Kun menen tietyyn kansioon esim Omat tiedostot. Tulee tällainen ilmoitus: "Tietojen suorittamisen estäminen - Microsoft Windows Tietokoneesi suojaamiseksi Windows on sulkenut tämän ohjelman Nimi: Resurssienhallinta Julkaisia: Microsoft Corporation Sulje viesti (klick) ------------- Tietojen suorittamisen estämistoiminto auttaa suojautumaan virusten ja muiden tietoturvauhkien aiheuttamalta vahingolta KUINKA TOIMIA(link)?" kun painan sulje viesti tulee: Explorer.exe on havainnut virheen ja tuote on suljettava..... lähetä/älä lähetä Ilmoituksien jälkeen kansio sulkeutuu välittömästi. Tai voi pitää kansiota auki, kunhan ei paina sulje viesti Aluksi tämä virhe tuli vain toisella kansiolla esim musiikki. Ongelmat alkoivat viime viikolla ja F-secure on löytänyt yhden viruksen muuten eilen.
Kiitos tuo se juuri on. Lääkettä en kyllä osaa tosta tulkita. Ei kai taas täydy vetää winukkaa uusiks. Nyt olisi jo korkea aika saada korvaavaa käyttistä.
Ei näyttänyt auttavan toi Avi työkalu. Tuossa nyt kuitenkin logini jos se auttas Logfile of HijackThis v1.99.1 Scan saved at 10:44:50, on 4.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\F-Secure\FSGUI\fsguiexe.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127583525093 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132518001770 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Kokeile muuttamalla boot.ini-tiedostoon ...../NoExecute=[bold]AlwaysOff[/bold] Suorita > C:boot.ini (muista varmuuskopioida alkup. boot.ini esim. levykkeelle) Oletuksena ..... /NoExecute=OptIn http://support.microsoft.com/kb/875352/#5 Pistä tähän tuo boot.inin sisältö, jos et osaa muuttaa.
Enemmän ja enemmän tuntuu siltä, että en tunne omaa konettani lainkaan. [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Eli mun pitäs vaihtaa toi viimeinen =AlwaysOff mitä se tekee? Mä kokeilen sitä, kun tiedän mitä se tekee. Mulla ei ole levykkeitä kun on läppäri. EDIT tulivaan mieleen oireilu tapahtuu mun ulkoisen kovalevyn ekalla kansiolla. Kokeilin kovoa kaverilla ja sillä se toimi hyvin. Eli mun koneessani taitaa olla jotain.
