läppäri, viruksia löytyi! apua tarvitaan.

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by p2pman, Sep 23, 2009.

  1. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    ei millään pysy koneet puhtaana... täs läppäris on ennenkin ollu noi sdra64 ja joku lowsec... mistä ihmeestä ne koko ajan tunkee takas? pitäskö salasanoja vaihtaa? viimeisimpänä muttei suinkaan vähäisimpänä on HijackThis-loki.


    Malwarebytes' Anti-Malware 1.41
    Tietokantaversio: 2844
    Windows 6.0.6002 Service Pack 2

    23.9.2009 7:11:30
    mbam-log-2009-09-23 (07-11-30).txt

    Tarkistustyyppi: Täysi tarkistus (C:\|D:\|E:\|)
    Tarkistetut kohteet: 266821
    Kulunut aika: 6 hour(s), 11 minute(s), 15 second(s)

    Saastuneita muistiprosesseja: 1
    Saastuneita muistimoduuleja: 0
    Saastuneita rekisteriavaimia: 4
    Saastuneita rekisteriarvoja: 1
    Saastuneita rekisterikohteita: 3
    Saastuneita hakemistoja: 1
    Saastuneita tiedostoja: 4

    Saastuneita muistiprosesseja:
    C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Saastuneita muistimoduuleja:
    (Haitallisia kohteita ei löydetty)

    Saastuneita rekisteriavaimia:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

    Saastuneita rekisteriarvoja:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

    Saastuneita rekisterikohteita:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

    Saastuneita hakemistoja:
    C:\Windows\System32\lowsec (Stolen.data) -> Delete on reboot.

    Saastuneita tiedostoja:
    C:\Windows\System32\BReWErS.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
    C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
    C:\Windows\System32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.




    HiJackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:21:25, on 23.9.2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\IObit Security 360\IS360srv.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\TUProgSt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Advanced SystemCare 3\AWC.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Windows\PLFSetI.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\WinSnap\WinSnap.exe
    C:\Program Files\PeerGuardian2\pg2.exe
    C:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
    C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE
    C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
    C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
    C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\hjt\o.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
    O2 - BHO: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKCU\..\Run: [WinSnap] "C:\Program Files\WinSnap\WinSnap.exe" /startup
    O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
    O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &L&ataa &BitCometilla - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &L&ataa jaujju videot BitCometilla - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &L&ataa kaikki BitCometilla - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250197400069
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250197708978
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{22205826-0CBB-437A-9404-7F7ADCEC96A8}: NameServer = 217.112.252.215,82.118.211.204
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BitComet AntiARP - Unknown owner - C:\Program Files\BitCometAntiARP\BitCometAntiARP.exe (file missing)
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: IS360service - IObit - C:\Program Files\IObit Security 360\IS360srv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 11887 bytes
     
    Last edited: Feb 1, 2017
    p2pman, Sep 23, 2009
    #1
  2. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    sdra64.exe pitäisi näkyä HJT logilla
    Fixsaatko sen piiloon ennen login tänne lähettämistä ???

    -------------------------------------------------------------

    Tässä hommassa on jotain mätää mitä minä en tiedä !!!

    Käytätkö => Sandboxie

    Sulla on käynnissä 13 kpl svchost.exe
    Lepotilassa ei pitäisi olla yhtään.

    Tämä on tosipaha vuotamaan luvattomia => VNC Server Version 4

    ------------------------------------------------------

    Katsotaan ensin tuo =>

    Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

    Tupla-klikkaa SystemLook.exe ajaaksesi sen.

    Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

    Code:
    :regfind
sdra64

:filefind 
sdra64.exe

:dir
C:\WINDOWS\system32\drivers\etc /s

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Klikkaa nappulaa Look aloittaaksesi skannauksen.

    Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
    Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
    Kopio ja liitä se seuraavaan viestiisi.
    (Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

    *******************************************************************************

    Lähetä => SystemLook.txt

    Sitten raakimmanjäkeen koneelta turhia härpäkkeitä pois
    :D
    .
     
    kalminen, Sep 23, 2009
    #2
  3. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    en. kai toi anti-malware poisti sen...
    en nyt hetkeen oo käyttäny sandboxieta mutta antaa olla sen siellä.
    ja joskus kun oon tehtävienhallintaa kattellu niin on ollu joskus toi svchost monta kertaa päällä.. ja mitä sit teen tuon vnc:n kanssa? joskus on tarvetta sen käytölle. tälle koneelle kukaan ei yhdistä mut mä yhdistän sillä toisiin koneisiin joskus.


    SystemLook


    SystemLook v1.0 by jpshortstuff (29.08.09)
    Log created at 17:09 on 23/09/2009 by Wlan (Administrator - Elevation successful)

    ========== regfind ==========

    Searching for "sdra64"
    No data found.

    ========== filefind ==========

    Searching for "sdra64.exe"
    No files found.

    ========== dir ==========

    C:\WINDOWS\system32\drivers\etc - Parameters: "/s"

    ---Files---
    hosts --a--- 337147 bytes [10:23 02/11/2006] [19:48 19/09/2009]
    hosts.20090328-230404.backup --a--- 761 bytes [21:04 28/03/2009] [21:41 18/09/2006]
    hosts.20090403-190846.backup --a--- 304035 bytes [16:08 03/04/2009] [07:55 02/04/2009]
    hosts.20090414-201804.backup --a--- 304423 bytes [17:18 14/04/2009] [20:34 10/04/2009]
    hosts.20090414-202243.backup -ra--- 1039 bytes [17:22 14/04/2009] [17:18 14/04/2009]
    hosts.20090429-211336.backup --a--- 304423 bytes [18:13 29/04/2009] [17:43 22/04/2009]
    hosts.20090616-185101.backup --a--- 306017 bytes [15:51 16/06/2009] [15:07 03/06/2009]
    hosts.20090625-214601.backup -ra--- 306017 bytes [10:23 02/11/2006] [15:51 16/06/2009]
    hosts.20090703-174733.backup --a--- 307363 bytes [14:47 03/07/2009] [13:31 28/06/2009]
    hosts.20090715-000741.backup --a--- 316910 bytes [21:07 14/07/2009] [16:49 07/07/2009]
    hosts.20090715-001457.backup -ra--- 1039 bytes [21:14 14/07/2009] [21:07 14/07/2009]
    hosts.20090815-050656.backup --a--- 327815 bytes [02:06 15/08/2009] [17:06 14/08/2009]
    hosts.20090822-152840.backup --a--- 332719 bytes [12:28 22/08/2009] [21:54 21/08/2009]
    hosts.20090831-000424.backup --a--- 335463 bytes [21:04 30/08/2009] [01:03 29/08/2009]
    hosts.msn --a--- 335463 bytes [14:09 30/08/2009] [01:03 29/08/2009]
    lmhosts.sam --a--- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006]
    networks --a--- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006]
    protocol --a--- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006]
    services --a--- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006]

    No folders found.

    ========== reg ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "AutoLogonCount"= 0x00000003e7 (999)
    "AutoRestartShell"= 0x0000000001 (1)
    "Background"="0 0 0"
    "cachedlogonscount"="10"
    "DebugServerCommand"="no"
    "DisableCAD"= 0x0000000001 (1)
    "forceunlocklogon"= 0000000000 (0)
    "LegalNoticeCaption"=""
    "LegalNoticeText"=""
    "passwordexpirywarning"= 0x000000000e (14)
    "PowerdownAfterShutdown"="0"
    "ReportBootOk"="1"
    "ScreenSaverGracePeriod"="5"
    "scremoveoption"="0"
    "Shell"="explorer.exe"
    "ShutdownFlags"= 0x0000000027 (39)
    "ShutdownWithoutLogon"="0"
    "Userinit"="C:\Windows\system32\userinit.exe,"
    "VmApplet"="rundll32 shell32,Control_RunDLL "sysdm.cpl""
    "WinStationsDisabled"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


    -=End Of File=-
     
    p2pman, Sep 23, 2009
    #3
  4. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Onneksi tuo pöpö ei ole pesiytynyt koneellesi !!!

    Eli sinä haet sen uudelleen jostain. (mutta mistä) ???

    :D
    .


     
    kalminen, Sep 24, 2009
    #4
  5. p2pman

    p2pman Regular member

    Joined:
    Apr 27, 2007
    Messages:
    540
    Likes Received:
    0
    Trophy Points:
    26
    en tiiä... pitää olla kait sitten tarkkana. onko tarvetta salasanojen vaihdolle?
     
    p2pman, Sep 24, 2009
    #5
  6. 79atanos

    79atanos Regular member

    Joined:
    May 19, 2008
    Messages:
    1,945
    Likes Received:
    15
    Trophy Points:
    48
    Moro p2pman :)

    Olethan näihin tutustunut?
    Käytä UAC:ta
    Käytä päivittäisessä käytössä normaalia käyttäjätiliä

    Lisää juttua UAC:sta ja normitilistä:
    http://nekon-blogi.blogspot.com/2008/12/onko-siin-vistassa-mitn-parempaa-kuin.html

    Jos noiden jälkeen koneeltasi löytyy vielä örkkejä, niin sitten joku käyttämistäsi ohjelmista vuotaa pahasti tai lataat/joku muu lataa tiedostoja/ohjelmia epäluotettavista lähteistä. Pelkästään noilla toimilla olen saanut pidettyä koneeni täysin puhtaana ilman mitään ongelmia, ja mulla ei ole edes virustorjuntaa asennettuna, tämä ei ole tosin ihan suositeltavaa kaikille.
     
    79atanos, Sep 24, 2009
    #6
  7. kalminen

    kalminen Regular member

    Joined:
    May 4, 2007
    Messages:
    3,915
    Likes Received:
    0
    Trophy Points:
    46
    Kyllähän näillä on vahva osuus asiaan =>

    BitComet

    PeerGuardian

    :D
    .
     
    kalminen, Sep 24, 2009
    #7

Share This Page