|
Keskustelualueet
Keskustelualueet
|
|
Örkkejä koneessa
|
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 07:56 |
Linkki tähän viestiin
|
oon aika varma et joatin örkkejä on mun koneessa koska tää syöttää koko ajan mainoksii..
voisko joku kattoo ton mun HiJackThis login
Logfile of HijackThis v1.99.1
Scan saved at 12:51:49, on 10.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\windows\sp2update00.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\MSN Messenger\msnmsgr.exe
D:\program files\valve\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\VHV1a2thWg\command.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe
C:\WINDOWS\explorer.exe
D:\Mozilla Firefox\firefox.exe
C:\Hjt/HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\irjol5131.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHV1a2thWg\command.exe
O23 - Service: NTsystem (System) - Unknown owner - C:\WINDOWS\ntsys32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Zipp2
Member
|
10. marraskuuta 2005 @ 08:23 |
Linkki tähän viestiin
|
Merkkaa nuo sulje selain ja paina Fix checked
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VHV1a2thWg\command.exe
O23 - Service: NTsystem (System) - Unknown owner - C:\WINDOWS\ntsys32.exe
Käynnistä sitte kone vikasietotilassa
Kirjota Suorita kohtaan services.msc ja Ok
Eti sieltä tuo service
Command Service (cmdService)
tuplaklikkaa sitä ja pistä Käynnistysmuotoon ei käytössä Käytä ja Ok.
Sitte tee samoin tolle
NTsystem (System)
Sen jälkeen poista jos löytyy piilotiedostot näkyvillä
C:\WINDOWS\ntsys32.exe
C:\windows\msresearch.exe
C:\windows\sp2update00.exe
C:\WINDOWS\VHV1a2thWg\command.exe
Käynnistä sitte normaalisti ja:
Ota tosta l2mfix.exe.
http://www.atribune.org/downloads/l2mfix.exe
Säästä se työpöydälle ja tuplaklikkaa sitä ja ensin Accept ja sitte Install
Työpöydälle ilmestyy l2mfix kansio.
Avaa se ja tuplaklikkaa l2mfix.bat
Valitse kohta 1 eli näppäät ykkösen ja Enter
Anna sen scannata valmiiks ja pistä ulostuleva logi tänne.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 08:55 |
Linkki tähän viestiin
|
tossa sitten toi koko logi kai se nyt sit oikein on.
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\c8000idme80a0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{46AF7FAC-676B-ED8C-8A41-12ACF7909C9F}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimediatiedoston ominaisuusikkuna"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-kuvanlukijan hallinta"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-suojaussivu"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-asiakirjatiedoston ominaisuussivu"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="N?ytt?sovittimen CPL-laajennus"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL -laajennus"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL -laajennus"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Hakemistopalvelun suojaussivu"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Yhteensopivuussivusto"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="K?ytt?liittym?n leikkeidenk?sittelytoiminto"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Levykkeen kopiointilaajennus"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows -verkon objektien liittym?laajennukset"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-n?yt?n hallinta"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-tulostimen hallinta"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Tiedostonpakkauksen liittym?laajennukset"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web-tulostimen liittym?laajennus"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Salauksen pikavalikko"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Salkku"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-kuvakkeen tunniste"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profiili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Tulostimen suojaussivu"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Liittym?laajennus jakamista varten"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO -laajennus"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign -laajennus"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Verkkoyhteydet"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Verkkoyhteydet"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Skannerit ja kamerat"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Skannerit ja kamerat"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Skannerit ja kamerat"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Skannerit ja kamerat"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Skannerit ja kamerat"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Hostin liittym?laajennukset"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-tietolinkki"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Ajoitetut teht?v?t"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Teht?v?palkki ja K?ynnist?-valikko"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Etsi"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Ohje ja tuki"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Suorita..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="S?hk?posti"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fontit"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Valvontaty?kalut"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet-ty?kalurivi"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Lataamisen tila"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Etsint?palkki"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media-palkki"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&L?hiosoite"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Osoitepalkin j?sent?j?"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Sivuhistoria"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-v?limuistikansio"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="K?ytt?liittym?n sovelluksenhallintaohjelma"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Sovellusluettelo asennettiin"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ -tiedoston pikkukuvan purkaja"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Yhteenvetotiedot pikkukuvien k?sittelyst? (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-pikkukuvien purkuohjelma"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Ohjattu Web-julkaisutoiminto"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Valokuvien paperikopioiden tilaaminen Internetist?"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Ohjattu Passport toiminto"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="K?ytt?j?tilit"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanavatiedosto"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanavan pikakuvake"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanavienk?sittelyobjekti"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline-tiedostot-kansio"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{06CB1356-610F-430E-B2B3-5159FF1431A7}"=""
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Henkil?it?..."
