sywsvcs - sywsvcs.exe - Process Information
Process File: sywsvcs or sywsvcs.exe
Process Name: Trojan.SYWSVCS.Process
Description:
sywsvcs.exe is a process which is registered as the Trojan.SYWSVCS.Process. This Trojan allows attackers to access your computer, stealing passwords, Internet banking and personal data. It is a registered security risk and should be removed immediately.
TIMESSQUARE - TIMESSQUARE.EXE - Process Information
Process File: TIMESSQUARE or TIMESSQUARE.EXE
Process Name: Trojan.Times Square.Process
Description:
TIMESSQUARE.EXE is a process which is registered as the Times Square.Process Trojan. This Trojan allows attackers to access your computer, stealing passwords, Internet banking and personal data. It is a registered security risk and should be removed immediately.
winlogon - winlogon.exe - Process Information
Process File: winlogon or winlogon.exe
Process Name: Microsoft Windows Logon Process
Description:
WinLogon.exe is the Windows NT login manager. It handles the login and logout procedures on your system. This process is an essential part of your OS and should be left alone.
Note: winlogon.exe is also a process which is registered as the W32.Netsky.D@mm worm and the Backdoor.Prorat Trojan. The Netsky.D@mm worm is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
iexplore - iexplore.exe - Process Information
Process File: iexplore or iexplore.exe
Process Name: Microsoft Internet Explorer
Description:
iexplore.exe is the main executable for Microsoft Internet Explorer. This Microsoft Windows application allows you to surf the web, and local intranets. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.
iexplore.exe is a process also relating to the Avant Internet Browser, a free plugin for Internet Explorer which offers additional features.
Note: iexplore.exe is also registered as the Trojan.KillAV.B and W32.Mogi virus, which systematically attempts to disable your AntiVirus solutions, lower system security and also affects some windows system tools. This is a registered security risk and should be removed immediately.
Note: iexplore.exe is also a process which is registered as the W32.Comdor.K@mm mass mailing worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine which means it gathers E-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
Usuń poniższe wpisy
C:\WINDOWS\inet20003\winlogon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\winlogon.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.12.dll
O4 - HKLM\..\Run: [MSOffice32] C:\WINDOWS\system32\msjcf.exe
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe
O4 - HKLM\..\Run: [MNI.UWFX5V_0001_LP1710] "C:\Documents and Settings\Daniel\Pulpit\DC++\Programy\WinFixer2005ScannerInstallFRA.exe"
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
sprawdź klucz Rejestru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Jeśli tam występuje wpis ibm00001.exe - usuń pozycję.
To samo zrób w msconfig.
Wyłącz przywracanie systemu, działaj w trybie awaryjnym.
Asterisk podał Ci linka do tematu, jak usuwać wpisy poprzez program HijackThis. Skorzystaj z opisu i działaj.
Na początku posta masz opis trojanów, które są u Ciebie w systemie.
Proponuję zmienić Avasta na Antywira http://www.free-av.com/
Skorzystaj również ze skanerów online http://virusscan.jotti.org/
:okulary: