hijackthis-logini

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

sunnuntai 28.12.2025 / 08:06

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hijackthis-logini

Aiheet

Keskustelualueet

Aloita uusi viestiketju

hijackthis-logini

Siirry:

Kirjoittaja

Viesti

Vigilante

Suspended due to non-functional email address

17. lokakuuta 2006 @ 07:33

Linkki tähän viestiin

öytyiskö tästä logista jotain, joka selittäisi miks muuten niin nopea yhteys on muutaman päivän tökkinyt oikein kunnolla, ihan nettiselailussa siis. Kiitoksia jo etukäteen.

Logfile of HijackThis v1.99.1
Scan saved at 22:30:34, on 2006-10-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\MSN Messenger\msnmsgr.exe
c:\program\intern~1\iexplore.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program\Snagit\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82BB40A4-3728-82B5-881C-F40F2192250F} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program\Snagit\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Skype] "D:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [For link] C:\DOCUME~1\Lars\APPLIC~1\SECTEL~1\errorinfobin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27109EB2-3A0A-4726-86AE-0C0691803463}: NameServer = 194.165.224.165,194.165.224.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1D10A7-D907-48AC-98D2-5CA77EB79648}: NameServer = 194.165.224.165,194.165.224.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{27109EB2-3A0A-4726-86AE-0C0691803463}: NameServer = 194.165.224.165,194.165.224.190
O17 - HKLM\System\CS2\Services\Tcpip\..\{27109EB2-3A0A-4726-86AE-0C0691803463}: NameServer = 194.165.224.165,194.165.224.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program\TuneUp\WinStylerThemeSvc.exe

[ + lainaa]

Nainen tulee ennen konetta!

Vigilante

Suspended due to non-functional email address

17. lokakuuta 2006 @ 08:08

Linkki tähän viestiin

Smifraud antoi seuraavanlaisen login:

SmitFraudFix v2.110

Scan done at 11:06:29,95, 2006-10-17
Run from C:\Documents and Settings\Lars\Skrivbord\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lars

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lars\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lars\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

[ + lainaa]

Nainen tulee ennen konetta!

kairis

Member

17. lokakuuta 2006 @ 09:07

Linkki tähän viestiin

Moi.
Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.spywaretimes.com/Tools/downlo...ab6208a197bcc5/
http://www.thespykiller.co.uk/forum/inde...tpmod;dl=item16

Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen

Tuplaklikkaa NoLop.exe ajaaksesi sen

Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy.
Klikkaa OK
Klikkaa "REBOOT"-painiketta.
NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu.
Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered,"
lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32).
Tämän jälkeen aja ohjelma uudestaan.
http://www.boletrice.com/downloads/mscomctl.ocx

Onko IP:si Ruotsissa?

[ + lainaa]

~kairis~

Vigilante

Suspended due to non-functional email address

17. lokakuuta 2006 @ 10:18

Linkki tähän viestiin

IP on Ruotsissa:)

Eli tässä nämä logit:

NoLop:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Lars\Skrivbord
[2006-10-17]
[13:09:03]

