ja HJT-Logi pukkais taas kerran....

Discussion in 'Virukset ja haittaohjelmat' started by japo82, May 2, 2006.

  1. japo82

    japo82 Guest

    sain tällasen vanhan paskan netti koneen niin ajattelin tarkistaa onko kauheeta kakkaa pääsyt koneelle...

    Logfile of HijackThis v1.99.1
    Scan saved at 22:57:02, on 2.5.2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\OHJELMATIEDOSTOT\AHEAD\INCD\INCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\OHJELMATIEDOSTOT\MSN APPS\UPDATER\01.03.0000.1005\FI\MSNAPPAU.EXE
    C:\OHJELMATIEDOSTOT\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\OHJELMATIEDOSTOT\INTERNET EXPLORER\IEXPLORE.EXE
    C:\HJT\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://elisa.net/paketti/haku.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\OHJELMATIEDOSTOT\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\OHJELMATIEDOSTOT\MSN APPS\MSN TOOLBAR\01.02.4000.1001\FI\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\OHJELMATIEDOSTOT\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\OHJELMATIEDOSTOT\MSN APPS\MSN TOOLBAR\01.02.4000.1001\FI\MSNTB.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\OHJELMATIEDOSTOT\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [InCD] C:\Ohjelmatiedostot\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [!!!!01234-aaaati-gr-w120x90] C:\WINDOWS\PROFILES\POMITSU\APPLIC~1\WEBCAM~1.EXE /ns
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Ohjelmatiedostot\MSN Apps\Updater\01.03.0000.1005\fi\msnappau.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Ohjelmatiedostot\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Ohjelmatiedostot\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Microsoft Office.lnk = C:\Ohjelmatiedostot\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Palvelut - {0B49B8B0-BC03-48A2-8A34-3798C08FF186} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Tuki - {0D45C86B-EB14-4A27-A025-E4949FEAA040} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {C9953877-F7FD-4B28-BB4F-FF7E83C61B05} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .spop: C:\OHJELM~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
     
    japo82, May 2, 2006
    #1
  2. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Käynnistä hjt, klikkaa do a system scan only, merkkaa:
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    Sulje muut ikkunat ja klikkaa fix checked.

    Poista:
    C:\WINDOWS\web\[bold]related.htm[/bold]

    Virustorjuntaa (esim. Avast) vielä koneelle.

    EDIT:
    Fixaa tämäkin:
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
     
    Last edited: May 2, 2006
    blade81, May 2, 2006
    #2
  3. japo82

    japo82 Guest

    Kiitosta taas kerran Blade....=) kerkesin laittaa jo sen avastin heh
     
    japo82, May 3, 2006
    #3
  4. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    No prob. :)
     
    blade81, May 3, 2006
    #4

Share This Page