Dodaj do ulubionych

po trojanie - brak dostepu do internetu i

27.11.06, 16:32
nowy komp, nie ma miesiaca a juz cos zdpalalam :(
mam Windowsa XP i notrona jako gratis na start ;)

i znow jakis wiruch :(
ale zaczne od poczatku
postaram sie opisac jak naj bardziej dokladnie moze to pomoze wam zeby mi
pomoc :D

nie mam w domu internetu wlasnie z powodu jakiegos g...na :/
wiec pisze z kafejki :/

wczoraj zaczal mi sie po 15 zrywac internet choc lacze mam nowe od tyg ladnie
dzialalo bylo dobrze skonfigurowane i nie bylo zadnych jazd
poniewa za kilkanascie dni konczy mi sie darmowy gratis w postaci nortona
zaczelam szukac nowych programow do ochrony

wybralam Avasta
i skanowanko na dzien dobry i co ? trojanik i komunitak ze nie moze
zeskanowac ok 180 szt z archiwum :/
po ty alarmie z trojanem w ruch poszylo to co mam na kopie

Notrotem - nic nie wykryl i nie wykrywal- jak zawsze nigdy nic :|, badziewie
nie wykrywa
spyware bot - znalazl jakis zmiany w rejestrze i cookizy co zostalo usuniete
ale nie pamietam czy bylo cos jeszcze przewaznie
ufam skanerom i usuna to co znajda
Xcleaner
look2me
i zainstalowalam look'n'stop i nie wiem czemu byl on widoczy w parapetrach
lacza internetowego ? ale moze tak musialo byc nie wiem wiec go juz
odinstaowalam :)
chcialam sie przesnakowac czym jeszcze z tej kolecji
www.searchengines.pl/phpbb203/index.php?showtopic=11522 ale nie
zdarzylam bo co chwilka zrywalo polacznie internetowe.

od razy zaczelam szukac dodatkowej zapory i wahalam sie z firewalle,
zainstalowalam zone Alarm wersje free oraz Comodo, po czym nawet je obydwa
jednoczesnie uruchomilam ale ze mam osla calkowice mi zamulilo i nic nie
sciagalo juz nie wspomne ze po skonfigurowani firewalow zeby autoryzowal
osla, gg i skypa dalej co kilkanascie sek sie zawieszal a proceor mam 2x1052
(? stawiam znak ? bo nie pamietam koncowki ;) ( choc nie wiem czy to ma
jakies naczenie :/)

jednoczesnie byly uruchomione Avast, notron, SpyGuard, spyware,Comodo, Zone
wiec moze dlatego ?
z przegladarki korzystam z Mozilli


odistalowalam obydwa programy w dodaj/usun programy i za wczorajsza namowa
jednego internatuta zainstalowalam sobie Kerio ale tez mi bardzo wolno zaczal
dzialac komp wiec tego odsinalowalam

tuz po zainstalowaniu Avasta rzecz jasna mialam komunitat ze nie jest on w
pelni uruchomiony bo dalej na kompie dziala firmowy Noton wiec na chwilke do
wylaczylamNortona zeby w pelni skorzystac z ochrony Avasta - ustawilam zeby
byl Norton byl nie aktywny na 1 godzà) po czym zrestartowalam kompa
i przypuszczam ze tedy cos zlapalam :/

lub

po tym
myslama ze komp mi sie zwalnia bo ma za duzo w autostarcie ( wczesniej
korzystalam z innego dstawcy internetu i go nie odinstalowalam bo nowe lacze
dobrze smigalo i nic sie nie dzialo )
zainstalowalam easycleaner - wyczyscilam tymczasowe pliki i skorzystalam
chyba ze swojej glupoty bo usunwala prawie wszsytko co mi ten program
pokazywal :(

probowalam zrobic przywracanie sytemu ale nie sie nie udalo, probowalam tez
skanowac kompa w trybie awaryjnym i tez nic

znow wlaczylam xclenera i znalaz
zmiane w rejestrze
HKEY _ CURRENT _ USER \ Software\micrsoft\windows \ current \ vzrsion \ run,
instant acces