"{E6D16140-188B-4303-9D11-C586CD7C3C76}"=""
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{94CC967E-3A1A-4353-A5B0-C4E39083FD90}"=""
"{1075820A-FC77-4609-B0B9-815CDE8D8C76}"=""
"{F2F1EC4A-89AF-495F-A128-8130A9FFD4AE}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{D74BECAE-3C06-4D47-91A8-2DC81A4FD0A9}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{06CB1356-610F-430E-B2B3-5159FF1431A7}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\CLSID\{06CB1356-610F-430E-B2B3-5159FF1431A7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{06CB1356-610F-430E-B2B3-5159FF1431A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{06CB1356-610F-430E-B2B3-5159FF1431A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\olpdx32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{94CC967E-3A1A-4353-A5B0-C4E39083FD90}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{94CC967E-3A1A-4353-A5B0-C4E39083FD90}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{94CC967E-3A1A-4353-A5B0-C4E39083FD90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{94CC967E-3A1A-4353-A5B0-C4E39083FD90}\InprocServer32]
@="C:\\WINDOWS\\system32\\khdgkl.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1075820A-FC77-4609-B0B9-815CDE8D8C76}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1075820A-FC77-4609-B0B9-815CDE8D8C76}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1075820A-FC77-4609-B0B9-815CDE8D8C76}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1075820A-FC77-4609-B0B9-815CDE8D8C76}\InprocServer32]
@="C:\\WINDOWS\\system32\\mvrdim.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F2F1EC4A-89AF-495F-A128-8130A9FFD4AE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F2F1EC4A-89AF-495F-A128-8130A9FFD4AE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F2F1EC4A-89AF-495F-A128-8130A9FFD4AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F2F1EC4A-89AF-495F-A128-8130A9FFD4AE}\InprocServer32]
@="C:\\WINDOWS\\system32\\spobject.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{D74BECAE-3C06-4D47-91A8-2DC81A4FD0A9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D74BECAE-3C06-4D47-91A8-2DC81A4FD0A9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D74BECAE-3C06-4D47-91A8-2DC81A4FD0A9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D74BECAE-3C06-4D47-91A8-2DC81A4FD0A9}\InprocServer32]
@="C:\\WINDOWS\\system32\\iwagehlp.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Wed 9 Nov 2005 18.13.06 A.... 687 592 671,48 K
c8000i~1.dll Thu 10 Nov 2005 13.43.16 ..S.R 235 263 229,75 K
hrj805~1.dll Wed 9 Nov 2005 20.57.38 ..S.R 233 940 228,46 K
iwagehlp.dll Thu 10 Nov 2005 13.43.18 ..S.R 235 255 229,74 K
k608lg~1.dll Wed 9 Nov 2005 19.06.00 ..S.R 236 745 231,20 K
khdgkl.dll Wed 9 Nov 2005 18.59.42 ..S.R 234 939 229,43 K
l0p2la~1.dll Wed 9 Nov 2005 22.14.44 ..S.R 235 255 229,74 K
l20ulc~1.dll Thu 10 Nov 2005 13.46.32 ..S.R 237 165 231,61 K
mvrdim.dll Wed 9 Nov 2005 19.06.00 ..S.R 234 939 229,43 K
p68qlg~1.dll Wed 9 Nov 2005 18.59.40 ..S.R 236 525 230,98 K
spobject.dll Thu 10 Nov 2005 13.46.32 ..S.R 235 263 229,75 K
11 items found: 11 files (10 H/S), 0 directories.
Total of file sizes: 3 042 881 bytes 2,90 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Aseman C nimi on Paikallinen levy
Aseman sarjanumero on F4FF-0F3C
Kansio C:\WINDOWS\System32
10.11.2005 13:46 235ÿ263 spobject.dll
10.11.2005 13:46 237ÿ165 l20ulcd91f0.dll
10.11.2005 13:43 235ÿ255 iwagehlp.dll
10.11.2005 13:43 235ÿ263 c8000idme80a0.dll
10.11.2005 12:37 <KANSIO> dllcache
09.11.2005 22:14 235ÿ255 l0p2la7o1d.dll
09.11.2005 20:57 233ÿ940 hrj8051ue.dll
09.11.2005 19:05 234ÿ939 mvrdim.dll
09.11.2005 19:05 236ÿ745 k608lgdu1608.dll
09.11.2005 18:59 234ÿ939 khdgkl.dll
09.11.2005 18:59 236ÿ525 p68qlgl516q.dll
10 tiedosto(a) 2ÿ355ÿ289 tavua
1 kansio(ta) 3ÿ966ÿ132ÿ224 tavua vapaana
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 08:59 |
Linkki tähän viestiin
|
vitsi ku tää heittää aina jotain mainoksii se ärsyttää ku tekee jotain esim on kattomas tääl näit viestei. Oon kattonu 1 avastil ja Spybot - Search & Destroylla ja ad-awarella ja lisää mainoksia vaan se heittää. ÄRSYTTÄVÄÄ!!
|
Zipp2
Member
|
10. marraskuuta 2005 @ 09:03 |
Linkki tähän viestiin
|
Jos sulla on jotain extraa siinä auki,niin sammuta jo valmiiks,koska kone käynnistyy uudestaan suraavassa operaatiossa.
Avaa l2mfix kansio ja tuplaklikkaa l2mfix.bat
valitse kohta 2 eli näppäät 2 ja Enter
Sitte paina vaan jotain näppäintä ja kone käynnistyy uudestaan.
Kun kone on käynnistynny uudestaan,niin se jatkaa scannausta ja kun se on valmis,niin tulee taas logi ulos.
Jos logia ei tuu niin avaa l2mfix kansio ja tuplaklikkaa second.bat ja lähetä sen logi ku se on valmiiks ajettu.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 09:11 |
Linkki tähän viestiin
|
en tiiä onko oikee mut laitan silti.
L2Mfix 1.04a
Running From:
C:\Documents and Settings\tuukka\Ty?p?yt?\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(IO) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- changing existing entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting up for Reboot
Starting Reboot!
|
Zipp2
Member
|
10. marraskuuta 2005 @ 09:19 |
Linkki tähän viestiin
|
Tees uudestaan tuo
10. marraskuuta 2005 @ 07:03
ja kopioi koko logi tänne.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 09:46 |
Linkki tähän viestiin
|
tonne tulee tommonen ei yhtää pidempi.
L2Mfix 1.04a
Running From:
C:\Documents and Settings\tuukka\Ty?p?yt?\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(IO) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry
- changing existing entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting up for Reboot
Starting Reboot!
|
Zipp2
Member
|
10. marraskuuta 2005 @ 09:52 |
Linkki tähän viestiin
|
Pistä uus Hijack logi.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 09:54 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 14:54:15, on 10.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
D:\program files\valve\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\tuukka\Työpöytä\HijackThis.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\kt4ul7h91.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Zipp2
Member
|
10. marraskuuta 2005 @ 10:02 |
Linkki tähän viestiin
|
Merkkaa tuo sulje selain ja paina Fix checked
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
Sitte poista jos löytyy
C:\windows\sp2update00.exe
Koita sen jälkeen uudestaan tota
Avaa l2mfix kansio ja tuplaklikkaa l2mfix.bat
valitse kohta 2 eli näppäät 2 ja Enter
Sitte paina vaan jotain näppäintä ja kone käynnistyy uudestaan.
Kun kone on käynnistynny uudestaan,niin se jatkaa scannausta ja kun se on valmis,niin tulee taas logi ulos.
Jos logia ei tuu niin avaa l2mfix kansio ja tuplaklikkaa second.bat ja lähetä sen logi ku se on valmiiks ajettu.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 10:08 |
Linkki tähän viestiin
|
eipä löytynyt sitä C:\windows\sp2update00.exe juttua, mutta kokeilen nyt tota uudestaa.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 10:17 |
Linkki tähän viestiin
|
L2Mfix 1.04a
Running From:
C:\Documents and Settings\tuukka\Ty?p?yt?\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(IO) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry
- changing existing entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting up for Reboot
Starting Reboot
tommen vaa tulee se on aina ton näkönen en tiiä mikä siin on, mut tein niiku sanoit mut toi vaa tulee...:D
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 10. marraskuuta 2005 @ 10:19
|
Zipp2
Member
|
10. marraskuuta 2005 @ 10:22 |
Linkki tähän viestiin
|
Ei toimi niin,hae tuolta Spy Sweeper trial
http://www.webroot.com/consumer/products/spysweeper/?WRSID=3db60d...
Asenna ja päivitä se.
Sitte käynnistä vikasietotilassa ja scannaa + putsaa sillä.
Käynnistä sitte normaalisti ja koita taas tota
Avaa l2mfix kansio ja tuplaklikkaa l2mfix.bat
valitse kohta 2 eli näppäät 2 ja Enter
Sitte paina vaan jotain näppäintä ja kone käynnistyy uudestaan.
Kun kone on käynnistynny uudestaan,niin se jatkaa scannausta ja kun se on valmis,niin tulee taas logi ulos.
Jos logia ei tuu niin avaa l2mfix kansio ja tuplaklikkaa second.bat ja lähetä sen logi ku se on valmiiks ajettu.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 11:54 |
Linkki tähän viestiin
|
no nyt se tais onnistuu tuli vähä pidempi noi muut.
L2Mfix 1.04a
Running From:
C:\Documents and Settings\tuukka\Ty?p?yt?\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(IO) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry
- changing existing entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-CI) DENY --C------- BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Setting up for Reboot
Starting Reboot!
Setting Directory
C:\Documents and Settings\tuukka\Ty?p?yt?\l2mfix
Running From:
C:\Documents and Settings\tuukka\Ty?p?yt?\l2mfix
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 436 'smss.exe'
Error 0x6 : Kahva ei kelpaa.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 516 'winlogon.exe'
Error 0x6 : Kahva ei kelpaa.
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1220 'explorer.exe'
Killing PID 1220 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
Backing Up: C:\WINDOWS\system32\hrj8051ue.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\iwagehlp.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\k608lgdu1608.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\khdgkl.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\l0p2la7o1d.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\mnjtes40.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\mvrdim.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\p68qlgl516q.dll
1 tiedosto(a) on kopioitu.
Backing Up: C:\WINDOWS\system32\p6r4lg9q16.dll
1 tiedosto(a) on kopioitu.
deleting: C:\WINDOWS\system32\hrj8051ue.dll
Successfully Deleted: C:\WINDOWS\system32\hrj8051ue.dll
deleting: C:\WINDOWS\system32\iwagehlp.dll
Successfully Deleted: C:\WINDOWS\system32\iwagehlp.dll
deleting: C:\WINDOWS\system32\k608lgdu1608.dll
Successfully Deleted: C:\WINDOWS\system32\k608lgdu1608.dll
deleting: C:\WINDOWS\system32\khdgkl.dll
Successfully Deleted: C:\WINDOWS\system32\khdgkl.dll
deleting: C:\WINDOWS\system32\l0p2la7o1d.dll
Successfully Deleted: C:\WINDOWS\system32\l0p2la7o1d.dll
deleting: C:\WINDOWS\system32\mnjtes40.dll
Successfully Deleted: C:\WINDOWS\system32\mnjtes40.dll
deleting: C:\WINDOWS\system32\mvrdim.dll
Successfully Deleted: C:\WINDOWS\system32\mvrdim.dll
deleting: C:\WINDOWS\system32\p68qlgl516q.dll
Successfully Deleted: C:\WINDOWS\system32\p68qlgl516q.dll
deleting: C:\WINDOWS\system32\p6r4lg9q16.dll
Successfully Deleted: C:\WINDOWS\system32\p6r4lg9q16.dll
Zipping up files for submission:
adding: hrj8051ue.dll (164 bytes security) (deflated 4%)
adding: iwagehlp.dll (164 bytes security) (deflated 5%)
adding: k608lgdu1608.dll (164 bytes security) (deflated 5%)
adding: khdgkl.dll (164 bytes security) (deflated 5%)
adding: l0p2la7o1d.dll (164 bytes security) (deflated 5%)
adding: mnjtes40.dll (164 bytes security) (deflated 6%)
adding: mvrdim.dll (164 bytes security) (deflated 5%)
adding: p68qlgl516q.dll (164 bytes security) (deflated 5%)
adding: p6r4lg9q16.dll (164 bytes security) (deflated 6%)
zip warning: name not matched: *.tmp
zip error: Nothing to do! (backup.zip)
adding: clear.reg (164 bytes security) (deflated 36%)
adding: echo.reg (164 bytes security) (deflated 8%)
zip warning: name not matched: *.ini
zip error: Nothing to do! (backup.zip)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 79%)
adding: readme.txt (164 bytes security) (deflated 52%)
adding: report.txt (164 bytes security) (deflated 66%)
adding: test.txt (164 bytes security) (deflated 69%)
adding: test2.txt (164 bytes security) (deflated 17%)
adding: test3.txt (164 bytes security) (deflated 17%)
adding: test5.txt (164 bytes security) (deflated 17%)
adding: xfind.txt (164 bytes security) (deflated 62%)
adding: backregs/06CB1356-610F-430E-B2B3-5159FF1431A7.reg (164 bytes security) (deflated 69%)
adding: backregs/1075820A-FC77-4609-B0B9-815CDE8D8C76.reg (164 bytes security) (deflated 70%)
adding: backregs/94CC967E-3A1A-4353-A5B0-C4E39083FD90.reg (164 bytes security) (deflated 70%)
adding: backregs/D74BECAE-3C06-4D47-91A8-2DC81A4FD0A9.reg (164 bytes security) (deflated 70%)
adding: backregs/F2F1EC4A-89AF-495F-A128-8130A9FFD4AE.reg (164 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 88%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Registry permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(NI) ALLOW Full access NT-HALLINTA\SYSTEM
(IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Read BUILTIN\K?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\K?ytt?j?t
(ID-NI) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-IO) ALLOW Read BUILTIN\Tehok?ytt?j?t
(ID-NI) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-IO) ALLOW Full access NT-HALLINTA\SYSTEM
(ID-NI) ALLOW Full access BUILTIN\J?rjestelm?nvalvojat
(ID-IO) ALLOW Full access LUOJA-OMISTAJA
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332
Restoring Windows Update Certificates.:
deleting local copy: hrj8051ue.dll
deleting local copy: iwagehlp.dll
deleting local copy: k608lgdu1608.dll
deleting local copy: khdgkl.dll
deleting local copy: l0p2la7o1d.dll
deleting local copy: mnjtes40.dll
deleting local copy: mvrdim.dll
deleting local copy: p68qlgl516q.dll
deleting local copy: p6r4lg9q16.dll
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
The following are the files found:
****************************************************************************
C:\WINDOWS\system32\hrj8051ue.dll
C:\WINDOWS\system32\iwagehlp.dll
C:\WINDOWS\system32\k608lgdu1608.dll
C:\WINDOWS\system32\khdgkl.dll
C:\WINDOWS\system32\l0p2la7o1d.dll
C:\WINDOWS\system32\mnjtes40.dll
C:\WINDOWS\system32\mvrdim.dll
C:\WINDOWS\system32\p68qlgl516q.dll
C:\WINDOWS\system32\p6r4lg9q16.dll
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8D3588A0-DD4C-4195-BA7C-2039C4FF6D73}"=-
"{090C9F44-288F-462C-B9C1-F85010CB1AC1}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8D3588A0-DD4C-4195-BA7C-2039C4FF6D73}]
[-HKEY_CLASSES_ROOT\CLSID\{090C9F44-288F-462C-B9C1-F85010CB1AC1}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
|
Zipp2
Member
|
10. marraskuuta 2005 @ 11:58 |
Linkki tähän viestiin
|
Joo tuo Sweepperi vissiin poisti jonku jarrun sieltä ja nyt se näköjään toimi.
Laita vielä Hijack logi.
Joko pop-upit asettu.
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 12:00 |
Linkki tähän viestiin
|
Logfile of HijackThis v1.99.1
Scan saved at 16:59:42, on 10.11.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\MSN Messenger\msnmsgr.exe
D:\program files\valve\steam\steam.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe
C:\Documents and Settings\tuukka\Työpöytä\HijackThis.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "D:\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl... O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
Zipp2
Member
|
10. marraskuuta 2005 @ 12:04 |
Linkki tähän viestiin
|
Puhas on mutta päivityksiä puuttuu koneesta (Windows Update)
|
Mainos
|
|
|
TuukkaZ
Account closed as per user's own request
|
10. marraskuuta 2005 @ 12:06 |
Linkki tähän viestiin
|
kiitos kun jaksoit auttaa.
|
|