Mam spyware - proszę o radę, jeśli można

spartan · 23 Sierpień 2006 18:22

Czesc

Zeskanowałem komputer aplikacjami antyspyware i oto wyniki:

Ad-Aware SE Personal 1.0.6 nic nie wykrył

Webroot Spy Sweeper 4.0

Scan results: Trojan Horse RTB666

HKLM\Software\currentversion\run\ ||zasobnik systemowy

Sprawdziłem w regedit jest:

System Tray “SysTray.exe”

Zasonik systemowy “SysTray.exe”

Według opinii użytkowników z dobreprogramy.com

losmaolos | IPHASH : 5W-VU-TK-GU | 08.03.2005, 22:05 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [pl] program posiada modul szpiegowski.Ad-Watch Ad aware wykryl to przy isntalacji.Sa problemy z deinstalacja.Odradzam ten program!!! Czy to prawda? Dlaczego Spy Sweeper wprowadza w błąd? — Spybot - Search Destroy version: 1.4 (build: 20050523) — Smitfraud-C.: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\tool1.exe Smitfraud-C.: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\tool2.exe Smitfraud-C.: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\tool3.exe Smitfraud-C.: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\tool4.exe Smitfraud-C.: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\tool5.exe Smitfraud-C.: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\SYSTEM\paytime.exe Bearshare: Identyfikator klasy (Klucz rejestru, nothing done) HKEY_CLASSES_ROOT\CLSID{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Bearshare: Interfejs (Klucz rejestru, nothing done) HKEY_CLASSES_ROOT\Interface{C285D18D-43A2-4AEF-83FB-BF280E660A97} Bearshare: Klasa Root (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader Bearshare: Klasa Root (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\RunMSC.Loader.1 Bearshare: Identyfikator klasy (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\CLSID{9F95F736-0F62-4214-A4B4-CAA6738D4C07} Bearshare: Biblioteka typów (Klucz rejestru, nothing done) HKEY_CLASSES_ROOT\TypeLib{905D0DF2-3A0A-4D94-853C-54A12A745905} Bearshare: Ustawienia (Klucz rejestru, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Magnet\Handlers\Bearshare Torpig: Plik wykonywalny (Plik, nothing done) C:\WINDOWS\kl.exe Ręcznie wyszukałem w systemie to co wskazał spybot (według opisu systemowego wszystko utworzone tego samego dnia i o tej samej porze - 28-07-06, 14:00): C:\WINDOWS\tool1.exe C:\WINDOWS\tool2.exe C:\WINDOWS\tool3.exe C:\WINDOWS\tool4.exe C:\WINDOWS\tool5.exe C:\WINDOWS\kl.exe C:\WINDOWS\SYSTEM\paytime.exe C:\WINDOWS\SYSTEM\countrydial.exe Dodatkowo znalazłem 2 dziwne pliki bez rozszerzenia (utworzone w tej samym czasie co powyższe): C:\WINDOWS\hosts 0KB C:\WINDOWS\uniq 0kB Co z tego mogę bezpiecznie usunąć?

Myszak · 23 Sierpień 2006 18:25

Daj log z Silent Runners – tu masz opis.

Daj log z HijackThis – tu masz opis.

nie wprowadza. Program czysty.

Podrzuć te logi co pisałem zobaczymy co siedzi a co nie

spartan · 24 Sierpień 2006 10:14

Logi z HijackThis i Silent Runners:

HijackThis

Logfile of HijackThis v1.99.1 Scan saved at 09:29:11, on 06-08-24 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\INTERNAT.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\CYBERLINK DVD SOLUTION\POWERDVD\PDVDSERV.EXE C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM…\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\Run: [Zasobnik systemowy] SysTray.Exe O4 - HKLM…\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - HKLM…\RunServices: [ccEvtMgr] “C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe” O4 - HKLM…\RunServices: [ccSetMgr] “C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe” O4 - HKLM…\RunServices: [scriptBlocking] “C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg O4 - HKLM…\RunServices: [ccProxy] C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE O4 - HKLM…\RunServices: [sndSrvc] C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE O4 - HKCU…\Run: [Gadu-Gadu] “C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray O12 - Plugin for .pcg: C:\PROGRA~1\INTERN~1\PLUGINS\nppcgplg.dll O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

