Toymaatille HJT logi

Discussion in 'Virukset ja haittaohjelmat' started by DolbyR, May 30, 2005.

  1. DolbyR

    DolbyR Regular member

    Joined:
    Apr 28, 2004
    Messages:
    512
    Likes Received:
    0
    Trophy Points:
    26
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CLIX
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit


    Mitähän noista pitäisi poistaa? Search barit ja pop up rupee jo ottamaan päähän.
     
    DolbyR, May 30, 2005
    #1
  2. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Laita loki kokonaan.
     
    Toymaatti, May 31, 2005
    #2
  3. DolbyR

    DolbyR Regular member

    Joined:
    Apr 28, 2004
    Messages:
    512
    Likes Received:
    0
    Trophy Points:
    26
    Logfile of HijackThis v1.99.1
    Scan saved at 19:50:28, on 30.5.2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVFNSVR.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PSIMSVC.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVPROT9.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\FIREWALL\PAVFIRES.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVKRE9X.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SCANREGW.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\OHJELMATIEDOSTOT\COMPAQ\DIGITAL DASHBOARD\CPQMLDET.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\OHJELMATIEDOSTOT\COMPAQ\EASY ACCESS BUTTON SUPPORT\STARTEAK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\OHJELMATIEDOSTOT\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\COMPAQ\EAKDRV\EAUSBKBD.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\OHJELMATIEDOSTOT\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
    C:\OHJELMATIEDOSTOT\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\APVXDWIN.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\OHJELMATIEDOSTOT\MSN APPS\UPDATER\01.02.3000.1001\FI\MSNAPPAU.EXE
    C:\OHJELMATIEDOSTOT\LEXMARK X1100 SERIES\LXBKBMGR.EXE
    C:\OHJELMATIEDOSTOT\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\OHJELMATIEDOSTOT\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
    C:\COMPAQ\CPQINET\CPQINET.EXE
    C:\OHJELMATIEDOSTOT\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\OHJELMATIEDOSTOT\MSN MESSENGER\MSNMSGR.EXE
    C:\OHJELMATIEDOSTOT\LEXMARK X1100 SERIES\LXBKBMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\OHJELMATIEDOSTOT\NIKON\NKVIEW5\NKVMON.EXE
    C:\OHJELMATIEDOSTOT\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\WEBPROXY.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\AVLTMAIN.EXE
    C:\OHJELMATIEDOSTOT\YHTEISET TIEDOSTOT\REAL\UPDATE_OB\REALSCHED.EXE
    C:\OHJELMATIEDOSTOT\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CLIX
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\OHJELMATIEDOSTOT\MSN APPS\MSN TOOLBAR\01.02.4000.1001\FI\MSNTB.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\OHJELMATIEDOSTOT\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
    O2 - BHO: (no name) - {76814B6E-45B9-4A1E-A915-FB7D9D831FAF} - C:\WINDOWS\SYSTEM\OMAK.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1035,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\OHJELMATIEDOSTOT\MSN APPS\MSN TOOLBAR\01.02.4000.1001\FI\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [WCOLOREAL] C:\Ohjelmatiedostot\COMPAQ\COLOREAL\COLOREAL.EXE
    O4 - HKLM\..\Run: [Digital Dashboard] C:\Ohjelmatiedostot\Compaq\Digital Dashboard\CPQMLDET.exe
    O4 - HKLM\..\Run: [CPQEASYACC] C:\Ohjelmatiedostot\Compaq\Easy Access Button Support\StartEAK.exe
    O4 - HKLM\..\Run: [EACLEAN] C:\Ohjelmatiedostot\Compaq\Easy Access Button Support\eaclean.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\OHJELM~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [internat.exe] internat.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Ohjelmatiedostot\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Ohjelmatiedostot\Panda Software\Panda Titanium Antivirus 2005\apvxdwin.exe" /s
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Ohjelmatiedostot\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Ohjelmatiedostot\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [LexStart] lexstart.exe
    O4 - HKLM\..\Run: [CreateCD] C:\OHJELM~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Ohjelmatiedostot\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
    O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Ohjelmatiedostot\Panda Software\Panda Titanium Antivirus 2005\PSIMSVC.exe"
    O4 - HKLM\..\RunServices: [Pavprot9] "C:\Ohjelmatiedostot\Panda Software\Panda Titanium Antivirus 2005\Pavprot9.exe"
    O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\OHJELMATIEDOSTOT\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE"
    O4 - HKLM\..\RunServices: [PavProc] "C:\Ohjelmatiedostot\Yhteiset tiedostot\Panda Software\PavShld\PavPrS9x.exe"
    O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Ohjelmatiedostot\Panda Software\Panda Titanium Antivirus 2005\FIREWALL\pavfires.exe"
    O4 - HKLM\..\RunServices: [Pavkre9x] "C:\Ohjelmatiedostot\Panda Software\Panda Titanium Antivirus 2005\pavkre9x.exe"
    O4 - HKLM\..\RunServices: [panda cleaner] %SystemRoot%\pavdr.exe
    O4 - HKCU\..\Run: [STManager] "C:\Ohjelmatiedostot\SpeedTouch\Dr SpeedTouch\drst.exe" -b
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Ohjelmatiedostot\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Ohjelmatiedostot\Yhteiset tiedostot\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - Startup: NkvMon.exe.lnk = C:\Ohjelmatiedostot\Nikon\NkView5\NkvMon.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Ohjelmatiedostot\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O18 - Filter: text/html - {62FD85D9-92BA-4542-AF70-5D7DE66A32CB} - C:\WINDOWS\SYSTEM\OMAK.DLL
    O18 - Filter: text/plain - {62FD85D9-92BA-4542-AF70-5D7DE66A32CB} - C:\WINDOWS\SYSTEM\OMAK.DLL

     
    DolbyR, May 31, 2005
    #3
  4. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Laita piilotiedostot näkyviin
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

    Hae työkalu
    http://www.derbilk.de/SpSeHjfix112.zip
    Asenna se työpöydälle omaan kansioon.
    Käynnistä ohjelma, ja kun kone käynnistyy uudelleen mene vikasietotilaan.
    Laita merkki noiden eteen HjT:ssä ja klikkaa Fix
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = CLIX
    O2 - BHO: (no name) - {76814B6E-45B9-4A1E-A915-FB7D9D831FAF} - C:\WINDOWS\SYSTEM\OMAK.DLL
    O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O18 - Filter: text/html - {62FD85D9-92BA-4542-AF70-5D7DE66A32CB} - C:\WINDOWS\SYSTEM\OMAK.DLL
    O18 - Filter: text/plain - {62FD85D9-92BA-4542-AF70-5D7DE66A32CB} - C:\WINDOWS\SYSTEM\OMAK.DLL

    Tyhjennä tuo tempkansio
    C:\WINDOWS\TEMP

    Etsi ja poista tuo
    C:\WINDOWS\SYSTEM\===>OMAK.DLL<===

    Käynnistä normaalisti...toimiiko?
     
    Toymaatti, May 31, 2005
    #4

Share This Page