---Infection Files Found/Removed---
C:\Documents and Settings\Lars\Application Data\sect else part\File fork intra.exe
C:\Documents and Settings\Lars\Application Data\sect else part\inter idle default internet.exe
C:\Documents and Settings\All Users\Application Data\window mode pure fork\antiroad.exe
C:\Documents and Settings\Lars\Application Data\sect else part\kmihzbfl.exe
C:\WINDOWS\tasks\AF688534968F00AC.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Graphpad Software
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nvidia
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pdf995
C:\Documents and Settings\All Users\Application Data\Skype -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Ssh
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Techsmith
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Lars\Application Data\Adobe
C:\Documents and Settings\Lars\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Lars\Application Data\Apple Computer
C:\Documents and Settings\Lars\Application Data\Dvdcss
C:\Documents and Settings\Lars\Application Data\F-secure
C:\Documents and Settings\Lars\Application Data\Gearbox Software
C:\Documents and Settings\Lars\Application Data\Graphpad Software
C:\Documents and Settings\Lars\Application Data\Identities
C:\Documents and Settings\Lars\Application Data\Intervideo
C:\Documents and Settings\Lars\Application Data\Isolatedstorage
C:\Documents and Settings\Lars\Application Data\Joy Send -- EMPTY Directory
C:\Documents and Settings\Lars\Application Data\Kazaa Lite
C:\Documents and Settings\Lars\Application Data\Lavasoft
C:\Documents and Settings\Lars\Application Data\Locktime
C:\Documents and Settings\Lars\Application Data\Macromedia
C:\Documents and Settings\Lars\Application Data\Media Player Classic
C:\Documents and Settings\Lars\Application Data\Microsoft
C:\Documents and Settings\Lars\Application Data\Mozilla
C:\Documents and Settings\Lars\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Lars\Application Data\Pdf995
C:\Documents and Settings\Lars\Application Data\Real
C:\Documents and Settings\Lars\Application Data\Skype
C:\Documents and Settings\Lars\Application Data\Ssh
C:\Documents and Settings\Lars\Application Data\Sun
C:\Documents and Settings\Lars\Application Data\Talkback
C:\Documents and Settings\Lars\Application Data\Tuneup Software
C:\Documents and Settings\Lars\Application Data\Ubi.com
C:\Documents and Settings\Lars\Application Data\Utorrent
C:\Documents and Settings\Lars\Application Data\Vlc
C:\Documents and Settings\Lars\Application Data\Vso
C:\Documents and Settings\Lars\Application Data\Vso_hwe -- EMPTY Directory
C:\Documents and Settings\Lars\Application Data\Whenu
C:\Documents and Settings\Lars\Application Data\Wsinspector
C:\Documents and Settings\Lars\Application Data\Xfire
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13:15:12, on 2006-10-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Delade filer\Symantec Shared\ccProxy.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program\Skype\Phone\Skype.exe
C:\Program\Windows NT\Tillbehör\WORDPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program\Snagit\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {82BB40A4-3728-82B5-881C-F40F2192250F} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program\Snagit\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "D:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27109EB2-3A0A-4726-86AE-0C0691803463}: NameServer = 194.165.224.165,194.165.224.190
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E1D10A7-D907-48AC-98D2-5CA77EB79648}: NameServer = 194.165.224.165,194.165.224.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{27109EB2-3A0A-4726-86AE-0C0691803463}: NameServer = 194.165.224.165,194.165.224.190
O17 - HKLM\System\CS2\Services\Tcpip\..\{27109EB2-3A0A-4726-86AE-0C0691803463}: NameServer = 194.165.224.165,194.165.224.190
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program\TuneUp\WinStylerThemeSvc.exe

[ + lainaa]

Nainen tulee ennen konetta!

kairis

Member

17. lokakuuta 2006 @ 12:11

Linkki tähän viestiin

Moro. Örkki lähti, hyvin toimittu ;)
Sulje selaimet ja muut ohjelmat, käynnistä HijackThis, klikkaa? do a system scan only ?.
Merkkaa nämä rivit ja paina Fix checked :
O2 - BHO: (no name) - {82BB40A4-3728-82B5-881C-F40F2192250F} - (no file)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

Lataappas vielä tämä:
1. Lataa combofix.exe tiedosto työpöydällesi.
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

~kairis~

Vigilante

Suspended due to non-functional email address

17. lokakuuta 2006 @ 12:27

Linkki tähän viestiin

ok, pitääpä tehdä vielä tuo. Mitähän nuo 02 ja 018 oikeen ovat ja sisältävät?

[ + lainaa]

Nainen tulee ennen konetta!

Vigilante

Suspended due to non-functional email address

17. lokakuuta 2006 @ 12:32

Linkki tähän viestiin

tässäpä se logi olisi:

((((((((((((((((((((((((((((((( Files Created from 2006-09-17 to 2006-10-17 ))))))))))))))))))))))))))))))))))

