HJT loki

Discussion in 'Virukset ja haittaohjelmat' started by mievaan80, May 27, 2005.

  1. mievaan80

    mievaan80 Member

    Joined:
    Apr 30, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Niin että mitä tästä poistetaan.. Ja ihan suomeksi, ei tietokonekielellä... :)

    Logfile of HijackThis v1.99.1
    Scan saved at 18:17:43, on 27.5.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\WINDOWS\System32\DLLBOOT.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\MMTASK8.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Winamp\winamp.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nikkarila.pieksamaki.fi/nilanet/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.nikkarila.pieksamaki.fi/nilanet/"); (C:\Documents and Settings\Marika\Application Data\Mozilla\Profiles\default\7fzsw2x1.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Marika\Application Data\Mozilla\Profiles\default\7fzsw2x1.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\system32\googletoolbar_en_2.0.114-deleon.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\system32\googletoolbar_en_2.0.114-deleon.dll
    O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [Dll Boot Loader on Startup (do not remove this)] DLLBOOT.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
    O4 - HKLM\..\Run: [Winsock2 driver] MMTASK8.EXE
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\RunServices: [Rundll32] rundll2.dl_
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [Dll Boot Loader on Startup (do not remove this)] DLLBOOT.EXE
    O4 - HKCU\..\RunOnce: [Winsock2 driver] MMTASK8.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
    O8 - Extra context menu item: Backward Links - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115133263468
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    mievaan80, May 27, 2005
    #1
  2. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Nuo on yhä tuolla, eikö poistot onnistunu vai??
    Vai estikö Microsoft AntiSpyware poistot, sammuta se fixauksen ajaksi.

    Avaa HjT, klikkaa Config... > Misc Tools > Open process manager ja sammuta nuo prosessit.
    C:\WINDOWS\System32\DLLBOOT.EXE
    C:\WINDOWS\System32\MMTASK8.EXE

    Scannaa HjT:llä, laita merkki noiden eteen, sulje selain ja muut ikkunat, klikkaa Fix
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O3 - Toolbar: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file)
    O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
    O4 - HKLM\..\Run: [Dll Boot Loader on Startup (do not remove this)] DLLBOOT.EXE
    O4 - HKLM\..\Run: [Trickler] "c:\windows\temp\adware\fsg_4203.exe"
    O4 - HKLM\..\Run: [Winsock2 driver] MMTASK8.EXE
    O4 - HKCU\..\RunOnce: [Dll Boot Loader on Startup (do not remove this)] DLLBOOT.EXE
    O4 - HKCU\..\RunOnce: [Winsock2 driver] MMTASK8.EXE
    O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    Poista nuo VIKASIETOTILASSA
    C:\Program Files\===>Parallel Tasking<===
    C:\WINDOWS\System32\===>DLLBOOT.EXE<===
    C:\WINDOWS\System32\===>MMTASK8.EXE<===
    C:\Program Files\===>Date Manager<===
    C:\Program Files\Common Files\===>GMT<===

    Käynnistä normalisti, laita uusi loki. Joko tehtävienhallinta toimii?

    Sinulla on kai ennen ollut Norton ja se ei ole poistunut kunnolla koska tuo on jäänyt
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    Toymaatti, May 27, 2005
    #2
  3. mievaan80

    mievaan80 Member

    Joined:
    Apr 30, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Kyllähän mie jo kerran poistin PrecisionTimen ja Parallel Taskingin mutta vielä ne vaan on kuvioissa mukana...
    PrecisionTime ei edes näy program filesissä, se on vissiin piilotiedosto tai muuten vaan leikkii hippasta...
    Mutta ny hjt:n kimppuun.... jos vastausta ei kuulu lähiaikoina niin kone meni solmuun... :)
     
    mievaan80, May 27, 2005
    #3
  4. mievaan80

    mievaan80 Member

    Joined:
    Apr 30, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Jee jee tehtävienhallinta ja msconfig pelittää taas! Elämä on pelastettu ja sitä rataa! Käsittämättömän suuret kiitokset!
    Ei muuten löytynyt sitten miillään parallel taskingia...
    mutta tässä uusi loki:


    Logfile of HijackThis v1.99.1
    Scan saved at 20:01:17, on 27.5.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nikkarila.pieksamaki.fi/nilanet/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.nikkarila.pieksamaki.fi/nilanet/"); (C:\Documents and Settings\Marika\Application Data\Mozilla\Profiles\default\7fzsw2x1.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Marika\Application Data\Mozilla\Profiles\default\7fzsw2x1.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\system32\googletoolbar_en_2.0.114-deleon.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\system32\googletoolbar_en_2.0.114-deleon.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\RunServices: [Rundll32] rundll2.dl_
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115133263468
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    Ai juu, miten tuosta Nortonin kummituksesta pääsee eroon?
    Nortonin poisto-ohjelma on jo kertaalleen ajettu.
     
    Last edited: May 27, 2005
    mievaan80, May 27, 2005
    #4
  5. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Jaaha, missasin aikaisemmin tuon rundll2.dl_ .

    Mutta ensin se Norton.
    Eli klikkaa SUORITA ja kirjoita > services.msc < tuplaklikkaa SymWMI Service ja valitse KÄYNNISTYSTAPA:Ei käytössä/PALVELUNTILA:Seis

    Sitten fixaa nuo HjT:llä
    O4 - HKLM\..\RunServices: [Rundll32] rundll2.dl_
    O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Poista
    C:\Program Files\Common Files\===>Symantec Shared<===

    Laita uusi loki.

    Edit:Eiku tietysti laita piilotiedostot näkyviin, jos se Precision sitten löytyisi. HUOM! Tee poistot vikasietotilassa
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
     
    Last edited: May 27, 2005
    Toymaatti, May 27, 2005
    #5
  6. CodecDude

    CodecDude Regular member

    Joined:
    Oct 14, 2004
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    26
    Tässä ajoin ton Hijack This ohjelman läpi ja en oikein tiennyt, mitä sieltä uskaltaa poistaa/mitä pitää poistaa, joten jos te gurut voitte auttaa. :)
    Kiitos jo etukäteen. :)


    Edit: Toymaatin pyynnöstä editoitu :)
     
    Last edited: May 27, 2005
    CodecDude, May 27, 2005
    #6
  7. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    No ei tuossa muuta ylimääräistä näy kuin PeerGuardian.

    Mutta pariin asiaan kiinnitin huomioni.
    - Lokista ei ole kuin alaosa
    - Loki on otettu wanhalla HjT versiolla
    - On selkeämpää jos aloitat uuden vietiketjun ja laitat lokisi sinne. Käytä edittiä ja poista tuo puolikas loki tästä ketjusta ;)
     
    Toymaatti, May 27, 2005
    #7
  8. CodecDude

    CodecDude Regular member

    Joined:
    Oct 14, 2004
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    26
    Jotenkin arvasin että tuosta Peerguardianista tulee sanomista. :( En tehnyt uutta topiccia siksi koska aina valitetaan että tästä aiheesta on jo miljoona muuta topiccia ja olisit sinne voinut laittaa. Ja oletin että tarviit vain tuon pätkän sitä logia mikä näkyy siinä ikkunassa normaalisti.(en nyt tarkoita sitä logi tiedostoa)

    Poistan tuon nyt tuosta kumminkin. Ja kiitos vastauksestasi :)

    Edit: Niin ja mikä on uusin Hijack This versio?
     
    Last edited: May 27, 2005
    CodecDude, May 27, 2005
    #8
  9. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Kitoooss :)

    Nyt kun näille örkkiongelmille on oma osio niin on parempi(ainakin minulle) että eri lokit on omissa ketjuissaan.

    Tarvitsen HjT lokin KOKONAAN.

    Uusin HjT on 1.99.1
    http://koti.mbnet.fi/pattaya1/hijackthis.htm
     
    Toymaatti, May 27, 2005
    #9
  10. CodecDude

    CodecDude Regular member

    Joined:
    Oct 14, 2004
    Messages:
    163
    Likes Received:
    0
    Trophy Points:
    26
    Suuret kiitokset Toymaatille :)
    PS: Ja anteeksi töppäilyni :D
     
    CodecDude, May 27, 2005
    #10
  11. mievaan80

    mievaan80 Member

    Joined:
    Apr 30, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Tässä vielä tuorein loki:


    Logfile of HijackThis v1.99.1
    Scan saved at 22:00:52, on 31.5.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\AVPersonal\AVSched32.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nikkarila.pieksamaki.fi/nilanet/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.nikkarila.pieksamaki.fi/nilanet/"); (C:\Documents and Settings\Marika\Application Data\Mozilla\Profiles\default\7fzsw2x1.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Marika\Application Data\Mozilla\Profiles\default\7fzsw2x1.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\system32\googletoolbar_en_2.0.114-deleon.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\system32\googletoolbar_en_2.0.114-deleon.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\system32\GoogleToolbar_en_2.0.114-deleon.dll/cmtrans.html
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: symsupportutil - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115133263468
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Vieläkö löytyy poistettavaa?
    Kannattaako tähän peltilehmään nytten asentaa sp2, kun ei kerran ollut sen vika, ettei kone toiminut oikein?
     
    mievaan80, May 31, 2005
    #11
  12. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Puhashan se, eiku SP2 laittammaan :)

    "Tää on taas tätä..."
     
    Toymaatti, May 31, 2005
    #12
  13. mievaan80

    mievaan80 Member

    Joined:
    Apr 30, 2003
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Kiitän ja kumarran... kunnes taas palaan... :)
     
    mievaan80, May 31, 2005
    #13

Share This Page