olcia1990 utworzono 3 marca 2007 utworzono 3 marca 2007 Walczę z nim ponad miesiąc i nie mogę sobie poradzić. Tylko nie piszcie, żeby robić coś w trybie awaryjnym bo nie da się go włączyć (chyba właśnie przez tego wirusa). Bardzo proszę o pomoc bo z moim kompem jest z dnia na dzień coraz gorzej.
nazir komentarz 3 marca 2007 komentarz 3 marca 2007 Pobierz jakiś program antywirusowy i przeskanuj komputer. Jeżeli coś wykryje to usuń to, jeżeli to nic nie pomoże to pozostanie formatowanie dysku. Niektóre trojany są skomplikowane i wcale tak łatwo nie idzie ich usunąć.
olcia1990 komentarz 3 marca 2007 Autor komentarz 3 marca 2007 Większość programów się wyłącza w trakcie skanowania (sama). Jedyne co działa to Spy Sweeper i on go wykrywa ale ale nie usuwa. Program jest co prawda po angielsku i nie wszystko rozumiem ale z tego co sie zorientowałam to po prostu nie ma tam takiej opcji. Co mam zrobić?
nazir komentarz 3 marca 2007 komentarz 3 marca 2007 Wejdź jeszcze w Menadżer Zadań Windows (CTRL+ALT+DELTE) i zobacz na zakładkę procesy. Może tam rozpoznasz jakiś podejrzany proces, jeżeli tak to go wyłącz. Co do antywirusa, pobierz testową wersję programu NOD32 i nim spróbuj przeskanować dyski twarde.
Aqui komentarz 4 marca 2007 komentarz 4 marca 2007 Wklej logi z Hijackthis i Silentrunners opis--> http://www.pcboard.pl/viewtopic.php?t=13
olcia1990 komentarz 4 marca 2007 Autor komentarz 4 marca 2007 Przeskanowałam Nodem kompa i wykasowałam to co znalazł ale nie pomogło. Trojan nadal jest. Co do Menadżera to dla mnie tam jest chyba z 10 podejrzanych procesów ale boję się to ruszać bo podobno jak się nie jest pewnym to można tam skasować ważne rzeczy (tak czytałam nie wiem czy to prawda). To są logi. Nie wchodziłam na tamtą stronę bo tam bym się musiała logować i w ogóle. Ale logi umiem robić. Logfile of HijackThis v1.99.1 Scan saved at 20:16:18, on 2007-03-04 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSSYSTEM32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:Program FilesIVT CorporationBlueSoleilBTNtService.exe C:Program Filesewido anti-spyware 4.0guard.exe C:WINDOWSExplorer.EXE C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe C:Program FilesEsetnod32krn.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsoundman.exe C:PROGRA~1NEOSTR~1CnxMon.exe C:PROGRA~1NEOSTR~1TaskbarIcon.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesK-Lite Codec PackQuickTimeqttask.exe C:Program FilesCommon FilesRealUpdate_OBrealsched.exe C:WINDOWSSystem32spoolDRIVERSW32X863fppdis3a.exe C:Program FilesCyberLinkPowerDVDPDVDServ.exe C:Program FilesDAEMON Toolsdaemon.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesEsetnod32kui.exe C:Program FilesWebrootSpy SweeperSpySweeperUI.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesMessengermsmsgs.exe C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe C:Program FilesiPodbiniPodService.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesWebrootSpy SweeperSpySweeper.exe C:PROGRA~1NEOSTR~1NeostradaTP.exe C:PROGRA~1NEOSTR~1ComComp.exe C:PROGRA~1NEOSTR~1Watch.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesWebrootSpy SweeperSSU.EXE C:programy do tworzenia logówhijackthisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://szukaj.wp.pl R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.tv.wp.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] "nwiz.exe" /install O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [soundMan] soundman.exe O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe O4 - HKLM..Run: [bearShare] "C:Program FilesBearShareBearShare.exe" /pause O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe" O4 - HKLM..Run: [QuickTime Task] "C:Program FilesK-Lite Codec PackQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [pdfFactory Dyspozytor v3] "C:WINDOWSSystem32spoolDRIVERSW32X863fppdis3a.exe" /source=HKLM O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [DAEMON Tools] "C:Program FilesDAEMON Toolsdaemon.exe" -lang 1045 O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k O4 - HKLM..Run: [nod32kui] "C:Program FilesEsetnod32kui.exe" /WAITSERVICE O4 - HKLM..Run: [spySweeper] C:Program FilesWebrootSpy SweeperSpySweeperUI.exe /startintray O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Odkurzacz-MCD] "C:Program FilesOdkurzaczodk_mcd.exe" O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe O4 - Global Startup: Kalendarz XP.lnk = E:Kalendarz XPStart.exe O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/121c7a2cef1ef4...ip/RdxIE601.cab O17 - HKLMSystemCCSServicesTcpip..{D6D1BADD-0C90-4DFE-A695-3C5D39E2AB13}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:Program FilesIVT CorporationBlueSoleilBTNtService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:Program Filesewido anti-spyware 4.0guard.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:Program FilesEsetnod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS] "MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS] "Odkurzacz-MCD" = ""C:Program FilesOdkurzaczodk_mcd.exe"" ["Franmo Software"] "odk_mcd" = "(empty string)" [file not found] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"] "NvCplDaemon" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] "nwiz" = ""nwiz.exe" /install" ["NVIDIA Corporation"] "NvMediaCenter" = ""RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit" [MS] "SoundMan" = "soundman.exe" ["Avance Logic, Inc."] "WooCnxMon" = "C:PROGRA~1NEOSTR~1CnxMon.exe" [empty string] "WOOWATCH" = "C:PROGRA~1NEOSTR~1Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:PROGRA~1NEOSTR~1TaskbarIcon.exe" ["France Télécom R&D"] "BearShare" = ""C:Program FilesBearShareBearShare.exe" /pause" [file not found] "iTunesHelper" = ""C:Program FilesiTunesiTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:Program FilesK-Lite Codec PackQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = ""C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot" ["RealNetworks, Inc."] "pdfFactory Dyspozytor v3" = ""C:WINDOWSSystem32spoolDRIVERSW32X863fppdis3a.exe" /source=HKLM" ["FinePrint Software, LLC"] "RemoteControl" = ""C:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."] "DAEMON Tools" = ""C:Program FilesDAEMON Toolsdaemon.exe" -lang 1045" ["DT Soft Ltd."] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [null data] "KernelFaultCheck" = "%systemroot%system32dumprep 0 -k" [MS] "AT-Watch" = "(empty string)" [file not found] "nod32kui" = ""C:Program FilesEsetnod32kui.exe" /WAITSERVICE" ["Eset "] "SpySweeper" = "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe /startintray" ["Webroot Software, Inc."] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" InProcServer32(Default) = "C:Program FilesiTunesiTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{4EFE464B-3D0B-4800-A5DE-2321283A3256}" = "QCD IconHandler" -> {HKLM...CLSID} = "QIconHandler Class" InProcServer32(Default) = "C:Program FilesQuintessential PlayerQCDIcons.dll" [file not found] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" InProcServer32(Default) = "C:WINDOWSsystem32Audiodev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" InProcServer32(Default) = "C:Program FilesRealRealPlayerrppluginsierpplug.dll" [file not found] "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" InProcServer32(Default) = "C:PROGRA~1WebrootSPYSWE~1SSCtxMnu.dll" ["Webroot Software, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> WRNotifierDLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."] NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] VIDEOTRANS(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}" -> {HKLM...CLSID} = "AmvTransform Class" InProcServer32(Default) = "C:Program FilesMP3 Player Utilities 3.68AMVToolsAmvTransform.dll" [empty string] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers ewido anti-spyware(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" InProcServer32(Default) = "C:Program Filesewido anti-spyware 4.0context.dll" ["Anti-Malware Development a.s."] jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] jetAudio(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" InProcServer32(Default) = "C:Program FilesJetAudioJetFlExt.dll" ["JetAudio, Inc."] NOD32 Context Menu Shell Extension(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" InProcServer32(Default) = "C:Program FilesEsetnodshex.dll" [null data] SpySweeper(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" InProcServer32(Default) = "C:PROGRA~1WebrootSPYSWE~1SSCtxMnu.dll" ["Webroot Software, Inc."] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "C:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesAllFilesystemObjectsshellexContextMenuHandlers SpySweeper(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" InProcServer32(Default) = "C:PROGRA~1WebrootSPYSWE~1SSCtxMnu.dll" ["Webroot Software, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsOLGAUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "C:WINDOWSTIZIAN~1.SCR" (TizianoFerro.scr) [null data] Startup items in "OLGA" & "All Users" startup folders: ------------------------------------------------------ C:Documents and SettingsAll UsersMenu StartProgramyAutostart "BlueSoleil" -> shortcut to: "C:Program FilesIVT CorporationBlueSoleilBlueSoleil.exe" ["IVT Corporation"] "DSLMON" -> shortcut to: "C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe /W" [empty string] "Kalendarz XP" -> shortcut to: "E:Kalendarz XPStart.exe" [null data] Enabled Scheduled Tasks: ------------------------ "wrSpySweeperTrialSweep" -> launches: "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe /ScheduleSweep=wrSpySweeperTrialSweep" ["Webroot Software, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:WINDOWSsystem32imon.dll ["Eset "], 01 - 05, 25 %SystemRoot%system32mswsock.dll [MS], 06 - 08, 11 - 24 %SystemRoot%system32rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars HKLMSoftwareClassesCLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = "Volet Wanadoo" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] HKLMSoftwareClassesCLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = "ToolBand Class" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] HKLMSoftwareClassesCLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = "Volet Wanadoo" Implemented Categories{00021494-0000-0000-C000-000000000046} [horizontal bar] InProcServer32(Default) = "C:PROGRA~1NEOSTR~1audienceaudience.dll" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] BlueSoleil Hid Service, BlueSoleil Hid Service, "C:Program FilesIVT CorporationBlueSoleilBTNtService.exe" [null data] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:Program Filesewido anti-spyware 4.0guard.exe" ["Anti-Malware Development a.s."] Harmonogram automatycznej usługi LiveUpdate, Harmonogram automatycznej usługi LiveUpdate, ""C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe"" ["Symantec Corporation"] iPodService, iPodService, "C:Program FilesiPodbiniPodService.exe" ["Apple Computer, Inc."] NOD32 Kernel Service, NOD32krn, ""C:Program FilesEsetnod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"] Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:Program FilesWebrootSpy SweeperSpySweeper.exe"" ["Webroot Software, Inc."] Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors FPP3:Driver = "fppmon3.dll" ["FinePrint Software, LLC"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 146 seconds, including 8 seconds for message boxes) Da się z tym coś zrobić?? [ Dodano: 2007-03-07, 20:39 ] :cry: Proszę pomóżcie [ Dodano: 2007-03-12, 18:22 ] Naprawdę nikt nie jest w stanie mi pomóc?
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.