2006-10-17 08:58 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-16 10:40 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-16 10:22 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2006-10-16 10:21 208,896 --a------ C:\WINDOWS\system32\nvuaudio.exe
2006-10-16 10:21 208,896 --------- C:\WINDOWS\system32\nvuide.exe
2006-10-16 10:20 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-10-16 10:20 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-10-16 10:20 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-16 10:20 101,888 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2006-10-15 21:01 615,424 --a------ C:\WINDOWS\system32\WF2KCPL.dll
2006-10-15 21:01 327,168 --a------ C:\WINDOWS\IsUn041d.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-17 14:29 -------- d-------- C:\Program\Mozilla Firefox
2006-10-17 14:28 -------- d-------- C:\Documents and Settings\Lars\Application Data\uTorrent
2006-10-17 09:22 -------- d-------- C:\Documents and Settings\Lars\Application Data\Skype
2006-10-17 08:58 -------- d-------- C:\Program\Grisoft
2006-10-17 08:58 -------- d-------- C:\Program\Delade filer\Symantec Shared
2006-10-16 21:02 -------- d-------- C:\Program\PeerGuardian2
2006-10-16 10:21 -------- d--h----- C:\Program\InstallShield Installation Information
2006-10-16 10:21 -------- d-------- C:\Program\NVIDIA Corporation
2006-10-16 10:21 -------- d-------- C:\Program\Delade filer\NVIDIA Shared
2006-10-16 10:21 -------- d-------- C:\Program\Delade filer
2006-10-15 12:05 -------- d-------- C:\Documents and Settings\Lars\Application Data\dvdcss
2006-10-15 00:00 -------- d-------- C:\Program\GameShadow
2006-10-14 10:45 -------- d-------- C:\Program\Lavasoft
2006-10-14 10:45 -------- d-------- C:\Documents and Settings\Lars\Application Data\Lavasoft
2006-10-12 11:15 -------- d---s---- C:\Documents and Settings\Lars\Application Data\Microsoft
2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 14:19 -------- d-------- C:\Documents and Settings\Lars\Application Data\wsInspector
2006-09-05 13:58 -------- d-------- C:\Program\NVTweak
2006-09-05 13:53 -------- d-------- C:\Program\Internet Explorer
2006-09-04 16:51 -------- d-------- C:\Program\Symantec Client Security
2006-09-04 16:51 -------- d-------- C:\Program\Symantec
2006-09-04 12:47 -------- d---s---- C:\Program\Xfire
2006-09-04 12:47 -------- d-------- C:\Documents and Settings\Lars\Application Data\Xfire
2006-09-04 12:46 18048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-09-04 12:46 165376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-09-03 16:02 -------- d-------- C:\Documents and Settings\Lars\Application Data\IsolatedStorage
2006-09-03 15:37 -------- d-------- C:\Program\MSN Messenger
2006-09-03 15:37 -------- d-------- C:\Program\Delade filer\Microsoft Shared
2006-09-02 18:04 -------- d-------- C:\Documents and Settings\Lars\Application Data\TuneUp Software
2006-09-02 18:03 -------- d-------- C:\Program\Delade filer\Wise Installation Wizard
2006-09-02 12:42 -------- d-------- C:\Program\Hmonitor
2006-08-31 17:47 -------- d-------- C:\Program\Epoq Design
2006-08-30 08:58 -------- d-------- C:\Documents and Settings\Lars\Application Data\Joy Send
2006-08-27 13:17 -------- d-------- C:\Program\RivaTuner v2.0 RC 16
2006-08-25 17:54 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-19 12:18 7188 --a------ C:\WINDOWS\system32\drivers\Hmonitor.sys
2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-08-11 21:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-08-11 21:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-08-11 21:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-08-11 21:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-08-11 21:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-08-11 21:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-08-11 21:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-08-11 21:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-08-11 21:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-08-11 21:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-08-11 21:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-08-11 21:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-08-11 21:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-08-11 21:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-08-11 21:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-08-11 21:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-08-11 21:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-08-11 21:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-08-11 21:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-08-11 21:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-08-11 21:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-08-11 21:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-08-11 21:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-08-11 21:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-08-11 21:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:30 72704 --a------ C:\WINDOWS\system32\hlink.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"D:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
@=""
"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\Program\\SYMANT~1\\SYMANT~2\\VPTray.exe"
"NVMixerTray"="\"C:\\Program\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ HijackThis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061017-152919-718
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20061017-152919-997
O2 - BHO: (no name) - {82BB40A4-3728-82B5-881C-F40F2192250F} - (no file)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-17 15:30:25.46
C:\ComboFix.txt ... 06-10-17 15:30

[ + lainaa]

Nainen tulee ennen konetta!

Mainos

kairis

Member

18. lokakuuta 2006 @ 04:41

Linkki tähän viestiin

Combofixin loki on kunnossa.
Nuo 02 ja 018-rivit ovat virusten jämiä.
Miten kone nyt toimii?

[ + lainaa]

~kairis~

Viestiketju on suljettu. Uusien viestien lähettäminen ei ole mahdollista.

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > hijackthis-logini


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.