pätkii

rekkumo · Jan 21, 2007

elikkä oon formatoinut pari päivää sit kun oli jumalaton mato vallannut koko koneen ja jopa sen jälkeenkin tuli noita DCOM exploitteja, nyt sit vaihdoin sygaten ja ei o otullut niitä mutta tuntuu että pätkii silti joku joten tässä ois tää hijack logi niin katelkaas jos o jotai ongelmaa

Logfile of HijackThis v1.99.1
Scan saved at 14:18:22, on 21.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\ohjelmat\sygate\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\ohjelmat\Winamp\winampa.exe
D:\ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
D:\avast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\avast\aswUpdSv.exe
D:\avast\ashServ.exe
D:\ohjelmat\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\avast\ashMaiSv.exe
D:\avast\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
D:\ohjelmat\mirc\mirc.exe
D:\ohjelmat\Winamp\winamp.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mara\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] D:\ohjelmat\sygate\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C8D0A3D-5362-4A9E-9C97-0B759A06112F}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\ohjelmat\sygate\smc.exe

kelari · Jan 21, 2007

mineä hjt uudelleen C:\DOCUME~1\Mara\LOCALS~1\Temp\Rar$EX00.375\HijackThis.exe näin C:\DOCUME~1\Mara\LOCALS~1\Temp\Rar$EX00.375\skanneri.exe ja laita uusi hjt-logi

rekkumo · Jan 21, 2007

Tosiaan mulla kyselee kokoajan tuo Kerio että sallitaanko toi Kerio personall firewall 4 - GUI jostain IP:stä ja oon laittanut sitten että deny mutta vaikuttaako tuo jotenkin palomuurin toimintaan, ja toinen asia on että jos joku kokeilee pingata mua tuo kerio päällä ei pingiä saa..onko säädöt vituillaa?

Logfile of HijackThis v1.99.1
Scan saved at 0:12:51, on 22.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\ohjelmat\Winamp\winampa.exe
D:\ohjelmat\AVG Anti-Spyware 7.5\avgas.exe
D:\avast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
D:\avast\aswUpdSv.exe
D:\avast\ashServ.exe
D:\ohjelmat\AVG Anti-Spyware 7.5\guard.exe
D:\kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\kerio\Personal Firewall 4\kpf4gui.exe
D:\avast\ashMaiSv.exe
D:\avast\ashWebSv.exe
D:\kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\ohjelmat\mirc\mirc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mara\LOCALS~1\Temp\Rar$EX00.438\skanneri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\ohjelmat\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] D:\avast\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C8D0A3D-5362-4A9E-9C97-0B759A06112F}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\ohjelmat\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - D:\kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Log in or Sign up

pätkii

rekkumo Member

kelari Regular member

rekkumo Member

Share This Page

Log in or Sign up

pätkii

rekkumo Member

kelari Regular member

rekkumo Member

Share This Page

Useful Searches