hjt-logi tarkistus

mikjo · Apr 11, 2006

Viitsisikö joku vilkaista onko koneessani kaikki toiminnot ok, omiin kykyihini tunnistaa viruksia kun en vielä luota.

Sekä samalla kyselisin onko Norton Antivirus + Sygate Personal Firewall riittävät ohjelmat suojaamaan konetta pöpöiltä?

Logfile of HijackThis v1.99.1
Scan saved at 0:50:30, on 12.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Sygate\SPF\smc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
G:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Program Files\Common Files\Real\Update_OB\realsched.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\QuickTime\qttask.exe
G:\WINDOWS\system32\ctfmon.exe
g:\progra~1\intern~1\iexplore.exe
G:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
G:\Program Files\Norton AntiVirus\SAVScan.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\WINDOWS\system32\mmc.exe
G:\Program Files\Messenger\msmsgs.exe
G:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ayxosebonmeytoj.com/AsUiHsn/Zi9IakDYJFXy63Alo42MMTBr5h5zzB6B0ndl8GZUcr383tqnAnGQ7DkZ.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fwgdugwrsioobonubr.net/AsUiHsn/Zi/hGhHg66mDCBk9tbW69O_ToaElSAjnUg4.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26488C52-2317-7C98-1D84-77C09DA556AD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CF0B113C-9EF8-9260-C8E6-F5801C69112B} - G:\DOCUME~1\SEPPOK~1\APPLIC~1\Meetglue\bleh aim.exe
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] G:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "G:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] "G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RegsSkipIsoTrans] G:\Documents and Settings\All Users\Application Data\bold peak regs skip\cool bleh.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [procerror] G:\DOCUME~1\SEPPOK~1\APPLIC~1\BITSMA~1\Antirefburn.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103648186531
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - G:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - G:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - G:\WINDOWS\csrs.exe (file missing)

-kemisti- · Apr 11, 2006

Eipä se kyllä ihan kunnossa ole.

Poista ohjauspaneelista (lisää/poista sovellus, jos on):

Messenger Plus !3

Hae ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186
Älä skannaa vielä.

Hae findlop ->
http://metallica.geekstogo.com/findlop.zip

Pura ja tuplaklikkaa findlop.bat
Logi löytyy tuolta C:\findlop.txt

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ayxosebonmeytoj.com/AsUiHsn/Zi9IakDYJFXy63Alo42MMTBr5h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fwgdugwrsioobonubr.net/AsUiHsn/Zi/hGhHg66mDCBk9tbW69O_...
O2 - BHO: (no name) - {26488C52-2317-7C98-1D84-77C09DA556AD} - (no file)
O2 - BHO: (no name) - {CF0B113C-9EF8-9260-C8E6-F5801C69112B} - G:\DOCUME~1\SEPPOK~1\APPLIC~1\Meetglue\bleh aim.exe
O4 - HKLM\..\Run: [RegsSkipIsoTrans] G:\Documents and Settings\All Users\Application Data\bold peak regs skip\cool bleh.exe
O4 - HKCU\..\Run: [procerror] G:\DOCUME~1\SEPPOK~1\APPLIC~1\BITSMA~1\Antirefburn.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - G:\WINDOWS\System32\mousecrm.exe (file missing)
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - G:\WINDOWS\csrs.exe (file missing)

Myös näitä voi fixata maun mukaan:

O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE

Sitten käynnistä -> suorita -> services.msc -> ok
Etsi listalta

Mouse Cursor Monitor
Windows Time Sync

Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä.

Avaa hjt -> open misc tools -> delete nt service

Syötä nämä (yksi kerrallaan) ja paina ok:

mousecrm
wservtime

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

G:\DOCUME~1\SEPPOK~1\APPLIC~1\Meetglue
G:\Documents and Settings\All Users\Application Data\bold peak regs skip
G:\DOCUME~1\SEPPOK~1\APPLIC~1\BITSMA~1
G:\WINDOWS\System32\mousecrm.exe
G:\WINDOWS\csrs.exe

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

Käynnistä uudelleen, lähetä uusi HjT-loki, ewidon raportti ja C:\findlop.txt-tiedoston sisältö.

-kemisti- · Apr 12, 2006

Niin tuossa on vain ewidon raportti. Lähetätkö ne muutkin?

mikjo · Apr 12, 2006

Logfile of HijackThis v1.99.1
Scan saved at 14:45:10, on 12.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Sygate\SPF\smc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
G:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\ewido anti-malware\ewidoguard.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
G:\Program Files\Norton AntiVirus\SAVScan.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Messenger\msmsgs.exe
G:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gdfrfrlnoq.com/AsUiHsn/Zi9IakDYJFXy63Alo42MMTBr5h5zzB6B0nfPR19ujtQbCNqnAnGQ7DkZ.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] G:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "G:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] "G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [procerror] G:\DOCUME~1\SEPPOK~1\APPLIC~1\BITSMA~1\Antirefburn.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103648186531
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - G:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

findlop on tässä----->

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A3D793F391840CDB.job'
[TRACE] Printing all job properties

ApplicationName: 'g:\docume~1\seppok~1\applic~1\bitsma~1\City free title.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Seppo Kalaoja'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 04/12/2006 12:00:00
NextRun: 04/12/2006 13:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/19/1997
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Norton AntiVirus - Scan my computer - Seppo Kalaoja.job
'
[TRACE] Printing all job properties

ApplicationName: 'G:\PROGRA~1\NORTON~1\NAVW32.EXE'
Parameters: '/task:"G:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Seppo Kalaoja'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers

[TRACE] Activating job 'Norton AntiVirus - Scan my computer.job'
[TRACE] Printing all job properties

ApplicationName: 'G:\PROGRA~1\NORTON~1\Navw32.exe'
Parameters: '/task:"G:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'Seppo Kalaoja'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 04/14/2006 20:00:00
StartError: SCHED_E_ACCOUNT_INFORMATION_NOT_SET
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 07/18/2005
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'G:\Program Files\Symantec\LiveUpdate\NDetect.exe'
Parameters: ''
WorkingDirectory: 'G:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 04/12/2006 12:56:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 03/08/2006
EndDate: 00/00/0000
StartTime: 22:16
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

-kemisti- · Apr 12, 2006

Parempi on, juu.

Fixaa HjT:llä nämä:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gdfrfrlnoq.com/AsUiHsn/Zi9IakDYJFXy63Alo42MMTBr5h5zzB6...
O4 - HKCU\..\Run: [procerror] G:\DOCUME~1\SEPPOK~1\APPLIC~1\BITSMA~1\Antirefburn.exe

Poista jos löytyy:

G:\DOCUME~1\SEPPOK~1\APPLIC~1\BITSMA~1

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivi tosta alapuolelta

C:\WINDOWS\Tasks\A3D793F391840CDB.job

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Lähetä sen jälkeen uus Hijack-logi.

mikjo · Apr 12, 2006

Homma suoritettu tässä hjt-logi:

Logfile of HijackThis v1.99.1
Scan saved at 15:09:55, on 12.4.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Sygate\SPF\smc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
G:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\System32\CTsvcCDA.EXE
G:\Program Files\ewido anti-malware\ewidoctrl.exe
G:\Program Files\ewido anti-malware\ewidoguard.exe
G:\Program Files\Norton AntiVirus\navapsvc.exe
G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
G:\Program Files\Norton AntiVirus\SAVScan.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Messenger\msmsgs.exe
G:\WINDOWS\system32\wuauclt.exe
G:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - G:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [UpdReg] G:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] G:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] G:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "G:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "G:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ccApp] "G:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] G:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] G:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB002" /M "Stylus DX4800"
O4 - HKLM\..\Run: [ATIPTA] "G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: G:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103648186531
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "G:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - G:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - G:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - G:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - G:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - G:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - G:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - G:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - G:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - G:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

-kemisti- · Apr 12, 2006

Puhdas on

mikjo · Apr 12, 2006

Suuri kiitos ja kumarrus sinulle! Nyt voi jälleen käyttää konetta turvallisinmielin.

Mutta vielä yksi asia mieltä painaisi, kun ihmetyttää että miksi tuolla Ohjauspaneeli valikossa Tietoturvakeskuksesta kun menee katsomaan Windowsin palomuuri sekä Automaattiset päivitykset tilaa/asetuksia niin molemmissa valikko kohdat ovat harmaalla pohjalla eikä niitä näin ollen voi mitenkään muutaa. Molemmat ovat poissa käytöstä kohdassa. Onko tämä normaalia?

-kemisti- · Apr 12, 2006

Kokeillaas spybottia: http://koti.mbnet.fi/pattaya1/spybot.htm

Asenna, päivitä ja skannaa. Anna poistaa mitä löytää. Ja kerro jatkuuko sama ongelma.

mikjo · Apr 12, 2006

Asensin, päivitin, skannasin ja poistin kaikki mitä löysi (180 tiedostoa), paitsi 5:tä ongelmaa ei pystynyt poistamaan. Olivat Log kohdan sisällä. Ongelma ei vielä postunut. Valikot edelleen harmaina tuolla.

-kemisti- · Apr 12, 2006

Sitten tehdään toisella tavalla:

Hae rdrivrem -> http://www.atribune.org/downloads/rdrivrem.zip
ja pura se työpöydälle

Hae ATF Cleaner -> http://www.atribune.org/ccount/click.php?id=1

Käynnistä kone vikasietotilassa;

1) Käynnistä uudelleen
2) Hakkaa F8;a ennen kuin Windowsin latauskuva tulee.
3) Pitäisi ilmestyä valikko
4) Valitse ensimmäinen optio; käynnistä Vikasietotilassa

(Joissain koneissa tämä on F5-näppäin, joten koita sitä jos F8 ei ota onnistuakseen)

1.)Mene RdrivRem-kansioosi ja tuplaklikkaa rdrivRem.bat jotta työkalu käynnistyy - seuraa ohjeita screenilläsi. Kun se on valmis, rdriv.txt ilmestyy RdrivRem-kansioosi.

2.) Tuplaklikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

Main:n alla valitse: Select All
Klikkaa Empty Selected-valintaa.

Jos käytät FireFoxia selaimenasi

Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected-valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi

Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected-valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Käynnistä uudelleen normaalisti ja lähetä rdriv.txt-tiedoston sisältö
rdrivrem-kansiosta työpöydältä.

mikjo · Apr 12, 2006

Jälleen on toimittu ohjeiden mukaan. Tässä olisi rdiv tiedoston sisältö:

RDrivRem Log 20:28:13,67 ke 12.04.2006

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

Nyt näyttääpi windowsin palomuurin ominaisuudet olevan käytettävissä ja valikot toimii normaalisti. Mutta windowsin automaattisella päivityspuolella kohdat ovat vielä harmaana. Mutta pääasia että edistytty on.

-kemisti- · Apr 12, 2006

Kokeillaas sitten tätä:

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä (siis alkaen Windows Registry...) nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
Click to expand...

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?

mikjo · Apr 12, 2006

Jälleen ohjeita noudatettu. Mutta havaittavaa muutosta ei näy. Vieläkö voisi löytyä konsteja saada päivityspuoli toimimaan?

-kemisti- · Apr 13, 2006

No niin, yritetään tätä:

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä (siis alkaen Windows Registry...) nimellä fix2.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\WindowsUpdate\Auto Update]
AuOptions = "dword:00000002"
Click to expand...

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?

mikjo · Apr 14, 2006

Rekisteriä muokattu ja uudelleen käynnistin. Edelleen on päivitys asetukset hukassa. :/ Voiko tämä olla jonkin viruksen aiheuttamaa?

-kemisti- · Apr 14, 2006

Kokeiles tätä -> http://www.kellys-korner-xp.com/regs_edits/updaterestore.reg

Tallenna työpöydälle, tuplaklikkaa, paina kyllä ja ok. Käynnistä uudelleen. Auttoiko?

mikjo · Apr 17, 2006

Kyllä, nyt alkoi automaattinen päivitys toimimaan. suuret kiitokset avusta. Mutta toinen ongelma ilmentyi, tiedä sitten johtuiko edellisestä toimesta vai tapahtuiko koneelle jotain muuta välissä vaan nyt ei näppäimistö pelaa ollenkaan. hiiri toimii normaalista ja kirjoitus pitää nyt hoitaa OnSreen näppäimistöllä hiirellä. Vikasietotilassa oikea näppis kyllä toimii normaalisti. Laite hallinnassakin näkyy näppäimistö olevan oikein toimimassa. laitanko hjt-login?

spuge9 · Apr 17, 2006

Onko Johto kytkettynä näppikseen ?

Log in or Sign up

hjt-logi tarkistus

mikjo Member

-kemisti- Active member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

spuge9 Regular member

Share This Page

Log in or Sign up

hjt-logi tarkistus

mikjo Member

-kemisti- Active member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

-kemisti- Active member

mikjo Member

spuge9 Regular member

Share This Page

Useful Searches