HiJackThis logi
|
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 06:49 |
Linkki tähän viestiin
|
Kone tilttaillu ihan urakalla joten täältä apua tarvittais.
Kiitoksia jo etukäteen
Logfile of HijackThis v1.99.1
Scan saved at 10:42:11, on 27.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\System32\netddesrv.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\wuamkoppnp.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuamkoppnp.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\BTTray.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\mswin.pif
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Documents and Settings\------\Työpöytä\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search123forme.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search123forme.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search123forme.com/sp2.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft X Update] wuamkoppnp.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Microsoft X Update] wuamkoppnp.exe
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Sys Security] mswin.pif
O4 - HKCU\..\RunServices: [MS Sys Security] mswin.pif
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
|
AfterDawn Addict
|
27. syyskuuta 2005 @ 06:59 |
Linkki tähän viestiin
|
Onhan siellä vaikka mitä:
Otetaan ensin tuo elitebar pois:
Hae täältä -> http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.exe LQFix ja tallenna työpöydälle.
Tuplaklikkaa LQfix.exe ja klikkaa install.
Tällöin tulee uusi kansio työpöydälle, jonka nimi on LQfix.
Avaa kansio ja tuplaklikkaa ClickThis.bat
Seuraa ohjeita.
Kone käynnistyy tämän jälkeen uudestaan, se voi kestää vähän, koska skripti pyörii taustalle. Lähetä sitten uusi hijackthis-loki, jatketaan siitä sitten eteenpäin :)
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 07:16 |
Linkki tähän viestiin
|
Homma tehty :)
Logfile of HijackThis v1.99.1
Scan saved at 11:10:35, on 27.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\System32\netddesrv.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\wuamkoppnp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuamkoppnp.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\mswin.pif
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\------\Työpöytä\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\etb\pokapoka70.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1800searchonline.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.1800searchonline.com/sp2.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft X Update] wuamkoppnp.exe
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\RunServices: [Microsoft X Update] wuamkoppnp.exe
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MS Sys Security] mswin.pif
O4 - HKCU\..\RunServices: [MS Sys Security] mswin.pif
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Se on selvää, etää olen maailman paras CoDin pelaaja!!!
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 07:23 |
Linkki tähän viestiin
|
Joo mut jysäytin SpyBotilla jotain pois.. esim. Immunizellä se esti 7006 uhkaa
|
Toymaatti
Senior Member
|
27. syyskuuta 2005 @ 08:28 |
Linkki tähän viestiin
|
Ei suostunut lähtemään, kokeillaas kertarysäyksellä päästä kaikista eroon.
Siirrä HjT C:n juureen omaan kansioon näin C:\HjT\HijackThis.exe
Laita piilotiedostot näkyviin
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/20020927...
Kopioi tämä ohje MUISTIOON niin näät sen vikasiedossakin.
Käynnistä vikasietotilaan, sammuta nuo prosessit Tehtävienhallinnasta(Ctrl+Alt+Delete)jos näkyvät.
C:\WINDOWS\System32\netddesrv.exe
C:\WINDOWS\System32\logon.exe
C:\WINDOWS\System32\spoolsvc.exe
C:\WINDOWS\System32\wuamkoppnp.exe << 2kpl
C:\WINDOWS\System32\mswin.pif
C:\WINDOWS\etb\pokapoka70.exe
Merkkaa nuo HjT:ssä ja klikkaa FIX
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.1800searchonline.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.1800searchonline.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.1800searchonline.com/sp2.php O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe
O4 - HKLM\..\Run: [Microsoft X Update] wuamkoppnp.exe
O4 - HKLM\..\Run: [MS Sys Security] mswin.pif
O4 - HKLM\..\RunServices: [Microsoft X Update] wuamkoppnp.exe
O4 - HKLM\..\RunServices: [MS Sys Security] mswin.pif
O4 - HKCU\..\Run: [MS Sys Security] mswin.pif
O4 - HKCU\..\RunServices: [MS Sys Security] mswin.pif
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Poista nuo
C:\WINDOWS\System32\>>>netddesrv.exe<<<
C:\WINDOWS\System32\>>>logon.exe<<<
C:\WINDOWS\System32\>>>spoolsvc.exe<<<
C:\WINDOWS\System32\>>>wuamkoppnp.exe<<<
C:\WINDOWS\System32\>>>mswin.pif<<<
Aja LQfix uudestaan
Laita uusi HjT loki
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 09:54 |
Linkki tähän viestiin
|
Tässähän tää
e: niin joo ja tää >C:\WINDOWS\etb\pokapoka70.exe< ei löytyny sieltä teht.hallinnasta
Logfile of HijackThis v1.99.1
Scan saved at 13:52:27, on 27.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\System32\netddesrv.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\mswin.pif
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\DLink\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\nokiacheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\HjT\HijackThis.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. syyskuuta 2005 @ 09:56
|
Toymaatti
Senior Member
|
27. syyskuuta 2005 @ 10:47 |
Linkki tähän viestiin
|
No ei vaan lähteny elite ei ??? Heh tänään ei taida onnistua mikään olis pitäny pysyä vaan sängyssä :)
Ajoithan sen LQfixin vikasietotilassa? Enivei aja se uudestaan ja nimenomaan vikasiedossa. Laita sitten taas uusi HjT loki
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
AfterDawn Addict
|
27. syyskuuta 2005 @ 11:53 |
Linkki tähän viestiin
|
Quote: Heh tänään ei taida onnistua mikään olis pitäny pysyä vaan sängyssä :)
Toymaatti, älä huoli, tollanen fiilis on itellä usein ;) Ja mun moka, unohdin kiireessä laittaa, että LQFix kannattaa ajaa vikasietotilassa.
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 12:06 |
Linkki tähän viestiin
|
Mikäs toi vikasietotila on :D
|
AfterDawn Addict
|
27. syyskuuta 2005 @ 12:14 |
Linkki tähän viestiin
|
Sinne pääsee painamalla F8 käynnistyksen yhteydessä ja valitsemalla valikosta vikasietotila. Vikasietotilassa vain välttämättömät Windowsin komponentit yms. ladataan.
|
Toymaatti
Senior Member
|
27. syyskuuta 2005 @ 12:18 |
Linkki tähän viestiin
|
Olipa hyvä että tulit kysyneeksi vikasiedosta nyt jo, ennen suurempia vaurioita.
Nyt mulla on vain otsa verillä kun olen hakannut sitä tuohon pöydänkulmaan ;)
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 13:07 |
Linkki tähän viestiin
|
F8:a oon hakannu kohta jo näppiksestä läpi käynnistyksen aikana mut EI.. eli miten ihmeessä mä sen tohon vikasietotilaan saan??!!
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 13:23 |
Linkki tähän viestiin
|
Noni onnistuhan se. Täs on nyt tää uus hjt logi
Logfile of HijackThis v1.99.1
Scan saved at 17:21:18, on 27.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\System32\netddesrv.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\Bin\Zanda.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\D-Tools\daemon.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\HjT\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\nokiacheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
O4 - HKLM\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Nokia Check] nokiacheck.exe
O4 - HKCU\..\RunServices: [Nokia Check] nokiacheck.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
|
AfterDawn Addict
|
27. syyskuuta 2005 @ 13:44 |
Linkki tähän viestiin
|
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. syyskuuta 2005 @ 13:44
|
Toymaatti
Senior Member
|
27. syyskuuta 2005 @ 14:26 |
Linkki tähän viestiin
|
Heh,-kemisti- ollaan varsinaisia mestarifixareita :D
Siellähän on mato servicessä, hoidatko homman loppuun?
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe
Se parhaiten nauraa joka toiselle kuoppaa kaivaa.
|
AfterDawn Addict
|
27. syyskuuta 2005 @ 14:49 |
Linkki tähän viestiin
|
Katos perkele, kaks puusilmää näköjään ;)
Fixaa hijackilla:
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe
Sitten käynnistä -> suorita -> services.msc -> ok -> etsi listalta
NetDDE Server (NetDDEsrv) -> tuplaklikkaa -> paina seis ja valitse käynnistymistavaksi ei käytössä
Käynnistä vikasietoon ja poista
C:\WINDOWS\System32\==>netddesrv.exe<==
Käynnistä uudestaan ja laita uusi hjt-loki.
Niin ja tee kans samalla noi tosta ylhäältä.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 27. syyskuuta 2005 @ 16:49
|
CoDaaja
Suspended due to non-functional email address
|
27. syyskuuta 2005 @ 19:34 |
Linkki tähän viestiin
|
Formatoin koko kovon ni tais lähtee kaikki paska pois?
Logfile of HijackThis v1.99.1
Scan saved at 23:31:16, on 27.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\TW-IA300C ADSL\CnxDslTb.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fi\msnappau.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DLink\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Creative\MediaSource\Detector\CtDetect.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Niko Pirttilahti\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\\TW-IA300C ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fi\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\DLink\Bluetooth-ohjelmisto\btsendto_ie.htm
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\DLink\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
|
-Rumba-
Suspended due to non-functional email address
|
28. syyskuuta 2005 @ 01:58 |
Linkki tähän viestiin
|
enpä uutta ketjua viitsi alottaa että tässä sitten mun
Logfile of HijackThis v1.99.1
Scan saved at 5:56:39, on 28.9.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rooope\Työpöytä\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sitruunapatonki.tk/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://security.symantec.com/default.asp?productid=NPF2004&langid... R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
|
Mainos
|
|
|
AfterDawn Addict
|
28. syyskuuta 2005 @ 05:51 |
Linkki tähän viestiin
|
@CoDaaja: Kunnossa on
@-Rumba-: Samat sanat sinne :)
|