Silent Runners

“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\PROGRAM FILES\GADU-GADU\GG.EXE” /tray” [“sms-express.com”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “ScanRegistry” = “C:\WINDOWS\scanregw.exe /autorun” [MS] “TaskMonitor” = “C:\WINDOWS\taskmon.exe” [MS] “SystemTray” = “SysTray.Exe” [MS] “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “Zasobnik systemowy” = “SysTray.Exe” [MS] “StillImageMonitor” = “C:\WINDOWS\SYSTEM\STIMON.EXE” [MS] “RemoteControl” = ““C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [","] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRAM FILES\NEOSTRADA TP\taskbaricon.exe” [“France Télécom R&D”] “ccApp” = ““C:\Program Files\Common Files\Symantec Shared\ccApp.exe”” [“Symantec Corporation”] “Symantec Core LC” = “C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start” [“Symantec Corporation”] “Symantec NetDriver Monitor” = “C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer” [“Symantec Corporation”] “SpySweeper” = ““C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE” /startintray” [“Webroot Software, Inc.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme” [MS] “SchedulingAgent” = “mstask.exe” [MS] “ccEvtMgr” = ““C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe”” [“Symantec Corporation”] “ccSetMgr” = ““C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe”” [“Symantec Corporation”] “ScriptBlocking” = ““C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe” -reg” [“Symantec Corporation”] “ccProxy” = “C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE” [“Symantec Corporation”] “SndSrvc” = “C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE” [“Symantec Corporation”] “KB918547” = “C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE” [MS] “KB891711” = “C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {9ECB9560-04F9-4bbc-943D-298DDF1699E1}(Default) = “Web assistant” -> {HKLM…CLSID} = “CNisExtBho Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll” [“Symantec Corporation”] {BDF3E430-B101-42AD-A544-FADC6B084872}(Default) = “NAV Helper” -> {HKLM…CLSID} = “CNavExtBho Class” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{FEB7DAE0-E111-11D0-BFD7-444553540000}” = “ICEOWS” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] “{2E9D3540-211C-11d0-A5F2-00A0248C37BE}” = “Nero Shell Extension Property Sheet” -> {HKLM…CLSID} = “Nero Shell Extension Property Sheet” \InProcServer32(Default) = “C:\Program Files\Ahead\nero\neroshx.dll” [“Ahead Software AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “C:\WINDOWS\SYSTEM\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}” -> {HKLM…CLSID} = “IEContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] SpySweeper(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” -> {HKLM…CLSID} = “Webroot Spy Sweeper Context Menu Integration” \InProcServer32(Default) = “C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL” [“Webroot Software, Inc.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Scheduled Tasks: ------------------------ “Rozpoczęcie aplikacji dostrajania” -> launches: “walign” [MS] “Symantec NetDetect” -> launches: “C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE” [“Symantec Corporation”] “Norton AntiVirus - Skanuj komputer” -> launches: “C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:“C:\WINDOWS\All Users\Dane aplikacji\Symantec\Norton AntiVirus\Tasks\mycomp.sca”” [“Symantec Corporation”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}” -> {HKLM…CLSID} = “Web assistant” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll” [“Symantec Corporation”] “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}” = “Web assistant” -> {HKLM…CLSID} = “Web assistant” \InProcServer32(Default) = “C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll” [“Symantec Corporation”] “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus” -> {HKLM…CLSID} = “Norton AntiVirus” \InProcServer32(Default) = “C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll” [“Symantec Corporation”] Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome” Missing lines (compared with English-language version): [strings]: 2 lines Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzs9x07\Driver = “hpzs9x07.dll” [“HP”] usbmon.dll\Driver = “usbmon.dll” [MS] PDFCreator\Driver = “pdfcmn95.dll” [null data] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 10 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 7 seconds. ---------- (total run time: 32 seconds)

Miałem trochę problemów ze skryptem Silent Runners, Norton Internet Security uporczywie twierdzi że jest on groźny i uporczywie go blokuje. Można coś z tym poradzić. Może dodać go do zaufanych programów, ale czy to bezpieczne?

Złączono Posta : 24.08.2006 (Czw) 12:20

To dlaczego jest napisane że siedzi w zasobniku Trojan Horse RTB666. Chyba tak być nie powinno? Podnosi fałszywy alarm dlatego, że jest za czuły w skanowaniu? Czy co?

Myszak · 24 Sierpień 2006 10:29

Logi są ok.

:hmmm: Pokaż ten komunikat SpySweepera. Program sam w sobie jest ok. Możliwe, że coś wykrył. Pokaż ten komunikat.

spartan · 24 Sierpień 2006 11:05

Webroot Spy Sweeper 4.0 Pokazał tylko to:

Scieżki i klucze z [“Raphaël MOUNIER”] i “Volet Wanadoo” co to jest?

Dziwne te nazwy. Pierwszy jak ksywa malarza, drugi jak slogan domu publicznego :mrgreen:

Reszta domyślam się mniej więcej czego się odnosi.

Myszak · 24 Sierpień 2006 11:10

najprościej rzecz ujmując - od neo. :hmmm:

spartan · 24 Sierpień 2006 11:45

Dzięki :mrgreen: