
Mam WINXP SP1, Nod'a32, SpyEmergency2005, Spybot'a a oprocz tego chciałem zabezpieczyć porty programem wwdc. Ale za każdym razem jak go uruchamiam pokazuje mi się że mam wirusa.
 
Wwdc pokazuje mi że Netbios bedzie zamkniety po restarcie sytemu lecz za każdym razem nic się nie zmienia. żaden z programów antywirusowych i spywarowych niczego nie wykrył.
Zaznaczyłem wyłaczenie przywracania systemu, zrestartowałem kompa uruchomiłem w trybie awaryjnym na swoim koncie i wwdc pokazał mi ze system jest zabezpieczony. Wróciłem do trybu normalnego i znowu wirus.
Co to może być ?
Pomóżcie.
Dołączam loga i sillent runnera
- Kod: Zaznacz wszystko
- Logfile of HijackThis v1.99.1
 Scan saved at 00:12:26, on 2006-01-17
 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\Program Files\Eset\nod32kui.exe
 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
 C:\PROGRA~1\FREEDO~1\fdm.exe
 C:\Program Files\Skype\Phone\Skype.exe
 C:\Program Files\Gadu-Gadu\gg.exe
 C:\Program Files\NetMeter\NetMeter.exe
 C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
 C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
 C:\WINDOWS\System32\drivers\CDAC11BA.EXE
 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
 C:\Program Files\Eset\nod32krn.exe
 C:\WINDOWS\System32\nvsvc32.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\System32\wuauclt.exe
 C:\Downloads\HijackThis.exe
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
 O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
 O4 - HKCU\..\Run: [NOD32] C:\\Program Files\\ESET\\nod32krn.exe
 O4 - HKCU\..\Run: [nod] C:\\Program Files\\ESET\\nod32kui.exe
 O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
 O4 - HKCU\..\Run: [Free Download Manager] C:\PROGRA~1\FREEDO~1\fdm.exe -autorun
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
 O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
 O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
 O8 - Extra context menu item: Pobierz stronę WEB z Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
 O8 - Extra context menu item: Pobierz wszystko z Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
 O8 - Extra context menu item: Pobierz z Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
 O8 - Extra context menu item: Pobierz zaznaczenie z Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137186573062
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137424089939
 O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
 O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
- Kod: Zaznacz wszystko
- "Silent Runners.vbs", revision 43, http://www.silentrunners.org/
 Operating System: Windows XP
 Output limited to non-default values, except where indicated by "{++}"
 Startup items buried in registry:
 ---------------------------------
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "NOD32" = "C:\\Program Files\\ESET\\nod32krn.exe" ["Eset "]
 "nod" = "C:\\Program Files\\ESET\\nod32kui.exe" ["Eset "]
 "PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]
 "Free Download Manager" = "C:\PROGRA~1\FREEDO~1\fdm.exe -autorun" [empty string]
 "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
 "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"]
 "C:\Program Files\NetMeter\NetMeter.exe" = "C:\Program Files\NetMeter\NetMeter.exe" [null data]
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
 "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
 "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
 "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
 "Look 'n' Stop" = ""C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto" [file not found]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
 {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
 HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
 -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
 "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
 -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
 "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
 -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
 "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
 -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
 "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
 -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
 "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
 -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 "{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
 "{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
 "{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"]
 "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
 "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
 "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
 -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
 "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
 "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
 "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
 "{2E9FFF5C-4375-494d-951F-098BAA42239E}" = "Spy Emergency Extension"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spy Emergency 2005\SpyEmergencyExt.dll" ["NETGATE"]
 "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
 "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
 HKLM\System\CurrentControlSet\Control\Session Manager\
 INFECTION WARNING! "BootExecute" = "autocheck autochk * SsiEfr.e" [file not found], [MS], [file not found], [file not found]
 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
 INFECTION WARNING! WRNotifier\DLLName = "WRLogonNTF.dll" [file not found]
 HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
 NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
 SpyEmergency\(Default) = "{2E9FFF5C-4375-494d-951F-098BAA42239E}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spy Emergency 2005\SpyEmergencyExt.dll" ["NETGATE"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
 SpyEmergency\(Default) = "{2E9FFF5C-4375-494d-951F-098BAA42239E}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spy Emergency 2005\SpyEmergencyExt.dll" ["NETGATE"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
 NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
 SpyEmergency\(Default) = "{2E9FFF5C-4375-494d-951F-098BAA42239E}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spy Emergency 2005\SpyEmergencyExt.dll" ["NETGATE"]
 WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
 WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
 -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
 Active Desktop and Wallpaper:
 -----------------------------
 Active Desktop is disabled at this entry:
 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 HKCU\Control Panel\Desktop\
 "Wallpaper" = "C:\Documents and Settings\user\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp"
 Enabled Screen Saver:
 ---------------------
 HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
 Winsock2 Service Provider DLLs:
 -------------------------------
 Namespace Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
 Transport Service Providers
 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
 C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 18
 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 17
 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10
 Toolbars, Explorer Bars, Extensions:
 ------------------------------------
 Extensions (Tools menu items, main toolbar menu buttons)
 HKLM\Software\Microsoft\Internet Explorer\Extensions\
 {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
 "MenuText" = "Sun Java Console"
 "CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
 -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
 Running Services (Display Name, Service Name, Path {Service DLL}):
 ------------------------------------------------------------------
 C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
 Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
 NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]
 NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
 ----------
 + This report excludes default entries except where indicated.
 + To see *everywhere* the script checks and *everything* it finds,
 launch it from a command prompt or a shortcut with the -all parameter.
 + The search for DESKTOP.INI DLL launch points on all local fixed drives
 took 29 seconds.
 + The search for all Registry CLSIDs containing dormant Explorer Bars
 took 24 seconds.
 ---------- (total run time: 115 seconds)
Dzięki i pozdrawiam.
Aha dodam jeszcze że ten numer przy virtual memory usage ......Ko z ponownym uruchomieniem wwdc sie zmienia.

 
	
 
 


