Prosba o sprawdzenie loga


(Tom) #1

CZESC. prosze o sprawszenie tego logo, poniewaz strasznie wolno dziala moj komputer, i strony sie laduja, a ponadto mam jekies poskuctwo na stronie startowej w ie i nie da sie tego zmienic.

Logfile of HijackThis v1.98.1

Scan saved at 16:55:48, on 2004-09-16

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\CMEII\CMESys.exe

C:\Program Files\Save\Save.exe

C:\Program Files\VVSN\VVSN.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\windows\system32\sp2ctr.exe

C:\windows\system32\sncntr.exe

C:\WINDOWS\system32\ossproxy.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\BullsEye Network\bin\bargains.exe

E:\Program Files\BearShare\BearShare.exe

E:\Program Files\Winamp\Winampa.exe

E:\Program Files\eDonkey2000\eDonkey2000.exe

C:\program files\micore\runc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\mslagent\mslagent_.exe

C:\WINDOWS\System32\rundll32.exe

E:\Program Files\BearShare\BearShare.exe

c:\progra~1\intern~1\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

E:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Common Files\GMT\GMT.exe

E:\Program Files\Kalendarz XP\Kalendarz.exe

E:\Program Files\MP3Dancer\MP3Dancer.exe

E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\WINDOWS\System32\devldr32.exe

E:\Program Fils\iMesh\Client\iMeshClient.exe

c:\windows\system32\vnkoansd.exe

E:\Program Files\mozilla.org\Mozilla\mozilla.exe

C:\program files\micore\micore.exe

C:\Documents and Settings\Tomasz\Pulpit\hijackthis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discoverychannel.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.stfkaixlraac.info/rUlOonhupR4loefNaqGINqT2mCDlGBOe7ivWE4JaSCdxQt3BhfU6ZXEdyeCogUoV.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = c:\searchpage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: C:\WINDOWS\lbbho.dll - {E16A99CC-4FB6-4C83-B51D-19A6B39517DA} - C:\WINDOWS\lbbho.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm

O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [OSSProxy] C:\WINDOWS\system32\ossproxy.exe -boot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [buildhold] C:\PROGRA~1\DASHSE~1\Five Surf Grid.exe

O4 - HKLM\..\Run: [BearShare] "e:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [16 skip tool mix] C:\Documents and Settings\All Users\Dane aplikacji\Upload creative 16 skip\mail clock.exe

O4 - HKLM\..\Run: [WinampAgent] "e:\Program Files\Winamp\Winampa.exe"

O4 - HKLM\..\Run: [eDonkey2000] e:\Program Files\eDonkey2000\eDonkey2000.exe -t

O4 - HKLM\..\Run: [VNKOANSD] c:\windows\system32\vnkoansd.exe /install

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe

O4 - HKCU\..\Run: [micore] \program files\micore\runc.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\mslagent_.exe

O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1016.dll,InstantAccess

O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Skype] "e:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Shareaza] "e:\Program Files\Shareaza\Shareaza.exe" -tray

O4 - HKCU\..\Run: [LANczat] e:\Program Files\LANczat\LANczat.exe

O4 - Startup: iMesh.lnk = E:\Program Fils\iMesh\Client\iMeshClient.exe

O4 - Startup: MP3 Dancer.lnk = E:\Program Files\MP3Dancer\MP3Dancer.exe

O4 - Global Startup: Kalendarz XP.lnk = E:\Program Files\Kalendarz XP\Start.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Download by NetAnts - E:\PROGRA~1\NetAnts\NAGet.htm

O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NetAnts\NAGetAll.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NetAnts\NetAnts.exe

O9 - Extra button: Microsoft® JavaScript® Console - {663F83D0-0715-4AC5-86C3-2F0C44E280E9} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra 'Tools' menuitem: JavaScript Console - {663F83D0-0715-4AC5-86C3-2F0C44E280E9} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)

O9 - Extra button: (no name) - {92D12339-56B0-4554-BBE6-8170A9F14F31} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra button: Microsoft® JavaScript® Console - {A9ED54B7-4ECC-4D86-AD79-CF9D343DC39E} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra 'Tools' menuitem: JavaScript Console - {A9ED54B7-4ECC-4D86-AD79-CF9D343DC39E} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\acc-kazemule\local.htm (file missing)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: Microsoft® JavaScript® Console - {E7B3490E-D7CD-4046-AD29-82B3423F4B4D} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra 'Tools' menuitem: JavaScript Console - {E7B3490E-D7CD-4046-AD29-82B3423F4B4D} - C:\WINDOWS\System32\COMDLG32.OCX

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)

O9 - Extra button: Microsoft® JavaScript® Console - {A9ED54B7-4ECC-4D86-AD79-CF9D343DC39E} - C:\WINDOWS\System32\COMDLG32.OCX (HKCU)

O9 - Extra button: (no name) - {E7B3490E-D7CD-4046-AD29-82B3423F4B4D} - C:\WINDOWS\System32\COMDLG32.OCX (HKCU)

O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .exe: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O13 - DefaultPrefix: c:\searchpage.html?page=

O13 - WWW Prefix: c:\searchpage.html?page=

O13 - Home Prefix: c:\searchpage.html?page=

O13 - Mosaic Prefix: c:\searchpage.html?page=

O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_EN_XP.cab

O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN_XP.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab

O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/en/SysWebTelecom.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D7E98A69-0A83-464A-8E07-DC142473D6ED}: NameServer = 192.168.3.1,193.193.75.1

z gory dziekuje za fatyge


(Golden Finger) #2
C:\windows\system32\sp2ctr.exe 

C:\windows\system32\sncntr.exe 


Z opisow wynika, że jest to trojan


O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm 

O4 - HKLM\..\Run: [sncntr] c:\windows\system32\sncntr.exe /nocomm


R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html 

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.discoverychannel.pl/ 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.stfkaixlraac.info/rUlOonhupR4loefNaqGINqT2mCDlGBOe7ivWE4JaSCdxQt3BhfU6ZXEdyeCogUoV.htm 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = c:\searchpage.html


R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) 

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) 

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL 

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll 

O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll


O2 - BHO: C:\WINDOWS\lbbho.dll - {E16A99CC-4FB6-4C83-B51D-19A6B39517DA} - C:\WINDOWS\lbbho.dll 

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll


O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file) 

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

-----------------------------------------------------

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe


To wyłącz

-------------------------------------------------------

O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe 


RunDLL16.exe - do usunięcia, z opisów wynika, że jest to wirus :( 

-------------------------------------------------------

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)


O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm 


O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) 

O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)


O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU) 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net 

O10 - Hijacked Internet access by New.Net


O13 - DefaultPrefix: c:\searchpage.html?page= 

O13 - WWW Prefix: c:\searchpage.html?page= 

O13 - Home Prefix: c:\searchpage.html?page= 

O13 - Mosaic Prefix: c:\searchpage.html?page= 


O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab 


To jest toolbar od "pornoli", więc usuń


O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/en/SysWebTelecom.cab

------------------------------------------------------------------

O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab 

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1016_EN_XP.cab 

O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN_XP.cab 

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab 

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab 


To też bym usunął :( ponieważ dotyczą stron porno

-------------------------------------------------------------------------

Nie masz SP1 do XP więc nie masz poprawek do systemu :frowning:

Do czyszczenia systemu wyłącz przywracanie systemu i uruchom system w trybie awaryjny.

http://www.dobreprogramy.pl/index.php?d ... d=188&t=55

Ściągnij program z podanego linku, uaktualnij i przeskanuj system.

Pozdrawiam :okulary:


(Xiao19) #3

zrob skan tymi skanerami AV

--mks_vir--

http://skaner.mks.com.pl

--F-Secure--

http://support.f-secure.com/enu/home/ols.shtml

--GeCAD (RAV)--

http://www.ravantivirus.com/scan/

zainstaluj takze taki programik chociarz ,ze wzgledu ze niemasz

SP1

--Windows Worms Doors Cleaner v1.4.1--

program do zamykania portów z których korzystają trojany

(Worm,Blaster,Sasser),wylącza porty odpowiedzialne za DCDM RPC

czy RPC Locator (przepelnienie buforu systemowego), czy usluge NetBIOS oraz UPNP itd.

http://www.firewallleaktester.com/tools/wwdc.exe