Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

trodas Win2k SP4 log


  • This topic is locked This topic is locked
No replies to this topic

#1 trodas

trodas

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:graphic, movies, girlies, BDSM, electronics, quiet PCs and so on ;-)

Posted 27 April 2008 - 12:10 PM

All what I want to know is, why I can't delete register entry. Question was first asked there: http://forums.whatth...try_t90950.html


CCleaner is reporting an error in registers and offering to fix, but each time I fix it, it just show again in next scan. So I took a look in regedit and yes - one can't delete it.
Posted Image
The file Flash9b.ocx is not even existing anyway. I also tried end up all applications, finally even Eplorer and regedit was the only one application that run - yet I was still unable to remove this registers entry.
Anyone got a clue why?
I took a look using Process View and there is not any hidded processes anyway. Runscanner reporting nothing suspicious also.


And the problem persist, so there is the HijackThis log. Farily small, right? IE is removed completely from my system, so no worries about it.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:44, on 27.4.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\explorer.exe
D:\Tools\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - S-1-5-21-436374069-1677128483-839522115-500 Startup: network_passwords.lnk = D:\Install\network_passwords.bat (User '?')
O4 - S-1-5-21-436374069-1677128483-839522115-500 Startup: Folding.lnk = D:\Tools\folding\winFAH.exe (User '?')
O4 - Startup: network_passwords.lnk = D:\Install\network_passwords.bat
O4 - Startup: Folding.lnk = D:\Tools\folding\winFAH.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{299ADB4A-0E73-4CC7-87FE-750E65FB05B9}: NameServer = 82.114.192.15,82.114.192.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{299ADB4A-0E73-4CC7-87FE-750E65FB05B9}: NameServer = 82.114.192.15,82.114.192.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{299ADB4A-0E73-4CC7-87FE-750E65FB05B9}: NameServer = 82.114.192.15,82.114.192.6
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NetMeeting - Vzdálené sdílení plochy (mnmsrvc) - Unknown owner - C:\WINNT\System32\mnmsrvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

--
End of file - 1959 bytes



network_passwords.bat containing:

net use \\server\D /user:trodas xxx
net use \\trodas-jlx\D /user:trodas xxx
net use \\webserver\D /user:trodas xxx
net use \\testing\D /user:trodas xxx
net use \\testing2\D /user:trodas xxx
net use \\testing3\D /user:trodas xxx
net use \\testing4\D /user:trodas xxx
net use \\testing5\D /user:trodas xxx
net use \\duron\D /user:ivanka ""
net use \\jlx-comp\D /user:jlx ""
net use \\jlx-comp2\D /user:jlx ""
net stop "Network DDE"
net stop "Network DDE DSDM"
net stop PnkBstrB
net stop PnkBstrA

Very secure passwords :D


PS: added Runscanner log, just to be sure.

Attached Files


Edited by trodas, 27 April 2008 - 12:17 PM.

"It is dangerous to be right in matters on which the established authorities are wrong." - Voltaire
...just keep folding, just keep folding... :) my config

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users