usunal potem pierwszy restart kompa, bo wczesniej nie moglam nawet zamknac
kompa zawieszal sie na zamykaniu sytemu i trzeba bylo go guziiem potraktowac
teraz nie mam w domu netu, choc znow sparwdzilam czy mam dobre ustawienia ,
nawet dzwonilam do operatora i u nich jest oki
a u mnie ikonka kontrolna polaczenia w prawym roku pokazuje ze stan
polaczenia jest bardzo dobry natomiast wysylanie na poziomie 0 jak i
dobieranie. ( ardes IP poprawy, ale zawiesza sie jak chce go onowic, czy
deraktywowac polaczneie i od nowa aktywyowac )

Sprawdzilam cala kofiguracje polaczenie internetowego i doopa - ustawienia sa
i byly oki

nawet teraz calego loga nie moge wkleic bo raz ze nie mam stacji dyskietek w
siebe w kopie ale moge moze nagrac na plytke cd i wrocci do kafejki i go tak
wkleic lub w ostatecznosci przepisac calego loga z hijacka :/

co jeszcze moge zrobic ?
jesli mam wkleic loga to chyba nie powinnam po nim zamykac kompa zeby zapis
sie ex wiruchow nie zmienil

jesli komus udalo sie dotrwac do konca czytajac to dziekuje i prosze o pomoc :
(


aaaaa jeszcze jedno jak chcialam urochimic pomownie plyte instalacjna od
internetu zeby sprawdzic na niej moze jakis rozwiania lacza , wczesniej
plytka sie ladnie sama startowala a teraz mam komunikat
"access violonte at address 003E493c
Read of addres 003E493C"

i nie moge jej urochomic :(

kurcze moze cos nie chacy usunelam tym badziewiem easycleaner :( choc jak
zaczela sie jazda z kompe to w kosza wszsytko wrocilo na swoje miejsce :)

teraz odnstalowalam wszsytko co zainstalowla, komp otwiera sie normalnie ale
nie mam ani dojscia do netu ani nie moge z niego sprawdzic loga :(

pomozcie jesli mozna tak na odleglosc :(


Nimeska
Obserwuj wątek
      • nimeska Re: po trojanie - brak dostepu do internetu i 27.11.06, 18:30
        Odpowiadasz na :
        Gość portalu: Kolobos napisał(a):

        > > kurcze moze cos nie chacy usunelam tym badziewiem easycleaner :(
        >
        > Zapewne.
        :(
        tylko ze jak posuwalam tym badziewiem to ze poznieje zeobilam restat tego co
        usunelam tym samym programem ale ...

        >
        > Log nagraj na pendrive pod usb o ile masz, jak nie masz to moze chociaz jakis
        player mp3 i przy jego pomocy przenies log, a nastepnie go tutaj wklej.


        tak jest !!! ;)


        aaa
        udao mi sie bez problemu odpalic kompa w trybie awaryjnym z polaczenie do netu
        i tez nie mialam neu wiec pewnie cos jest pomieszane w ustawieniach ale to juz
        mnie wazne ;)
        jutro zrobie loga awaryjnym z hijcka i nagram jak radzisz albo na usb mub plyte
        cd i wpadnne znow do kafejki z logiem

        jak jeszcze moge przywrocic poprzednie ustawienia ?
        komp jest nowy, kupiony jakies miesiac temu, nie bylo zadnych plyt do inatacji
        tylko po odpaleniu byla instrukcja klikania ;) zeby go skonfigurowac :/ nie
        chcialabyl dzwonic do assistance bo pewnie mnie ladnie skasuja za fatyge
        przywrocenia pierwotnej wersji :/
          • Gość: nimeska Re: po trojanie - brak dostepu do internetu i IP: 213.56.251.* 28.11.06, 14:00
            Gość portalu: Kolobos napisał(a):

            > Na razie zobaczymy log. Jezeli zepsulas za bardzo to bedzie trzeba wszystko
            przenstalowac.
            > Nie bylo plyt ale pewnie jest na dysku dodatkowa partycja z systemem? No
            chyba, ze nie ma i dostalas tylko "jednorazowy" system.
            jest partycja , sa dwa dyski :D

