tarkistakaa HJT-logi

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by akslei, Mar 30, 2007.

  1. akslei

    akslei Regular member

    Joined:
    Oct 18, 2006
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    26
    HJT logi

    Logfile of HijackThis v1.99.1
    Scan saved at 9:52:22, on 31.3.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    c:\windows\system32\rlvknlg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\hijackthis\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Avaa uuteen etuvälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/230?3f09c9d873284f4595e74dc2d3c1fc1c
    O8 - Extra context menu item: Avaa uuteen taustavälilehteen - res://C:\Program Files\Windows Live Toolbar\Components\fi-fi\msntabres.dll.mui/229?3f09c9d873284f4595e74dc2d3c1fc1c
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL (file missing)
    O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160934651504
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
     
    akslei, Mar 30, 2007
    #1
  2. Auttaja

    Auttaja Guest

    Ensin lataa LSPfix.exe http://www.cexx.org/lspfix.htm sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä.

    NewDotNetin poisto; Mene;

    Käynnistä > Ohjauspaneeli > Lisää/Poista sovellus ja hävitä seuraava jos näkyy;

    New.Net Applications tai New.Net Domains (Mitä vain mikä sanoo New.Net)

    Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin.

    Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan.

    Ne saattavat estää New.Netin poiston.

    Lataa NNuninstall.exe http://www.new.net/support/NNuninstall.exe:



    * Tallenna se työpöydällesi.
    * Tupla-klikkaa NNuninstall.exe filua.
    * Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat.
    * Klikkaa Yes.
    * Klikkaa poiston jälkeen OK.
    * Käynnistä kone uudelleen ("Yes - Restart now") ellei jäänyt mitään muuta kesken, jos jäi, jätä kone päälle ("No - I will restart later).



    Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai
    osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä
    ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja
    NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja
    vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen.

    Tyhjennä roskakori.

    JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa)

    ***********



    1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
     
    Auttaja, Mar 30, 2007
    #2
  3. akslei

    akslei Regular member

    Joined:
    Oct 18, 2006
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    26
    kysyn vielä tosta new.netistä että mistä tuolta sivulta se ladataan koneelle? en löytänyt sieltä mitään kohtaan.
     
    akslei, Mar 31, 2007
    #3
  4. akslei

    akslei Regular member

    Joined:
    Oct 18, 2006
    Messages:
    103
    Likes Received:
    0
    Trophy Points:
    26
    tossa on toi combofixin logi


    "HP_Administrator" - 07-03-31 14:40:01 Service Pack 2
    ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\HP_Administrator\Desktop"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\NDNuninstall6_38.exe
    C:\WINDOWS\NDNuninstall7_48.exe
    C:\WINDOWS\system32\vbzip11.dll
    C:\uniq


    ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-31 ))))))))))))))))))))))))))))))))))


    2007-03-31 14:01 186,880 --a------ C:\Program Files\LSPFix.exe
    2007-03-30 20:05 926,241 --a------ C:\WINDOWS\system32\model.dat
    2007-03-30 20:05 729,088 --a------ C:\WINDOWS\system32\LDPackage.dll
    2007-03-30 20:05 53,248 --a------ C:\WINDOWS\system32\silc_dll.dll
    2007-03-29 19:10 245,760 --a------ C:\WINDOWS\system32\rlxf.dll
    2007-03-26 17:06 <KANSIO> d-------- C:\Program Files\PartyGaming
    2007-03-21 18:55 344,064 --a------ C:\WINDOWS\system32\rlls.dll
    2007-03-21 18:53 1,511,424 --a------ C:\WINDOWS\system32\rlvknlg.exe
    2007-03-21 18:52 8,464 --a------ C:\WINDOWS\system32\sporder.dll
    2007-03-21 18:52 <KANSIO> d-------- C:\Program Files\themexp
    2007-03-21 16:38 1,042,304 --a------ C:\WINDOWS\wweb32.dll
    2007-03-21 16:38 <KANSIO> d-------- C:\Program Files\WordWeb
    2007-03-21 16:38 <KANSIO> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WordWeb
    2007-03-16 17:58 <KANSIO> d-------- C:\Program Files\Error Safe Free
    2007-03-12 02:53 <KANSIO> d-------- C:\Program Files\PKR
    2007-03-12 02:09 4 --a------ C:\WINDOWS\system32\proc20744962.bin
    2007-03-12 02:09 <KANSIO> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\GanymedeNet
    2007-03-02 19:17 755,200 --a------ C:\WINDOWS\system32\Ir50_32.dll
    2007-03-02 19:17 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
    2007-03-02 19:17 199,168 --a------ C:\WINDOWS\system32\Ir32_32.dll
    2007-03-02 19:17 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
    2007-03-02 19:17 <KANSIO> d-------- C:\Program Files\Intel


