać logi z HijackThis.
Logfile of HijackThis v1.99.1
Scan saved at 13:18:06, on 2007-02-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\instalki\komunikator internet\Tlen.pl\tlen.exe
D:\instalki\TLENGA~1\AQQ\AQQ.exe
D:\instalki\google desktop\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
D:\instalki\dla outlook\HideOE\HideOE.exe
D:\instalki\kalendarz XP\Kalendarz XP\Kalendarz.exe
C:\Program Files\outlook express\msimn.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
D:\instalki\bluetooth\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\alkohol 120%\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\instalki\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\ATI Technologies\ATI.ACE\help\wwhelp\wwhimpl\common\html\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu46\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu46\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\instalki\Adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\instalki\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu46\toolbaru.dll
O4 - HKLM…\Run: [lxccmon.exe] “C:\Program Files\Lexmark 3300 Series\lxccmon.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [skrót do strony właściwości High Definition Audio] HDAShCut.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU…\Run: [Komunikator] D:\instalki\komunikator internet\Tlen.pl\tlen.exe
O4 - HKCU…\Run: [AQQ] D:\instalki\TLENGA~1\AQQ\AQQ.exe
O4 - HKCU…\Run: [RocketDock] “D:\instalki\google desktop\RocketDock\RocketDock.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [HideOE] “D:\instalki\dla outlook\HideOE\HideOE.exe”
O4 - Global Startup: Kalendarz XP.lnk = D:\instalki\kalendarz XP\Kalendarz XP\Kalendarz.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O11 - Options group: [iNTERNATIONAL] International*
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan … asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip…{75976636-84E5-4EAF-9A54-1234DFD59702}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\instalki\bluetooth\BTNtService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\instalki\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\alkohol 120%\Alcohol 120\StarWind\StarWindService.exe
gismo137
Przeczytaj tematy przyklejone w tym dziale i popraw posty.JNJN
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by “{++}”
Startup items buried in registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“Komunikator” = “D:\instalki\komunikator internet\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”]
“AQQ” = “D:\instalki\TLENGA~1\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”]
“RocketDock” = ““D:\instalki\google desktop\RocketDock\RocketDock.exe”” [null data]
“ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS]
“HideOE” = ““D:\instalki\dla outlook\HideOE\HideOE.exe”” [“r2 studios”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
“lxccmon.exe” = ““C:\Program Files\Lexmark 3300 Series\lxccmon.exe”” [“Lexmark International, Inc.”]
“avgnt” = ““C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min” [“Avira GmbH”]
“Skrót do strony właściwości High Definition Audio” = “HDAShCut.exe” [“Windows ® Server 2003 DDK provider”]
“QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”]
“NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”]
“InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Nero AG”]
“LClock” = “C:\Program Files\LClock\LClock.exe” [null data]
“ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay” [null data]
“iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer”
\StubPath = “C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig” [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{055FD26D-3A88-4e15-963D-DC8493744B1D}(Default) = “XTTBPos00”
-> {HKLM…CLSID} = “XTTBPos00 Class”
\InProcServer32(Default) = “C:\Program Files\ICQToolbar\tbu46\toolbaru.dll” [“IE Toolbar”]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM…CLSID} = “AcroIEHlprObj Class”
\InProcServer32(Default) = “D:\instalki\Adobe reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]
{53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided)
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = “D:\instalki\SPYBOT~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM…CLSID} = “SSVHelper Class”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
“{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”
-> {HKLM…CLSID} = “Shell Extension for CDRW”
\InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Nero AG”]
“{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension”
-> {HKLM…CLSID} = “SimpleShlExt Class”
\InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string]
“{2B3453E4-49DF-11D3-8229-0080BE509050}” = “GMail Drive”
-> {HKLM…CLSID} = “GMail Drive”
\InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”]
“{2B3453E4-49DF-11D3-8229-0080BE509052}” = “GMailFS Property Sheet”
-> {HKLM…CLSID} = “GMailFS Property Sheet”
\InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”]
“{2B3453E4-49DF-11D3-8229-0080BE509054}” = “GMailFS Drop Handler”
-> {HKLM…CLSID} = “GMailFS Drop Handler”
\InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”]
“{2B3453E4-49DF-11D3-8229-0080BE509056}” = “GMailFS Context Menu”
-> {HKLM…CLSID} = “GMailFS Context Menu”
\InProcServer32(Default) = “C:\WINDOWS\system32\ShellExt\GMailFS.dll” [“Bjarke Viksoe”]
“{45AC2688-0253-4ED8-97DE-B5370FA7D48A}” = “Shell Extension for Malware scanning”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]
“{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes”
-> {HKLM…CLSID} = “iTunes”
\InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
“WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”
-> {HKLM…CLSID} = “WPDShServiceObj Class”
\InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler”
-> {HKLM…CLSID} = (no title provided)
\InProcServer32(Default) = ““D:\instalki\Openoffice\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”]
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info”
-> {HKLM…CLSID} = “PDF Shell Extension”
\InProcServer32(Default) = “D:\instalki\Adobe reader\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”]
HKLM\Software\Classes*\shellex\ContextMenuHandlers\
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “D:\instalki\7-Zip\7-zip.dll” [“Igor Pavlov”]
IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}”
-> {HKLM…CLSID} = “IZArc Shell Context Menu”
\InProcServer32(Default) = “D:\instalki\IZARCK~1\IZArc\IZArcCM.dll” [null data]
Notepad++(Default) = “{120B94B5-2E6A-4F13-94D0-414BCB64FA0F}”
-> {HKLM…CLSID} = “Notepad++”
\InProcServer32(Default) = “D:\instalki\notepad\Notepad++\nppcm.dll” [“Burgaud.com”]
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip(Default) = “{23170F69-40C1-278A-1000-000100020000}”
-> {HKLM…CLSID} = “7-Zip Shell Extension”
\InProcServer32(Default) = “D:\instalki\7-Zip\7-zip.dll” [“Igor Pavlov”]
IZArcCM(Default) = “{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}”
-> {HKLM…CLSID} = “IZArc Shell Context Menu”
\InProcServer32(Default) = “D:\instalki\IZARCK~1\IZArc\IZArcCM.dll” [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ALSongContext(Default) = “{CBE49257-71F8-44B4-B536-FF5359F0AEAA}”
-> {HKLM…CLSID} = “ALContextMenu Class”
\InProcServer32(Default) = “D:\instalki\alsong\ALSong\ALSongSh.dll” [“Copyright © 2005 ESTsoft corp.”]
ImageResizer(Default) = “{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}”
-> {HKLM…CLSID} = “ImageResizer Shell Extension”
\InProcServer32(Default) = “D:\instalki\PHOTO_~1\IMAGER~1\RSZShell.dll” [“VSO Software”]
Shell Extension for Malware scanning(Default) = “{45AC2688-0253-4ED8-97DE-B5370FA7D48A}”
-> {HKLM…CLSID} = “Shell Extension for Malware scanning”
\InProcServer32(Default) = “C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll” [“H+BEDV Datentechnik GmbH”]
Group Policies {GPedit.msc branch and setting}:
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
“shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
“undockwithoutlogon” = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
“SynchronousMachineGroupPolicy” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
“SynchronousUserGroupPolicy” = (REG_DWORD) hex:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
“Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
“Wallpaper” = “C:\Documents and Settings\Adamiak\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp”
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
“SCRNSAVE.EXE” = “C:\WINDOWS\system32\Vista.scr” [MS]
Startup items in “Adamiak” & “All Users” startup folders:
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
“Kalendarz XP” -> shortcut to: “D:\instalki\kalendarz XP\Kalendarz XP\Kalendarz.exe” [null data]
Enabled Scheduled Tasks:
“AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”]
Winsock2 Service Provider DLLs:
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS]
000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
“{855F3B16-6D32-4FE6-8A56-BBB695989046}”
-> {HKLM…CLSID} = “ICQ Toolbar”
\InProcServer32(Default) = “C:\Program Files\ICQToolbar\tbu46\toolbaru.dll” [“IE Toolbar”]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
“{855F3B16-6D32-4FE6-8A56-BBB695989046}” = (no title provided)
-> {HKLM…CLSID} = “ICQ Toolbar”
\InProcServer32(Default) = “C:\Program Files\ICQToolbar\tbu46\toolbaru.dll” [“IE Toolbar”]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
“MenuText” = “Sun Java Console”
“CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}”
-> {HKCU…CLSID} = “Java Plug-in”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”]
-> {HKLM…CLSID} = “Java Plug-in 1.5.0_06”
\InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”]
Miscellaneous IE Hijack Points
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<> “{855F3B16-6D32-4fe6-8A56-BBB695989046}” = (no title provided)
-> {HKLM…CLSID} = “ICQ Toolbar”
\InProcServer32(Default) = “C:\Program Files\ICQToolbar\tbu46\toolbaru.dll” [“IE Toolbar”]
Running Services (Display Name, Service Name, Path {Service DLL}):
AntiVir PersonalEdition Classic Guard, AntiVirService, “C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe” [“AVIRA GmbH”]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, “C:\Program Files\AntiVir PersonalEdition Classic\sched.exe” [“Avira GmbH”]
Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”]
BlueSoleil Hid Service, BlueSoleil Hid Service, “D:\instalki\bluetooth\BTNtService.exe” [null data]
InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Nero AG”]
iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”]
Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\system32\wbem\wmiapsrv.exe” [MS]
LightScribeService Direct Disc Labeling Service, LightScribeService, ““C:\Program Files\Common Files\LightScribe\LSSrvc.exe”” [“Hewlett-Packard Company”]
lxcc_device, lxcc_device, “C:\WINDOWS\system32\lxcccoms.exe -service” [“Lexmark International, Inc.”]
StarWind iSCSI Service, StarWindService, “D:\alkohol 120%\Alcohol 120\StarWind\StarWindService.exe” [“Rocket Division Software”]
Print Monitors:
HKLM\System\CurrentControlSet\Control\Print\Monitors\
3300 Series Port\Driver = “lxcclmpm.DLL” [“Lexmark International, Inc.”]
Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS]
PDFCreator\Driver = “pdfcmnnt.dll” [null data]
<>: Suspicious data at a malware launch point.
<>: Suspicious data at a browser hijack point.
-
This report excludes default entries except where indicated.
-
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
- The search for DESKTOP.INI DLL launch points on all local fixed drives
took 94 seconds.
---------- (total run time: 144 seconds)
Oba logi czyste.
Ewido znalazł tylko całkowicie niegroźne ciasteczka. Możesz je usunąć (np. przy pomocy darmowego programu ATF Cleaner) ale po wykonaniu tej czynności możesz stracić np. automatyczne logowanie na forach internetowych.
dzięki, pozdrawiam