            > Jaki to komputer?
            HP ;D
            zartuje ;)

            chyba 3600 czy jakos tak
            wiem ze ma duza pamiec 2x1024 :)
            szczerze nie pamietam ale sprawdze bo wlasnie zgralam na usb hijcka i ide do
            domu zrobic loga i zaraz wracam zeby wgrac
            • nimeska log hijackthis 28.11.06, 15:05
              Logfile of HijackThis v1.99.1
              Scan saved at 14:41:00, on 28/11/2006
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v7.00 (7.00.5730.0011)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\hijackthis.com

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
              ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
              go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
              ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
              R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
              C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
              F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\ezShellStart.exe
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
              - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: SpywareGuard Download Protection -
              {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
              Files\Java\jre1.5.0_06\bin\ssv.dll
              O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program
              Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
              c:\program files\google\googletoolbar1.dll
              O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
              c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
              O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
              C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
              files\google\googletoolbar1.dll
              O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
              O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
              O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia
              Archive\DMAScheduler.exe"
              O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
              O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec
              Shared\ccApp.exe"
              O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot
              Optimizer\HPBootOp.exe" /run
              O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
              Update\HPwuSchd2.exe
              O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
              communs\Real\Update_OB\realsched.exe" -osboot
              O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
              O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
              O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
              O4 - HKLM\..\Run: [jrflkv] c:\windows\system32\jrflkv.exe jrflkv
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
              O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
              O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
              O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program
              Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\mwsrvacc.exe /run
              O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
              O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program
              Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
              O8 - Extra context menu item: E&xport to Microsoft Excel -
              res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
              O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger -
              -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
              O9 - Extra 'Tools' menuitem: Console Java (Sun) -
              {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
              Files\Java\jre1.5.0_06\bin\ssv.dll
              O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -
              %windir%\bdoscandel.exe (file missing)
              O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
              {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
              O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789}
              -
              C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra 'Tools' menuitem: Aide à la connexion -
              {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
              C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
              %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
              {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
              Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
              www.wanadoo.fr (file missing) (HKCU)
              O11 - Options group: [INTERNATIONAL] International*
              O15 - Trusted Zone: *.mks.com.pl
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
              www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
              O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (
              • nimeska Re: log hijackthis 28.11.06, 19:05
                pozostala czesc bo sie nie zmiescil
                przepraszam ale wczesniej nie zauwazylam :(

                O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
                download.zonelabs.com/bin/free/cm/ICSCM.cab
                O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
                arcaonline.arcabit.com/ArcaOnline.cab
                O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
                mks.com.pl/skaner/SkanerOnline.cab
                O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
                download.bitdefender.com/resources/scan8/oscan8.cab
                O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
                acs.pandasoftware.com/activescan/as5free/asinst.cab
                O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
                ax.emsisoft.com/asquared.cab
                O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
                C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
                O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashServ.exe
                O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashMaiSv.exe" /service (file missing)
                O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
                Software\Avast4\ashWebSv.exe" /service (file missing)
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
                O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) -
                Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
                O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
                c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
                c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
                O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program
                Files\Norton Internet Security\comHost.exe
                O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) -
                EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe
                O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom -
                C:\WINDOWS\System32\FTRTSVC.exe
                O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
                Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel
                32\IDriverT.exe
                O23 - Service: LightScribeService Direct Disc Labeling Service
                (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers
                communs\LightScribe\LSSrvc.exe
                O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1
                \LUCOMS~1.EXE
                O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
                Corporation - c:\Program Files\Norton Internet Security\Norton
                AntiVirus\navapsvc.exe
                O23 - Service: Norton Protection Center Service (NSCService) - Symantec
                Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security
                Console\NSCSRVCE.EXE
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation -
                C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
                O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program
                Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
                O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
                Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
                O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program
                Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
                O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
                Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
              • Gość: Kolobos Re: log hijackthis IP: *.escom.net.pl 28.11.06, 19:14
                Odinstaluj Nortona, BearShare.

                W hjt usun:
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                go.microsoft.com/fwlink/?LinkId=69157
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
                go.microsoft.com/fwlink/?LinkId=54896
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
                ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
                ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
                R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
                ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
                R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
                C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
                O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
                O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <- klikasz na olowek na pasku yahoo i uninstall lub kasujesz w hjt + usuwasz katalog.
                O4 - HKLM\..\Run: [jrflkv] c:\windows\system32\jrflkv.exe jrflkv <- plik usun z dysku.
                O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\mwsrvacc.exe /run <- plik usun z dysku.
                O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
                O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
                www.wanadoo.fr (file missing) (HKCU)

                Zainstaluj ewido i przeskanuj nim system.
                Nie pamietam, juz co pisalas na poczatku ale czy probowalas przeinstalowac aplikacje od internetu?
                • Gość: nimeska Re: log hijackthis IP: *.w86-201.abo.wanadoo.fr 28.11.06, 19:25
                  BearShara juz dawno odinstalowalam w dodaj/usun programy, mialam go jakies rzy
                  tyg temu ale od notron zaczal mnie zasypywac ze bear przepuszcza jakies smieci
                  od razu og odinstalowalam wiec myslama ze go jzu nie mam

                  co jeszcze moge zrobic zeby nadobre pozbyc sie Bear'ta ?
                  nie mam go w "dodaj/usun programy"

                  Nortona zaraz pojde odinstalwolwac i pousuwam co podales w hjt :)

                  >O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
                  > C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <- klikasz na olowek
                  > na pasku yahoo i uninstall lub kasujesz w hjt + usuwasz katalog.

                  mam pytanko bo nie pamietam zeby kiedykolwiek korzystala z yahoo a tylko przez
                  chwilke byl ustawiony jako strona startowa a teraz mam googla choc nie mam
                  dalej netu w domu :( wiec skorzystam z hjt :)


                  > Nie pamietam, juz co pisalas na poczatku ale czy probowalas przeinstalowac
                  aplikacje od internetu?

                  nigdy tego nie robilam
                  czy mozesz mi powiedziec jak moge to zrobic? :)
                  tak bardzo bym chciala miec w domu neta a nie szlajac sie po kafejkach :(

                  • Gość: Kolobos Re: log hijackthis IP: *.escom.net.pl 28.11.06, 19:43
                    Usun wpis od Bear w google.

                    > nigdy tego nie robilam
                    > czy mozesz mi powiedziec jak moge to zrobic? :)
                    > tak bardzo bym chciala miec w domu neta a nie szlajac sie po kafejkach :(

                    Musisz ja przeinstalowac, co mam Ci wiecej napisac? Poszukaj plyty od dostawcy netu i przeinstaluj aplikacje.
          • nimeska Re: po trojanie - brak dostepu do internetu i 28.11.06, 15:07
            Gość portalu: Kolobos napisał(a):
            > Jaki to komputer?

            Hewlett packard company
            hp pavilion
            amd athlon(tm) 64 X2 Dual
            Core processor 3800+
            2.00 GHz, 1.93 Go RAM

            system microsoft wondows XP
            media center edition
            version 2002
            service pack 2


            dziekuje Ci Kolobos za pomoc
            czekam na dalsze instrukcje :D

            jestem gotowa na przeinstalowanie calego kompa nie mma w nim za wiele oprocz
            tego czegos ;)
            i bardzo mi zalzey zebym uporala sie z tym do piatku wieczra zamin maz wroci ;)
    • nimeska log z Silent 28.11.06, 16:24
      moze sie tez przyda?
      moze tu cos znajdziesz ? :)

      "Silent Runners.vbs", revision 49, www.silentrunners.org/
      Operating System: Windows XP SP2
      Output limited to non-default values, except where indicated by "{++}"


      Startup items buried in registry:
      ---------------------------------

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
      "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
      "swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008
      \GoogleToolbarNotifier.exe" ["Google Inc."]
      "Instant Access" = "C:\WINDOWS\system32\mwsrvacc.exe /run" [file not found]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
      "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
      "ftutil2" = "rundll32.exe ftutil2.dll,SetWriteCacheMode" [MS]
      "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
      "AlwaysReady Power Message APP" = "ARPWRMSG.EXE" ["Microsoft"]
      "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
      "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
      "DMAScheduler" = ""c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe""
      ["Sonic Solutions"]
      "Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
      "PCDrProfiler" = "(empty string)" [file not found]
      "ccApp" = ""c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe""
      ["Symantec Corporation"]
      "HPBootOp" = ""C:\Program Files\Hewlett-Packard\HP Boot
      Optimizer\HPBootOp.exe" /run" ["Hewlett-Packard Company"]
      "HP Software Update" = "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
      "TkBellExe" = ""C:\Program Files\Fichiers
      communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
      "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Labtec Inc."]
      "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Labtec
      Inc."]
      "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Labtec
      Inc."]
      "jrflkv" = "c:\windows\system32\jrflkv.exe jrflkv" [null data]
      "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
      "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
      "BearShare" = ""C:\Program Files\BearShare\BearShare.exe" /pause" [file not
      found]
      "WOOTASKBARICON" = "C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe" ["France
      Télécom R&D"]
      "WOOWATCH" = "C:\PROGRA~1\Wanadoo\Watch.exe" ["France Télécom R&D"]
      "MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
      \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat
      7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
      {4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download
      Protection"
      -> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
      \InProcServer32\(Default) = "C:\Program
      Files\SpywareGuard\dlprotect.dll" [null data]
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "SSVHelper Class"
      \InProcServer32\(Default) = "C:\Program
      Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
      {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
      -> {HKLM...CLSID} = "CNavExtBho Class"
      \InProcServer32\(Default) = "c:\Program Files\Norton
      Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
      {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Google Toolbar Helper"
      \InProcServer32\(Default) = "c:\program
      files\google\googletoolbar1.dll" ["Google Inc."]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du
      Panneau de configuration"
      -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
      \InProcServer32\(Default) = "deskpan.dll" [file not found]
      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
      -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
      \InProcServer32\(Default) = "C:\WINDOWS\system32
      \hticons.dll" ["Hilgraeve, Inc."]
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
      -> {HKLM...CLSID} = "Portable Media Devices Menu"
      \InProcServer32\(Default) = "C:\WINDOWS\system32
      \audiodev.dll" [MS]
      "{DBFB267C-334F-4F19-A304-63B7130C20C7}" = "MediaCenter Property Page"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "arpower.dll" ["Microsoft"]
      "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
      -> {HKLM...CLSID} = "DesktopContext Class"
      \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll"
      ["NVIDIA Corporation"]
      "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
      -> {HKLM...CLSID} = "NVIDIA CPL Extension"
      \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll"
      ["NVIDIA Corporation"]
      "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
      -> {HKLM...CLSID} = "Desktop Explorer"
      \InProcServer32\(Default) = "C:\WINDOWS\system32
      \nvshell.dll" ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "C:\WINDOWS\system32
      \nvshell.dll" ["NVIDIA Corporation"]
      "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
      -> {HKLM...CLSID} = "nView Desktop Context Menu"
      \InProcServer32\(Default) = "C:\WINDOWS\system32
      \nvshell.dll" ["NVIDIA Corporation"]
      "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
      -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
      \InProcServer32\(Default) = "C:\Program
      Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
      "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF"
      -> {HKLM...CLSID} = "ShellViewRTF"
      \InProcServer32\(Default) = "C:\WINDOWS\system32
      \ShellvRTF.dll" ["XSS"]
      "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"
      -> {HKLM...CLSID} = "My Labtec Pictures"
      \InProcServer32\(Default) = "C:\Program
      Files\Logitech\Video\Namespc2.dll" ["Labtec Inc."]
      "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
      -> {HKLM...CLSID} = "7-Zip Shell Extension"
      \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-
      zip.dll" ["Igor Pavlov"]
      "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = ""C:\Program
      Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
      "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = ""C:\Program
      Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
      "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet
      Handler"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = ""C:\Program
      Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
      "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = ""C:\Program
      Files\OpenOffice.ux.pl 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell ex
      • nimeska Re: log z Silent 28.11.06, 19:07
        "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
        "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
        -> {HKLM...CLSID} = "avast"
        \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4
        \ashShell.dll" ["ALWIL Software"]
        "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
        -> {HKLM...CLSID} = "SpywareGuard.Handler"
        \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll"
        [null data]

        HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
        <<!>> "{E54729E8-BB3D-4270-9D49-7389EA579090}" = "EasyBits Security Shield
        Hook - prevents launching insecure programs by kids"
        -> {HKLM...CLSID} = "EasyBits ShellExecute Hook"
        \InProcServer32\(Default) = "C:\WINDOWS\system32\EZUPBH~1.DLL" ["EasyBits
        Software Corp."]
        <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
        -> {HKLM...CLSID} = "SpywareGuard.Handler"
        \InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll"
        [null data]

        HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
        <<!>> "Userinit" = "C:\WINDOWS\system32\ezShellStart.exe" ["EasyBits Software
        Corp."]

        HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
        {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column
        Handler"
        -> {HKLM...CLSID} = (no title provided)
        \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0.3
        \program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
        {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
        -> {HKLM...CLSID} = "PDF Shell Extension"
        \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0
        \ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

        HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
        7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
        -> {HKLM...CLSID} = "7-Zip Shell Extension"
        \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
        avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
        -> {HKLM...CLSID} = "avast"
        \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4
        \ashShell.dll" ["ALWIL Software"]
        Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-
        7F82CB4C59CA}"
        -> {HKLM...CLSID} = "IEContextMenu Class"
        \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton
        AntiVirus\NavShExt.dll" ["Symantec Corporation"]
        WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

        HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
        7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
        -> {HKLM...CLSID} = "7-Zip Shell Extension"
        \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
        WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

        HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
        avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
        -> {HKLM...CLSID} = "avast"
        \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4
        \ashShell.dll" ["ALWIL Software"]
        Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-
        7F82CB4C59CA}"
        -> {HKLM...CLSID} = "IEContextMenu Class"
        \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton
        AntiVirus\NavShExt.dll" ["Symantec Corporation"]
        WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
        -> {HKLM...CLSID} = "WinRAR"
        \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


        Group Policies {GPedit.msc branch and setting}:
        -----------------------------------------------

        Note: detected settings may not have any effect.

        HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

        "NoLogoff" = (REG_DWORD) hex:0x00000000
        {User Configuration|Administrative Templates|System|Logon/Logoff|
        Disable Logoff}

        "NoClose" = (REG_DWORD) hex:0x00000000
        {unrecognized setting}

        HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

        "DisableLockWorkstation" = (REG_DWORD) hex:0x00000000
        {unrecognized setting}

        "DisableTaskMgr" = (REG_DWORD) hex:0x00000000
        {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
        Remove Task Manager}

        "DisableChangePassword" = (REG_DWORD) hex:0x00000000
        {unrecognized setting}

        HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

        "NoBrowserContextMenu" = (REG_DWORD) hex:0x00000000
        {unrecognized setting}

        HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

        "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
        {Computer Configuration|Windows Settings|Security Settings|Local
        Policies|Security Options|
        Shutdown: Allow system to be shut down without having to log on}

        "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
        {Computer Configuration|Windows Settings|Security Settings|Local
        Policies|Security Options|
        Devices: Allow undock without having to log on}

        "InstallVisualStyle" = (REG_EXPAND_SZ)
        C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
        {unrecognized setting}

        "InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
        {unrecognized setting}


        Active Desktop and Wallpaper:
        -----------------------------

        Active Desktop may be disabled at this entry:
        HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


        Enabled Screen Saver:
        ---------------------

        HKCU\Control Panel\Desktop\
        "SCRNSAVE.EXE" = "C:\WINDOWS\system32\wpgldfsh.scr" [MS]


        Startup items in "HP_Administrateur" & "All Users" startup folders:
        -------------------------------------------------------------------

        C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage
        "SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null
        data]

        C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
        "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program
        Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


        Enabled Scheduled Tasks:
        ------------------------

        "Connexion facile à Internet" -> launches: "C:\Program Files\Hewlett-
        Packard\SDP\HPSdpApp.exe /remind /LaunchPoint reminder /App C:\Program
        Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml" ["Hewlett-Packard"]
        "Norton AntiVirus - Effectuer une analyse complète du système -
        HP_Administrateur" -> launches: "c:\PROGRA~1\NORTON~1\NORTON~1
        \Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application
        Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
        "Warranty Reminder 11 month" -> launches: "c:\windows\system32
        \pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat"
        [null data]


        Winsock2 Service Provider DLLs:
        -------------------------------

        Namespace Service Providers

        HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5
        \Catalog_Entries\ {++}
        000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
        000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
        000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

        Transport Service Providers

        HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9
        \Catalog_Entries\ {++}
        0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
        %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
        %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


        Toolbars, Explorer Bars, Extensions:
        ------------------------------------

        Toolbars

        HKCU\Software\Microsoft\Internet Exp
        • nimeska Re: log z Silent 28.11.06, 19:09
          Toolbars

          HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
          "{C4069E3A-68F1-403E-B40E-20066696354B}"
          -> {HKLM...CLSID} = "Norton AntiVirus"
          \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton
          AntiVirus\NavShExt.dll" ["Symantec Corporation"]

          HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
          "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
          -> {HKLM...CLSID} = "&Google"
          \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll"
          ["Google Inc."]

          HKLM\Software\Microsoft\Internet Explorer\Toolbar\
          "{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
          -> {HKLM...CLSID} = "Norton AntiVirus"
          \InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton
          AntiVirus\NavShExt.dll" ["Symantec Corporation"]
          "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
          -> {HKLM...CLSID} = "Yahoo! Toolbar"
          \InProcServer32\(Default) = "C:\Program Files\Yahoo!
          \Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
          "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
          -> {HKLM...CLSID} = "&Google"
          \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll"
          ["Google Inc."]

          Explorer Bars

          HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

          HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default)
          = "Volet Wanadoo"
          Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
          InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty
          string]

          HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default)
          = "ToolBand Class"
          Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
          InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty
          string]

          HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default)
          = "Volet Wanadoo"
          Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
          InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty
          string]

          Extensions (Tools menu items, main toolbar menu buttons)

          HKCU\Software\Microsoft\Internet Explorer\Extensions\
          {1462651F-F4BA-4C76-A001-C4284D0FE16E}\
          "ButtonText" = "Wanadoo"
          "Exec" = "<a href="www.wanadoo.fr"" target="_blank">www.wanadoo.fr"</a> [file not found]

          HKLM\Software\Microsoft\Internet Explorer\Extensions\
          {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
          "MenuText" = "Console Java (Sun)"
          "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
          -> {HKCU...CLSID} = "Java Plug-in"
          \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll"
          ["Sun Microsystems, Inc."]
          -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
          \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06
          \bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

          {85D1F590-48F4-11D9-9669-0800200C9A66}\
          "MenuText" = "Uninstall BitDefender Online Scanner v8"
          "Exec" = "%windir%\bdoscandel.exe" [null data]

          {E2D4D26B-0180-43A4-B05F-462D6D54C789}\
          "ButtonText" = "Aide à la connexion"
          "MenuText" = "Aide à la connexion"
          "Script" = "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-
          Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm" [null data]

          {E2E2DD38-D088-4134-82B7-F2BA38496583}\
          "MenuText" = "@xpsp3res.dll,-20001"
          "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


          Miscellaneous IE Hijack Points
          ------------------------------

          HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
          <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
          -> {HKLM...CLSID} = "Search Class"
          \InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string]


          All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
          ---------------------------------------------------------------------------

          ARSVC, ARSVC, "C:\WINDOWS\arservice.exe" ["Microsoft"]
          avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4
          \ashServ.exe"" [null data]
          avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4
          \aswUpdSv.exe"" [null data]
          avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
          avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4
          \ashWebSv.exe" /service" ["ALWIL Software"]
          Carte de performance WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
          COM Host, comHost, ""c:\Program Files\Norton Internet Security\comHost.exe""
          ["Symantec Corporation"]
          EasyBits Magic Desktop Services for Windows NT, ezntsvc, "C:\WINDOWS\system32
          \ezNTSvc.exe" ["EasyBits Software Corp."]
          Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
          France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32
          \FTRTSVC.exe" ["France Telecom"]
          HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter"
          {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
          InstallDriver Table Manager, IDriverT, ""C:\Program Files\Fichiers
          communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"" ["Macrovision
          Corporation"]
          LightScribeService Direct Disc Labeling Service,
          LightScribeService, ""C:\Program Files\Fichiers
          communs\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
          LiveUpdate, LiveUpdate, ""C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE""
          ["Symantec Corporation"]
          Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]
          Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]
          MHN, MHN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32
          \mhn.dll" [MS]}
          Norton Protection Center Service, NSCService, ""c:\Program Files\Fichiers
          communs\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
          NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe"
          ["NVIDIA Corporation"]
          Planificateur LiveUpdate automatique, Planificateur LiveUpdate
          automatique, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe""
          ["Symantec Corporation"]
          Service d'administration du Gestionnaire de disque logique,
          dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas
          Software"]
          Service d'approvisionnement réseau, xmlprov, "C:\WINDOWS\System32\svchost.exe -
          k netsvcs" {"C:\WINDOWS\System32\xmlprov.dll" [MS]}
          Service d'état ASP.NET,
          aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"
          [MS]
          Service de numéro de série du lecteur multimédia portable,
          WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32
          \MsPMSNSv.dll" [MS]}
          Service de planification Media Center, ehSched, "C:\WINDOWS\eHome\ehSched.exe"
          [MS]
          Service Norton AntiVirus Auto-Protect, navapsvc, ""c:\Program Files\Norton
          Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
          Symantec AVScan, SAVScan, ""c:\Program Files\Norton Internet Security\Norton
          AntiVirus\SAVScan.exe"" ["Symantec Corporation"]
          Symantec Core LC, Symantec Core LC, ""C:\Program Files\Fichiers
          communs\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
          Symantec Event Manager, ccEvtMgr, ""c:\Program Files\Fichiers communs\Symantec
          Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
          Symantec Internet Security Password Validation, ccISPwdSvc, ""c:\Program
          Files\Norton Internet Security\ccPwdSvc.exe"" ["Symantec Corporation"]
          Symantec Network Drivers Service, SNDSrvc, ""c:\Program Files\Fichiers
          communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
          Symantec Network Proxy, ccProxy, ""c:\Program Files\Fichiers communs\Symantec
          Shared\ccProxy.exe"" ["Symantec Corporation"]
          Symantec Settings Manager, ccSetMgr, ""c:\Program Files\Fichiers
          communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
          Symantec SPBBCSvc, SPBBCSvc, ""c:\Program Files\Fichiers communs\Symantec
          Sh
          • nimeska Re: log z Silent 28.11.06, 19:11
            Symantec SPBBCSvc, SPBBCSvc, ""c:\Program Files\Fichiers communs\Symantec
            Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
            Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


            Keyboard Driver Filters:
            ------------------------

            HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-
            08002BE10318}\
            "UpperFilters" = <<!>> "arkbcfltr" [MS]


            Print Monitors:
            ---------------

            HKLM\System\CurrentControlSet\Control\Print\Monitors\
            Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


            ----------
            <<!>>: Suspicious data at a malware launch point.
            <<H>>: Suspicious data at a browser hijack point.

            + This report excludes default entries except where indicated.
            + To see *everywhere* the script checks and *everything* it finds,
            launch it from a command prompt or a shortcut with the -all parameter.
            + To search all directories of local fixed drives for DESKTOP.INI
            DLL launch points, use the -supp parameter or answer "No" at the
            first message box and "Yes" at the second message box.
            --------

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka