Isäpuolen koneella google....

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

maanantai 21.7.2025 / 14:13

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > isäpuolen koneella google....

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Isäpuolen koneella google....

Siirry:

Kirjoittaja

Viesti

Junton

Newbie

17. tammikuuta 2007 @ 15:18

Linkki tähän viestiin

Elikkä isäpuolen koneella käytössä IE7. Ongelmana se, että kun googlettaa niin tulokset tulevat normaalisti, mutta kun jotain klikkaa niin se menee porno/haittasivulle.
Tässä HijackThis-logi.
Logfile of HijackThis v1.99.1
Scan saved at 20:12:31, on 17.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
G:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.salonseutu.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ls0.net/srchasst.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salonseutu.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salonseutu.fi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://all-find.net/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F1 - win.ini: run=fntldr.exe C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\ C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\msinfo.exe
O2 - BHO: (no name) - -{53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.webmail.dnainternet.net
O15 - Trusted Zone: www.dnainternet.net
O15 - Trusted Zone: www.google.fi
O15 - Trusted Zone: www.leonia.fi
O15 - Trusted Zone: http://www.leonia.fi
O15 - Trusted Zone: www70.leonia.fi
O15 - Trusted Zone: http://www.mbnet.fi
O15 - Trusted Zone: http://www.nordea.fi
O15 - Trusted Zone: http://posti.salonseutu.fi
O15 - Trusted Zone: www.salonseutu.fi
O15 - Trusted Zone: http://www.salonseutu.fi
O15 - Trusted Zone: http://www.sampo.fi
O15 - Trusted Zone: www.utu.fi
O15 - Trusted Zone: *.www.if.fi
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1094374556218
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: 183gxvtf96m.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod-palvelu (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[ + lainaa]

Hujo

Suspended permanently

18. tammikuuta 2007 @ 13:41

Linkki tähän viestiin

Lisää poista sovelutuksesta

poistat javat
Java\j2re1.4.2_08
HijackThis 1.99.1

Tuosta alkajaisiksi

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

lataa tuosta uudestaan
http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

asenna numerojärjestyksessä

1.Unzip
2.OK
3.Close

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - -{53707962-6F74-2D53-2644-206D7942484F} - (no file)

[ + lainaa]

Voiko tietsikka koskaan toimia?

Junton

Newbie

18. tammikuuta 2007 @ 16:53

Linkki tähän viestiin

Tällaista combofix pisti
"Arto" - 07-01-18 21:42:24 Service Pack 2
ComboFix 07-01-18 - Running from: "G:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\INSTALL.LOG

((((((((((((((((((((((((((((((( Files Created from 2006-12-18 to 2007-01-18 ))))))))))))))))))))))))))))))))))

2007-01-13 22:33 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
2007-01-13 22:33 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
2007-01-13 22:33 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-13 22:33 <KANSIO> d-------- C:\Program Files\Spyware Doctor
2007-01-13 22:33 <KANSIO> d-------- C:\DOCUME~1\Arto\Application Data\PC Tools
2007-01-09 22:56 <KANSIO> d-------- C:\WINDOWS\ie7updates
2007-01-01 21:51 <KANSIO> d-------- C:\DOCUME~1\Arto\Application Data\CyberLink
2007-01-01 21:51 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-01-01 21:09 16,384 --a------ C:\WINDOWS\SYSTEM32\lgfwunis.exe
2007-01-01 21:09 102,912 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2007-01-01 21:09 102,160 --a------ C:\WINDOWS\SYSTEM32\VB6KO.DLL
2007-01-01 21:09 <KANSIO> d-------- C:\Program Files\lg_fwupdate
2007-01-01 20:57 <KANSIO> d-------- C:\Program Files\Common Files\LightScribe
2007-01-01 20:55 476,320 --------- C:\WINDOWS\SYSTEM32\ImagXpr7.dll
2007-01-01 20:55 471,040 --------- C:\WINDOWS\SYSTEM32\ImagXRA7.dll
2007-01-01 20:55 364,544 --------- C:\WINDOWS\SYSTEM32\TwnLib4.dll
2007-01-01 20:55 262,144 --------- C:\WINDOWS\SYSTEM32\ImagXR7.dll
2007-01-01 20:55 155,648 --a------ C:\WINDOWS\SYSTEM32\NeroCheck.exe
2007-01-01 20:55 106,496 --a------ C:\WINDOWS\SYSTEM32\TwnLib20.dll
2007-01-01 20:55 1,568,768 --------- C:\WINDOWS\SYSTEM32\ImagX7.dll
2007-01-01 20:55 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-01-01 20:55 <KANSIO> d-------- C:\Program Files\Ahead
2007-01-01 20:50 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-01-01 20:50 <KANSIO> d-------- C:\Program Files\CyberLink DVD Solution
2007-01-01 20:50 <KANSIO> d-------- C:\Program Files\CyberLink
2007-01-01 20:50 <KANSIO> d-------- C:\MyWorks
2006-12-24 10:46 442,368 -ra------ C:\WINDOWS\SYSTEM32\vp6vfw.dll
2006-12-24 10:46 <KANSIO> d-------- C:\Program Files\EA GAMES
2006-12-19 21:21 <KANSIO> d-------- C:\WINDOWS\SxsCaPendDel
2006-12-19 21:21 <KANSIO> d-------- C:\Program Files\Windows Defender

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-18 18:00 -------- d-------- C:\Program Files\symantec antivirus
2007-01-13 21:01 -------- d-------- C:\Program Files\google
2007-01-13 20:13 -------- d--h----- C:\Program Files\installshield installation information
2006-12-13 16:46 -------- d-------- C:\Program Files\ponygirl2
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-11-21 12:24 32768 --a------ C:\WINDOWS\SYSTEM32\snmp.exe
2006-11-18 12:52 -------- d-------- C:\Program Files\msxml 4.0
2006-11-08 07:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-10-20 03:39 713728 --a------ C:\WINDOWS\SYSTEM32\sxs.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LXBRKsk"="C:\\PROGRA~1\\LEXMAR~1\\LXBRKsk.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"Lexmark 3100 Series"="\"C:\\Program Files\\Lexmark 3100 Series\\lxbrbmgr.exe\""
"DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdjmc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="183gxvtf96m.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"=dword:00000001
"CDRAutoRun"=hex:00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\B11E7E5A91D1EE7A.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 07-01-18 21:47:07

[ + lainaa]

Sivuni: http://www.kokkomaakari.net
Deviant-profiilini: http://junton.deviantart.com

Mainos

Hujo

Suspended permanently

18. tammikuuta 2007 @ 23:19

Linkki tähän viestiin

laita uusi HjT loki

[ + lainaa]

Voiko tietsikka koskaan toimia?

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > isäpuolen koneella google....


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.