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-03-31 14:06 -------- d-------- C:\Program Files\steam
    2007-03-28 10:58 -------- d--h----- C:\Program Files\installshield installation information
    2007-03-28 08:44 -------- d-------- C:\Program Files\msn messenger
    2007-03-18 18:22 -------- d-------- C:\Program Files\mozilla thunderbird
    2007-03-12 02:09 6971 --a------ C:\WINDOWS\mozver.dat
    2007-03-09 13:12 -------- d-------- C:\Program Files\java
    2007-02-22 16:49 -------- d-------- C:\Program Files\dscaler
    2007-02-22 16:48 57344 --a------ C:\WINDOWS\wnmhindr.exe
    2007-02-22 16:48 24576 --a------ C:\WINDOWS\system32\nmh040a.dll
    2007-02-22 16:46 -------- d-------- C:\Program Files\home media networks limited
    2007-02-22 16:46 -------- d-------- C:\Program Files\divx
    2007-02-22 16:45 724992 --a------ C:\WINDOWS\iun6002.exe
    2007-02-18 11:50 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\skype
    2007-02-13 19:50 -------- d-------- C:\Program Files\ffdshow
    2007-02-13 19:49 -------- d-------- C:\Program Files\k-lite codec pack
    2007-02-11 16:40 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\river past g4
    2007-02-11 13:37 163296 --a------ C:\WINDOWS\video cleaner pro uninstaller.exe
    2007-02-11 13:37 -------- d-------- C:\Program Files\river past
    2007-02-11 12:59 -------- d-------- C:\Program Files\quicktime
    2007-02-11 11:03 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\river past g5
    2007-02-09 11:21 -------- d-------- C:\Program Files\google
    2007-02-06 01:08 -------- d-------- C:\Program Files\subtitle workshop
    2007-02-04 01:09 -------- d-------- C:\Program Files\winmpg videoconvert
    2007-02-03 20:03 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\thunderbird
    2007-02-01 15:14 -------- d-------- C:\Program Files\mytheatre
    2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
    2006-12-23 21:32 251 --a------ C:\Program Files\wt3d.ini


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
    "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
    "KBD"="C:\\HP\\KBD\\KBD.EXE"
    "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DMAScheduler"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\Sonic\\DigitalMedia Plus\\DigitalMedia Archive\\DMAScheduler.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ehtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPwuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPBootOp"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hphupd08"
    "hkey"="HKLM"
    "command"="c:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NetLimiter"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\NetLimiter\\NetLimiter.exe /s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LAUNCH~1"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="PcSync2"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Skype"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
    63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
    6d,73,73,74,79,6c,65,73,00
    "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
    73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0




    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20070331-011139-191
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    backup-20070331-011139-705
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    backup-20070331-011139-928
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    backup-20070331-011139-971
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    backup-20070331-011139-737
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    backup-20070331-011139-634
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20070331-011139-242
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_48.dll
    backup-20070331-011139-271
    O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ERS.exe" /min
    backup-20070331-011139-538
    O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
    backup-20070331-011139-448
    O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
    backup-20070331-011139-955
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    backup-20061206-000518-282
    F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe

    ********************************************************************

    catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-03-31 14:43:19
     
    akslei, Mar 31, 2007
    #4
  5. Auttaja

    Auttaja Guest

    Last edited by a moderator: Mar 31, 2007
    Auttaja, Mar 31, 2007
    #5
  6. Hujo

    Hujo Guest

    Avaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta.

    siirä tämä vasemmanpuoleisesta laatikosta rlls.dll
    oikeanpuoleiseen laatikkoon ja paina Finish>>

     
    Hujo, Mar 31, 2007
    #6
  7. AlluDaMan

    AlluDaMan Regular member

    Joined:
    Feb 5, 2005
    Messages:
    214
    Likes Received:
    0
    Trophy Points:
    26
    j
     
    Last edited: Apr 1, 2007
    AlluDaMan, Mar 31, 2007
    #7
  8. Hujo

    Hujo Guest

    AlluDaMan oma viestiketju lokille.
    ja yllä olevan tyhjennys.
     
    Last edited by a moderator: Apr 1, 2007
    Hujo, Apr 1, 2007
    #8

Share This Page