Eli siis tässä on se logi eScanin jälkeen Logfile of HijackThis v1.99.1 Scan saved at 13:08:16, on 20.5.2005 Platform: Windows 2000 SP2 (WinNT 5.00.2195) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cpqalert.exe C:\WINNT\Cpqdiag\Cpqdfwag.exe C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE C:\WINNT\System32\svchost.exe C:\Program Files\Compaq\LCRMS\LCRMS.EXE C:\WINNT\System32\NMSSvc.exe C:\Norman\Nvc\BIN\NPFSVICE.EXE C:\Norman\Bin\Zanda.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe c:\dmi\win32\bin\Win32sl.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\System32\cpqdmi.exe C:\Norman\Nvc\bin\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\Norman\Nvc\BIN\NVCSCHED.EXE C:\Norman\Nvc\BIN\nipsvc.exe C:\WINNT\Explorer.EXE C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\WINNT\System32\Promon.exe C:\WINNT\System32\CHKADMIN.EXE C:\Norman\bin\ZLH.EXE C:\WINNT\loadqm.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ICQLite\ICQLite.exe C:\WINNT\System32\cdplayer.exe C:\WINNT\System32\internat.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Meca\MECA.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\interMute\AdSubtract\AdSub.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Norman\Nvc\bin\cclaw.exe C:\Norman\Nvc\BIN\NIP.EXE C:\Program Files\OpenOffice.org1.0\program\soffice.exe C:\Norman\Nvc\BIN\npfmsg2.exe C:\Norman\bin\niu.exe C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1508 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing) O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINNT\System32\adsubtb.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Promon.exe] Promon.exe O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [DeluxeCD] C:\WINNT\System32\cdplayer.exe -tray O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MECA] C:\Program Files\Meca\MECA.EXE O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe O4 - Startup: OpenOffice.org 1.0.lnk = C:\Program Files\OpenOffice.org1.0\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360 O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361 O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359 O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU) O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .wma: C:\Program Files\ampun ohjelmat\PLUGINS\npdsplay.dll O12 - Plugin for .WMV: C:\Program Files\ampun ohjelmat\PLUGINS\npdsplay.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{BC09A1F6-A639-4EC7-B727-C72CCAFF6988}: NameServer = 212.226.226.1,192.26.119.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{BC09A1F6-A639-4EC7-B727-C72CCAFF6988}: NameServer = 212.226.226.1,192.26.119.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{BC09A1F6-A639-4EC7-B727-C72CCAFF6988}: NameServer = 212.226.226.1,192.26.119.4 O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Insight Manager LC Remote Management (LCRMS) - Compaq Computer Corporation - C:\Program Files\Compaq\LCRMS\LCRMS.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe O23 - Service: NMS Service (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Nvc\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Win32sl - Intel - c:\dmi\win32\bin\Win32sl.exe
Suosittelisin Windows updatessa käymään jos vaikka IE:llä seikkailet. Toolbaareja on ainakin riittämiin.. Mese plussan poistaisin ja ajaisin eScanin (http://koti.mbnet.fi/pattaya1/escanmwav.htm ohje) ku tuol on tommoset C:\WINNT\System32\spoolsvc.exe O4 - HKLM\..\Run: [Spooler SubSystem App] Edit: Älä siis fixaa vielä noita ,mutta ton scanin voit ajaa. Toymaattia odotellessa.. Edit2: Voisit vaikka eScanin jälkeen pistää uuden Hijaska login ton vanhan login paikalle.
Poista Lisää/Poista sovelluksesta MessengerPlus! 3 Laita piilotiedostot näkyviin http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339 Sammuta Microsoft AntiSpyware fixin ajaksi Sammuta tuo prosessi tehtävienhallinnasta(Ctrl+Alt+Delete) C:\WINNT\System32\spoolsvc.exe Laita merkki noiden eteen HjT:ssä, sulje selain ja muut ikkunat, klikkaa Fix O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\System32\spoolsvc.exe O4 - HKCU\..\Run: [MessengersPlus-Upda] MsgPlusUp.exe O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsf.exe Käynnistä vikasietotilaan ja poista nuo C:\Program Files\===>MessengerPlus! 3<=== C:\WINNT\System32\===>spoolsvc.exe<=== HUOM! Ole tarkkana tuon kanssa Normaali käynnistys... auttoiko?
Kiitoksia vaan kauheesti! Kone tuntuu kyllä hieman nopeammalta kuin ennen. Mutta miten ton mese plussan kanssa, onko siitä paljonkin haittaa? Voiko sen jättää poistamatta ilman kovin vakavia seuraamuksia? Entä miten noitten toolbarien kanssa? Käytän selaimena firefoxia, mutta explorerkin on asennettuna.
Noi toolbaarithan (Google/Yahoo) saa poistettua lisää/poista sovelluksessa. Ite olen ainakin poistanu. ICQ:sta en ole varma. Sehän taitaa kysyä ,että "haluarko asentaa toolbaarin?" jo asennusvaiheessa. Pitää varmaa uudelleen asentaa jos sen haluaa pois. Toymaatin vastaus: Kyllä Toymaatti tietää
