Kone jumittaa

Viestiketju Virukset ja haittaohjelmat -osiossa. Ketjun avasi miinamuru 26.10.2005.

  1. miinamuru

    miinamuru Guest

    voisiko joku viisaampi kertoa mitä pitäisi tehdä kun tää maalimanlopun rakkine haluaa jumitella vähän väliä!? Toisinaan kun käynnistää koneen latautuvat pikakuvakkeet tosi hitaasti näytölle ja tää jumitttelu on tosi raivostuttavaa. yritin tänään ajaa ad-awaren ja virusohjelman mut kone tilttaa ja muu ei auta kun raakasti katkaista virrat masiinasta...
     
  2.  
  3. pkaksp

    pkaksp Moderator Ylläpitäjä

    Liittynyt:
    11.01.2005
    Viestejä:
    12,231
    Kiitokset:
    53
    Pisteet:
    128
    Seuraavan kerran siihen otsikkoon enemmän panostusta. "AUTTAKEE!!" kun ei kerro siitä ongelmasta vielä millään tavalla.

    Muokkasin paremmaksi.
     
  4. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
  5. miinamuru

    miinamuru Guest

    HijackThis antaa ensin tälläisen ilmoituksen:
    you have an particulary large amount of hijacked domains. It´s probably better to delete the file itself then to fix each item (and create a backup).
    If you see the same IP address in all the reported 01 items, consider deleting your Host file, which is located at C:\WINDOWS\system32\drivers\etc\hosts.
    Mitä mahtanee tarkoittaa??
    ja tässä nämä tulokset:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:21:50, on 26.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=45432
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O1 - Hosts: 205.238.40.2 www.winmx.com
    O1 - Hosts: 205.238.40.2 err.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

     
  6. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Tuo ilmoitus tarkoittaa noita 01- Hosts-rivejä. Käyttääkö joku sillä koneella winmx:ää? Jos, niin sitten annetaan niiden olla.

    Poista lisää/poista sovellus-kohdasta (ohjauspaneeli, jos on):

    Need2Find
    RXToolbar

    Fixaa hijackthisillä (käynnistä, do a system scan only, merkkaa nämä ja paina fix checked):

    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KNO
    O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

    Laita piilotiedstot näkyviin, ohje -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    Katso löydätkö näitä:

    C:\Program Files\==>Need2Find<==
    C:\Program Files\==>RXToolbar<==

    Jos, niin käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä) ja poista ko. hakemistot. Lähetä sitten uusi hijackthis-loki.

    Jos et, niin käynnistä kone uudelleen ja lähetä uusi hijackthis-loki.
     
  7. miinamuru

    miinamuru Guest

    Winmx:ää ei käytetä.(poistetaanko vielä jotain?)
    Lisää/poista sovelluksen kautta ei löydy RXToolbaria, Need2Find löytyy, muttei voi poistaa...

    Tässä uusin loki:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:24:35, on 26.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=45432
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O1 - Hosts: 205.238.40.2 www.winmx.com
    O1 - Hosts: 205.238.40.2 err.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Piilotiedostojen esiin kaivamisen jälkeen näkyy toi Need2Find.
    Nyt ihan nolottaa... kun en onnistu käynnistämään vikasietotilaan (???) voisiko johtua siitä kun on langaton näppis ja hiiri?
    Aikaisemminkin kun kone on jumittunu ja joutuu painamaan F12 niin ei anna valita mitään, vaan raksuttaa windowsin normaalia käynnistystä reagoimatta mitenkään vaikka mitä painelisi.
    mitenkäs mie sit poistaisin tuon Need2Find sileen että se lähtisi täydellisesti pois?
     
  8. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Jos winmx:ää ei käytetä, niin fixaa nämä rivit:

    O1 - Hosts: 205.238.40.2 www.winmx.com
    O1 - Hosts: 205.238.40.2 err.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
    O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
    O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
    O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
    O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
    O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
    O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
    O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
    O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
    O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
    O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
    O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
    O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com

    Sitä Need2Findia ei ehkä voi poistaa ohjauspaneelista, jos se on alunperin "väärin poistettu". Muitakin syitä voi olla. Voit yrittää poistaa sen Need2Findin ihan normaalitilassa, jos se vaan lähtee. Kokeile saada se kone vikasietotilaan, jollei Need2Find lähde muuten (paina F8 vähän ennen kuin Windows-logo tulee näkyviin).
     
  9. miinamuru

    miinamuru Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 15:59:27, on 26.10.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=45432
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Miltä nyt näyttää?
    Mikä on Need2Find? Mitä se tekee ja miksi? tarjosin deleteä ja näytti tehoavan.
    Kone on taas tässä viestien välillä jumittanut monta kertaa. Mitä muita syitä tähän voisi olla?
    Mitä kannattaisi ensimmäiseksi tsekata?
    Pari kk sit sain koneen niin juntturaan (kokeilin spyBottia... ja taisin deletoida liian innokkaasti) että en voinut oikeesti tehdä yhtään mitään, windows kyllä käynnistyi mut ei näkynyt kuin näytönsäästäjä ja hiiren osoitin. Ei mitään tapahtunu kun painoin ctrl+alt+del. kun sammutin koneen ja käynnistin uudelleen, löytyi jo kaikki pikakuvakkeet mutta aina vaan tuli ilmoitus windows ei löydä polkua tai sinulla ei ole tarvittavia oikeuksia, kokeili klikata vaikka pasianssia ;) Piti viedä kone tutulle korjattavaksi. Tätä kaikkea ennen oli samankaltaisia oireita kuin nytkin. Onkohan tässä masiinassa joku isompi härö?
    Oon kyllä aika mestari sekoittamaan koneen....
     
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
  11. miinamuru

    miinamuru Guest

    Ewidon tulokset:
    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 17:01:00, 26.10.2005
    + Report-Checksum: D7922ABE

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}\TreatAs\\ -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1\CLSID\\ -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
    HKLM\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovableMedia#7&ab22d18&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#\Control -> Spyware.HotBar : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1068 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_1074 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4496 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_0\Seqn_4543 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1053 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1068 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_1074 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1068 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_1074 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1116 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1524 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1553 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_1641 -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1708537768-1788223648-1177238915-1005\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
    [4052] C:\Program Files\Mozilla Firefox\plugins\NPNd2fn.dll -> Spyware.MyWebSearch : Error during cleaning
    C:\Program Files\Mozilla Firefox\plugins\__delete_on_reboot__NPNd2fn.dll -> Spyware.MyWebSearch : Cleaned with backup
    D:\Ajurit ja ohjelmat\Norton Internet Security 2005 Keygen.exe -> TrojanDropper.Delf.fd : Cleaned with backup


    ::Report End
     
  12. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Löysi vähän kaikkea(mm. Need2Findin ja RXToolbarin jämät), enimmäkseen kuitenkin vaan rekisteriavaimia :) Jumittaako kone vielä?
     
  13. miinamuru

    miinamuru Guest

    Kyllä jumittaa!! Antaa ehkä noin 10-15 min kerrallaan suhrata jotain ja sit menee jumiin. Ei varmaan hirveen hyvää tee kun vähän väliä katkaisen virrat kun en muutakaan osaa...
     
  14. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Laitapa startuplista. Hijackthisissä open misc tools -> generate startuplist-kohdan oikealle puolella oleviin ruutuin valinta -> paina generate startuplist ja lähetä se tänne.
     
  15. miinamuru

    miinamuru Guest

    StartupList report, 26.10.2005, 19:27:07
    StartupList version: 1.52.2
    Started from : C:\Program Files\HijackThis\HijackThis.EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
    C:\Program Files\Netropa\Onscreen Display\OSD.exe
    C:\Program Files\Netropa\InetKb\Inetkb.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HijackThis\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Katja\Käynnistä-valikko\Ohjelmat\Käynnistys]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys]
    hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    hpoddt01.exe.lnk = ?
    InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    SoundMan = SOUNDMAN.EXE
    LWBMOUSE = C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    MULTIMEDIA KEYBOARD = C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
    NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    WinPatrol = "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = "%1" /S

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is normal (regedit.exe %1)
    - Regedit.exe has no CompanyName property! It is either missing or named something else.
    - Regedit.exe has no OriginalFilename property! It is either missing or named something else.
    - Regedit.exe has no FileDescription property! It is either missing or named something else.

    Registry check failed!

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
    Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
    NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    1-Click Maintenance.job
    FRU Task #Hewlett-Packard#hp psc 2170 series#1123072628.job
    Norton AntiVirus - Tarkista tietokone - Katja.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Java Plug-in 1.4.2_03]
    InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

    [Java Plug-in 1.4.2_03]
    InProcServer32 = C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    CODEBASE = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support -ympäristö: \SystemRoot\System32\drivers\afd.sys (autostart)
    Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
    Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start)
    Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
    Hälytys: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Sovelluskerroksen yhdyskäytäväpalvelu: %SystemRoot%\System32\alg.exe (manual start)
    Sovellusten hallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    1394 ARP -asiakasprotokolla: System32\DRIVERS\arp1394.sys (manual start)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standardi IDE/ESDI-kiintolevyohjain: System32\DRIVERS\atapi.sys (system)
    ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
    ATI WDM Rage Theater Video: System32\DRIVERS\atinrvxx.sys (manual start)
    ATM ARP Client -protokolla: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    BITS-tausta-ajo (Background Intelligent Transfer Service): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Tietokoneiden selaus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
    Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
    Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
    Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
    Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
    CD-ROM-ohjain: System32\DRIVERS\cdrom.sys (system)
    Indeksointipalvelu: %SystemRoot%\system32\cisvc.exe (manual start)
    Leikekirja: %SystemRoot%\system32\clipsrv.exe (manual start)
    COM+-järjestelmäsovellus: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Salauspalvelut: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DHCP-asiakas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Levyohjain: System32\DRIVERS\disk.sys (system)
    Loogisen levyn hallinnan valvontapalvelu: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    dmio: System32\drivers\dmio.sys (disabled)
    dmload: System32\drivers\dmload.sys (disabled)
    Loogisen levyn hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS-asiakas: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
    Virheraportointipalvelut: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Tapahtumaloki: %SystemRoot%\system32\services.exe (autostart)
    COM+-tapahtumajärjestelmä: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
    ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
    ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart)
    Nopean käyttäjän vaihdon yhteensopivuus: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Levykeaseman ohjain: System32\DRIVERS\fdc.sys (manual start)
    Levykeasemaohjain: System32\DRIVERS\flpydisk.sys (manual start)
    Volume Manager -ohjain: System32\DRIVERS\ftdisk.sys (system)
    Yleinen paketinmääritys: System32\DRIVERS\msgpc.sys (manual start)
    Ohjeet ja tuotetuki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft HID -luokkaohjain: System32\DRIVERS\hidusb.sys (manual start)
    IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
    Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
    USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
    i8042-näppäimistö ja PS/2-hiiriohjain: System32\DRIVERS\i8042prt.sys (system)
    CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
    CD-levyjen kirjoittamisen IMAPI COM -palvelu: C:\WINDOWS\System32\imapi.exe (manual start)
    Intel Processor Driver: System32\DRIVERS\intelppm.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    IPSEC-ohjain: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA -väyläohjain: System32\DRIVERS\isapnp.sys (system)
    ISSvc: C:\Program Files\Norton Internet Security\ISSVC.exe (autostart)
    Näppäimistön luokkaohjain: System32\DRIVERS\kbdclass.sys (system)
    Näppäimistön HID-ohjain: System32\DRIVERS\kbdhid.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Palvelin: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Työasema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Viestinvälitys: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    NetMeeting etätyöpöydän jakaminen: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Hiiren luokkaohjain: System32\DRIVERS\mouclass.sys (system)
    Hiiren HID-ohjain: System32\DRIVERS\mouhid.sys (manual start)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system)
    Windows Installer -ohjelma: C:\WINDOWS\System32\msiexec.exe /V (manual start)
    Microsoft Streaming Service -välityspalvelin: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink -muunnin: system32\drivers\MSTEE.sys (manual start)
    Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start)
    Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start)
    ATI WDM Specialized MVD Codec: System32\DRIVERS\atinmdxx.sys (manual start)
    NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
    Norton AntiVirus Auto-Protect -palvelu: "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
    NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051019.009\NAVENG.Sys (manual start)
    NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051019.009\NavEx15.Sys (manual start)
    Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O -protokolla: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS-käyttöliittymä: System32\DRIVERS\netbios.sys (system)
    NetBIOS TCP/IP:n päällä: System32\DRIVERS\netbt.sys (system)
    Verkon DDE: %SystemRoot%\system32\netdde.exe (manual start)
    Verkon DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
    Verkkokirjautuminen: %SystemRoot%\System32\lsass.exe (manual start)
    Verkkoyhteydet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Netropa NHK Server: C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe (autostart)
    1394-verkko-ohjain: System32\DRIVERS\nic1394.sys (manual start)
    NLA-nimiavaruus (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NT LM -suojaustuen toimittaja: %SystemRoot%\System32\lsass.exe (manual start)
    Siirrettävät tallennusvälineet: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
    Rinnakkaisporttiohjain: System32\DRIVERS\parport.sys (manual start)
    PCI-väyläohjain: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
    IPSEC-palvelut: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Suojattu tallennuspaikka: %SystemRoot%\system32\lsass.exe (autostart)
    QoS-paketinajoitus: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    Remote Access Auto Connection -ohjain: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection -hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Etäkäytön (RAS) yhteyksienhallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Suora rinnakkainen: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start)
    recagent: \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Reititys ja etäkäyttö: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Etäproseduurikutsujen (RPC) paikannin: %SystemRoot%\System32\locator.exe (manual start)
    Etäproseduurikutsu (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    Käyttöoikeustilien hallinta: %SystemRoot%\system32\lsass.exe (autostart)
    SAVRT: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS (manual start)
    SAVRTPEL: \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS (system)
    SAVScan: C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (manual start)
    ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
    Älykortti-apuohjelma: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Älykortti: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Tehtävien ajoitus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: System32\DRIVERS\secdrv.sys (manual start)
    Toissijainen kirjautuminen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Järjestelmätapahtuman ilmoitus: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter -ohjain: System32\DRIVERS\serenum.sys (manual start)
    Sarjaporttiohjain: System32\DRIVERS\serial.sys (system)
    Internet-yhteyden palomuuri (ICF) / Internet-yhteyden jakaminen (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Käyttöliittymän laitteistotunnistus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
    SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start)
    SlNtHal: System32\DRIVERS\Slnthal.sys (manual start)
    SmartLinkService: slserv.exe (autostart)
    SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start)
    Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (autostart)
    SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
    Symantec SPBBCSvc: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (autostart)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Taustatulostusohjain: %SystemRoot%\system32\spoolsv.exe (autostart)
    Järjestelmän palautussuodatin -ohjain: System32\DRIVERS\sr.sys (system)
    Järjestelmän palauttaminen -palvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    SSDP-palvelu (Simple Service Discovery Protocol): %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    WIA (Windows Image Acquisition): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
    Ohjelmistoväyläohjain: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{7C9D7EFA-67C6-4771-96C9-7E42260B4FCC} (manual start)
    Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
    SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
    SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
    SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
    SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
    SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20051010.043\symidsco.sys (manual start)
    symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
    SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
    SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
    SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Resurssilokit ja -hälytykset: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Puhelin: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP-protokollaohjain: System32\DRIVERS\tcpip.sys (system)
    Päätelaiteohjain: System32\DRIVERS\termdd.sys (system)
    Päätepalvelut: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Teemat: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Tiedostolinkkijäljityksen asiakas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Microcode Update -ohjain: System32\DRIVERS\update.sys (manual start)
    Latauksenhallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Universal Plug & Play -laiteisäntä: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    UPS: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB PRINTER -luokka: System32\DRIVERS\usbprint.sys (manual start)
    USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
    USB-massamuistiohjain: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    Aseman tilannevedos: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    WMI-palvelu (Windows Management Instrumentation): %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Kannettavan mediasoittimen sarjanumeropalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI resurssisovitin: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
    Automaattiset päivitykset: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    End of report, 35 988 bytes
    Report generated in 0,203 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  16. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Ei näy mitään. Voi olla, että laitteistossa on vikaa :/
     
  17. miinamuru

    miinamuru Guest

    Vika selvisi!
    Aikaa on tässä vierähtänyt... Asensin XP:n uudelleen ja jumittelu jatkui. Lopulta kone lähtikin takuuhuoltoon jossa oli parisen viikkoa. Tarkempaa vikaselostusta en tiedä, mutta olivat vaihtaneet emolevyn ja päivittäneet Biosin. Toivottavasti nyt pelittää. Kiitos Teille kuitenkin!!
     

Jaa tämä sivu