apua rekisterin kanssa....

Viestiketju Windows -ongelmat -osiossa. Ketjun avasi Kerhonen 29.03.2005.

  1. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Osaiskohan joku asiantuntija auttaa tämän Hijack This-ohjelmalla scannatun rekisterin kanssa. Onko syytä huoleen, mitä kannattaisi poistaa? Easy cleaner ilmottaa ainakin käynnistyksen tarkastuksessa punasella jotain ps2:sta, hotkeysCmds, Recguard, Updreg. Mitäs se meinaa?


    Logfile of HijackThis v1.99.1
    Scan saved at 19:19:20, on 29.3.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWIN.EXE
    C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Omistaja.KORHONEN\Työpöytä\hymiöt\HijackThis.exe
    C:\WINDOWS\system32\Notepad.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qakxnlymbfxclnpczelvrth....Uk7_f_c7c300RsFJbKmVoiiONCwkoHZuNMLBNbJpM.jpg
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;*.*.fi;*.*.*.fi;localho;<loc;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {47523489-278E-4C8C-9EFD-877FBAAAB77F} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {5624BE7D-0FBB-47A7-949F-BD1C96FA0730} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O9 - Extra button: Palvelut - {6A48017B-BF7C-4BDF-B55F-C43125E0FD0C} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
    O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
    O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Kerhonen, 29.03.2005
    #1
  2.  
  3. Toymaatti

    Toymaatti Active member

    Liittynyt:
    04.02.2005
    Viestejä:
    1,038
    Kiitokset:
    0
    Pisteet:
    66
    Morjens Kerhonen!

    Poista Lisää/Poista sovelluksesta
    InstaFinder

    Scannaa HjT:llä, laita merkki noiden eteen, sulje selain ja muut ikkunat ja klikkaa Fix Checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.qakxnlymbfxclnpczelvrth....Uk7_f_c7c300RsFJbKmVoiiONCwkoHZuNMLBNbJpM.jpg
    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - Startup: PowerReg Scheduler.exe

    Poista tuo
    C:\Program Files\===>Insta Finder<===kansio

    Siellä on noita rivejä joissa on kadonneita kansioita
    http://tuki.elisa.net/ (file missing) (HKCU)
    http://sms.kolumbus.fi/ (file missing)
    Onko nettiyhteys edelleen toimiva vai ovatko nuo vanhan yhteyden tietoja?

    Käynnistä uudelleen, mites nyt??
     
    Toymaatti, 29.03.2005
    #2
  4. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Moro moro!

    Kiitos nopeasta vastauksesta, nyt näyttää tältä

    Logfile of HijackThis v1.99.1
    Scan saved at 21:55:00, on 29.3.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Omistaja.KORHONEN\Työpöytä\hymiöt\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;;*.*.fi;*.*.*.fi;localho;<loc;localhost;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ShowShifter TVTV EPG Daemon] "C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\A-Link\RoadRunner 11 ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Tuki - {47523489-278E-4C8C-9EFD-877FBAAAB77F} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {5624BE7D-0FBB-47A7-949F-BD1C96FA0730} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O9 - Extra button: Palvelut - {6A48017B-BF7C-4BDF-B55F-C43125E0FD0C} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\rma_resource.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/vnd-backup-octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
    O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
    O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Nykyinen yhteys on elisalta, mutta aikaisemmin on ollut sonera. Niin, mitäs ne poistetut tiedostot oikein olivat? entä mitä on "O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe" JA "O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe" ynnä muut ne joita luettelin tossa avauksessa kun easycleaneri herjas niitä punasella?
     
    Kerhonen, 29.03.2005
    #3
  5. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    eli kun cleaneri näyttää punaista niin sen mukaan tiedostoa ei ole olemassa. pitäisikö nämäkin poistaa tolla HJT:lla? Onkohan ne kovinkin merkittäviä toiminnan kannalta...? ainakin kone toimii vielä.... ;)
     
    Kerhonen, 29.03.2005
    #4
  6. Jannejt

    Jannejt Moderator Ylläpitäjä

    Liittynyt:
    10.02.2005
    Viestejä:
    5,045
    Kiitokset:
    6
    Pisteet:
    118
    kannattaa oottaa että Toymaatti vilkaisee tuota.. se hallitsee noi HJT-lokit...
     
    Jannejt, 29.03.2005
    #5
  7. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Ok. kiitosta!
     
    Kerhonen, 29.03.2005
    #6
  8. Toymaatti

    Toymaatti Active member

    Liittynyt:
    04.02.2005
    Viestejä:
    1,038
    Kiitokset:
    0
    Pisteet:
    66
    No siellä oli kotisivukaapparin tynkää/turhaa/spywarea.

    C:\WINDOWS\System32\hkcmd.exe > tarkoitaa seuraavaa(eli voi poistaakkin jos ei ole tapeen)
    Installed by the Intel 810 and 815 chipset graphic drivers. If you want the Ctrl+Alt+F12 or similar keypresses to access Intel's customised graphics properties, you need it, otherwise not. Can be disabled via Control Panel -> Display Properties

    C:\WINDOWS\system32\ps2.exe > tarkoittaa Panicwaren Pop-up ikkunoiden esto-ohjelmaa.
    Tosin SP2:n mukana varmaankin tuli vastaava toiminto ja siellä on vielä Googlen toolbar. Eli noista kärsii hyvinkin karsia ylimääräisiä pois(Lisää/Poista sovelluksesta)


    Jäikö tuo merkkaamatta fixauksessa? Merkkaa ja fixaa se
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    Niin muuten loki on OK.
    Paitsi että tuokin varmaan joutaa fixata pois
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
     
    Viimeksi muokattu: 29.03.2005
    Toymaatti, 29.03.2005
    #7
  9. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Mielestäni poistin sen jo ekalla kerralla. No, ajoin HTJ:n uudestaan ja poistin sen. käynnistin koneen uudestaan ja ajoin HTJ:n... siellä se on vieläkin. Kuin myös PS2 ja Hotkeys....
     
    Kerhonen, 29.03.2005
    #8
  10. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    oliskohan pitäny poistaa järjestelmän palauttaminen, olisko auttanu?
     
    Kerhonen, 29.03.2005
    #9
  11. mika

    mika Moderator Ylläpitäjä

    Liittynyt:
    26.03.2003
    Viestejä:
    5,157
    Kiitokset:
    0
    Pisteet:
    116
    Ota vaan pois päältä. Mun mielestä aika turha toiminto. Se varaa vaan liikaa levytilaa palautuspisteille ja harvemmin tarvii. Kun tarvii, niin käyttiksen/ohjelmien kanssa voi välillä tulla ongelmia..ei kovin toimintavarma.
     
    mika, 29.03.2005
    #10
  12. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Otin järjestelmän palautuksen pois päältä ja poistin nuo samat rekisteristä. Nyt käynnistin uudelleen ja ajoin ohjelman, mutta sieltä ne vaan vielä löytyvät.
     
    Kerhonen, 29.03.2005
    #11
  13. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Mikäs tämä " O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE " muuten on?
     
    Kerhonen, 29.03.2005
    #12
  14. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Nyt ratkes. Mulla oli Ad-awaren Ad-watch päällä ja kun otin sen pois päältä niin johan poistui :) !


    Tästä olisin vielä kysyny " O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" kun ad-watch herjaa että "modification detected", että mitäs mitäs?´

    Entä kun cleaneri näytti punasella näitä:
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    Niin, että voiko turvallisesti poistaa?
     
    Kerhonen, 29.03.2005
    #13
  15. Toymaatti

    Toymaatti Active member

    Liittynyt:
    04.02.2005
    Viestejä:
    1,038
    Kiitokset:
    0
    Pisteet:
    66
    Jaa sori, kirjoittelin muualla.

    C:\Windows\Creator\Remind_XP.exe > Ei pakollinen.
    HP-specific program that reminds users to create System Recovery CDs. Once they use the Recovery CD Creator (Start -> PC Help & Tools -> Recovery CD Creator) to make the recovery CDs the entry will remove itself from the startup list

    RECGUARD.EXE > ANNA OLLA!

    UpdReg.EXE > Muistuttaa rekisteröitymään Creativen sivuilla = Turha

    ALCXMNTR.EXE > Realtekin äänikortin ajureiden mukaan liittämä lahja = Spywarea = poista
     
    Toymaatti, 29.03.2005
    #14
  16. Kerhonen

    Kerhonen Member

    Liittynyt:
    26.07.2004
    Viestejä:
    26
    Kiitokset:
    0
    Pisteet:
    11
    Selvä juttu. Kiitoksia kovasti avusta!! Vastaukset tulivat todella nopeasti, kiitos.
     
    Kerhonen, 30.03.2005
    #15

Jaa tämä sivu