Hidastelee, Microsoftin ohjelmat ei toimi

LoBer · Mar 3, 2007

Ongelmana on että noin joka toisella käynnistyksellä on ihan hidasta toimintaa vaikka alussa ei avaudu kun viirustentorjunta ohjelma. Cookiesit on tyhjennetty ja regcleaneril siivottu ja kovoo tyhjennelty. Mutta suurin ongelma on että käyttiis tökkäilee ei mee välil kiinni, ja yleensä kaikes mis lukee Microsoft ei vaan pelitä. Koneen tiedot allekirjoituksessa, Vista ja muistii tulos lisää. Mut tähän laitan Hjt-login ja SmitfraudFix:n mut sillä oon jo kyl tehny cleanin:

Logfile of HijackThis v1.99.1
Scan saved at 22:22:18, on 3.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SMS-viesti - {A509AE0D-BA98-4A8A-B1B7-11EEE08580C0} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {C7E27440-643F-4319-9FF5-EED27E3CBE2D} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {F619C592-BA47-42F9-A7F4-28BC8D0882FF} - http://service.kolumbus.fi/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

SmitFraudFix v2.147

Scan done at 22:15:44,60, la 03.03.2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jusu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jusu\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jusu\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://64.4.18.250/cgi-bin/getmsg/p„„sein„„n.gif?curmbox=F000000001&a=66f086bdefacd5103aa14129abda00e9&msg=MSG1106572291.0&start=612648&len=131855&mimepart=28&disk=64.4.18.33_d1504&login=jusukettu&domain=hotmail%2ecom&hm___sig=dd1cb86801c50222061f898af53b2d01470b3a3b21dcd8ff"
"SubscribedURL"="http://64.4.18.250/cgi-bin/getmsg/p„„sein„„n.gif?curmbox=F000000001&a=66f086bdefacd5103aa14129abda00e9&msg=MSG1106572291.0&start=612648&len=131855&mimepart=28&disk=64.4.18.33_d1504&login=jusukettu&domain=hotmail%2ecom&hm___sig=dd1cb86801c50222061f898af53b2d01470b3a3b21dcd8ff"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.viihdekeskus.net/downloads/images/posticons/uhoh.gif"
"SubscribedURL"="http://www.viihdekeskus.net/downloads/images/posticons/uhoh.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://images.google.fi/images?q=tbn:M24WjhZGxQwJ:www.keskipiste.info/nuttulinna/kartta.gif"
"SubscribedURL"="http://images.google.fi/images?q=tbn:M24WjhZGxQwJ:www.keskipiste.info/nuttulinna/kartta.gif"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Hujo · Mar 3, 2007

C:\Program Files\HijackThis\HijackThis.exe <-- nimeä uudelleen pommiksi

aja tuosta

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

LoBer · Mar 3, 2007

Jep, kiitos ohjeista teen ne tuota pikaa, mutta Pandani löysi viime yönä Hjt-kansiosta viruksia ja mainoksia. Ja nimeänkö Hjt:n exe filun muotoon pommi.exe, kun en oikein tajunnut? Entäs tuossa Smitfraudfixis, oliko jotain ihmeellistä? No tulee kohta raportit...

LoBer · Mar 3, 2007

Logfile of HijackThis v1.99.1
Scan saved at 11:39:59, on 4.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avciman.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Program Files\HijackThis\pommi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SMS-viesti - {A509AE0D-BA98-4A8A-B1B7-11EEE08580C0} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {C7E27440-643F-4319-9FF5-EED27E3CBE2D} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {F619C592-BA47-42F9-A7F4-28BC8D0882FF} - http://service.kolumbus.fi/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Siiinäpä ois Hjt-raportti, ens editil tulee buutin jälkeen tuo vundofix!

EDIT: Kun VundoFix kävi skannauksen läpi, ja painoin että Remove Vundo, se valitti herjaa et ei ole Vundoa, ohjelma sulkeutuu. Täs ois se raportti:

VundoFix V6.3.12

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:42:56 4.3.2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Olikos tossa HjT-logissa jotain ihmeellistä?

Hujo · Mar 3, 2007

Printtaa ohjeet ulos.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.

LoBer · Mar 3, 2007

Katso edellinen viestini ja EDITIT, kiitos. Teen tuonkin...

Hujo · Mar 3, 2007

Poista lisää poista sovelutukseta nuo java versiot

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Click to expand...

LoBer · Mar 4, 2007

Ok, tässä SmitfraudFix:n rapportti, taustakuva hävis:

SmitFraudFix v2.147

Scan done at 11:58:50,26, su 04.03.2007
Run from C:\Documents and Settings\Jusu\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Hujo · Mar 4, 2007

sen saat kyllä asennetua takasin

LoBer · Mar 4, 2007

Joo en mä sitä, mut vaan et tartuntaa ei oo... Elikkä onkos vielä jotain mitä pitäs tehä? Vieläkään ei toimi MSN/Messengerit/Eikä pääse Windows Updateen eikä minnekkään. Ja muuten huomasin tos äsken kun yritin poistaa niitä javoja(en löytänyt), että uusimmat automaattiset päivitykset ovat tulleet helmikuussa 2006! Eli onko tässä jo aika huolestua? Olen määrittänyt Automaattisten Päivityksien tulon joka päivä ja automaattisesti.

Hujo · Mar 4, 2007

Oli siellä noita rekisteri juttuja

ajas tuosta

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
• Käynnistä tietokone
• Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
• Seuraavaksi pitäisi ilmestyä valikko
• Valitse valikosta vikasietotila.

• Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
• Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
• Paina Y käynnistääksesi skriptin.
• Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
• Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
• Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
• Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
• Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
• Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis lokin kera.

LoBer · Mar 4, 2007

Täs ois se SDFix:

SDFix: Version 1.69

Run by Jusu - su 04.03.2007 @ 12:41:30,54

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\Documents and Settings\Jusu\Ty”p”yt„\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\iexplore.exe - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Documents and Settings\\HP_Omistaja\\Työpöytä\\Pelit\\Spider-Man 2 Web of Words\\Spider-Man 2 Web of Words.exe"="C:\\Documents and Settings\\HP_Omistaja\\Työpöytä\\Pelit\\Spider-Man 2 Web of Words\\Spider-Man 2 Web of Words.exe:*:Enabled:Spider-Man 2 Web of Words"
"C:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"="C:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe:*:Enabled:Skyworks Ten Pin Championship Bowling"
"C:\\Documents and Settings\\Jusu\\Työpöytä\\Pelit\\Worms3D_english_demo\\bin\\Worms3D.exe"="C:\\Documents and Settings\\Jusu\\Työpöytä\\Pelit\\Worms3D_english_demo\\bin\\Worms3D.exe:*:Enabled:Worms3D"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe:*isabled:speed2"
"C:\\Documents and Settings\\Jusu\\Omat tiedostot\\Multiplay\\Multiplay.exe"="C:\\Documents and Settings\\Jusu\\Omat tiedostot\\Multiplay\\Multiplay.exe:*:Enabled:Multiplay"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\WinMX\\WinMX.exe"="C:\\Program Files\\WinMX\\WinMX.exe:*:Enabled:WinMX Application"
"E:\\BIN\\WIN32\\PLAYER.EXE"="E:\\BIN\\WIN32\\PLAYER.EXE:*:Enabled:Macromedia Projector"
"C:\\Documents and Settings\\Jusu\\Local Settings\\Temp\\Rar$EX04.359\\bin\\Worms3D.exe"="C:\\Documents and Settings\\Jusu\\Local Settings\\Temp\\Rar$EX04.359\\bin\\Worms3D.exe:*:Enabled:Worms3D"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Suorita DLL sovelluksena"
"C:\\Program Files\\Gold Miner\\GoldMiner.exe"="C:\\Program Files\\Gold Miner\\GoldMiner.exe:*:Enabled:Gold Miner "
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Messenger 8.0 Beta (Phone)"
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Documents and Settings\\Jusu\\Työpöytä\\DCPlusPlus.exe"="C:\\Documents and Settings\\Jusu\\Työpöytä\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Documents and Settings\\HP_Omistaja\\Työpöytä\\RevConnect\\DCPlusPlus.exe"="C:\\Documents and Settings\\HP_Omistaja\\Työpöytä\\RevConnect\\DCPlusPlus.exe:*:EnabledC++"
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"="C:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe:*:Enabled:msn"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Documents and Settings\\Jusu\\Työpöytä\\StrongDC++\\StrongDC.exe"="C:\\Documents and Settings\\Jusu\\Työpöytä\\StrongDC++\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Documents and Settings\\Jusu\\Työpöytä\\utorrent-1.6.1-beta-build-483.exe"="C:\\Documents and Settings\\Jusu\\Työpöytä\\utorrent-1.6.1-beta-build-483.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Jusu\\Työpöytä\\Leffat\\utorrent-1.6.1-beta-build-483.exe"="C:\\Documents and Settings\\Jusu\\Työpöytä\\Leffat\\utorrent-1.6.1-beta-build-483.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Messenger 8.0 Beta (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Jusu\TYPYT~1\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\Documents and Settings\Jusu\Application Data\Macromedia\Shockwave Player\xtras\download\AndradeArts\Music\BASSMOD.dll
C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll
C:\Program Files\Canon\MP Navigator 2.0\Maint.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\03a93c656b57e1887f7f4816d8509c52\BIT12A.tmp

Add/Remove Programs List:

EA SPORTS online 2007
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Photoshop CS3
AviScreen Classic Version 1.3
AviTricks Classic version 1.65
BitComet 0.70
Canon Utilities Easy-PhotoPrint
Easy-WebPrint
eMule
EVEREST Home Edition v2.20
Express Rip Uninstall
Gaim (vain poisto)
GTK+ Runtime 2.10.7 rev a (vain poisto)
Guitar Pro 5.0
HAM
HijackThis 1.99.1
Canon Utilities PhotoStitch 3.1
Canon RemoteCapture Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
iTunes
Canon RAW Image Task for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Call of Duty(R) 2
High Definition Audio Driver Package - KB835221
Microsoft Data Access Components KB870669
Microsoft Base Smart Card Cryptographic Service Provider Package
KBD
K-Lite Codec Pack 2.76 Full Beta 1
Microsoft .NET Framework 2.0
Mozilla Firefox (2.0.0.2)
Canon MP Navigator 2.0
NVIDIA Drivers
Pack Vista Inspirat 1.1
Panda ActiveScan
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
RecordPad Sound Recorder Uninstall
Serious Samurize
Macromedia Flash Player 8
SiS VGA Utilities
Spybot - Search & Destroy 1.4
StrokeIt (remove only)
TweakNow RegCleaner Standard
Unlocker 1.8.5
Windows XP Service Pack 2
The GIMP 2.3.14
WinRAR archiver
Wisdom-soft ScreenHunter 4.0 Free
Windows Media Connect
Yahoo! Widget Engine
hpg8200
Canon PhotoRecord
Nokia PC Connectivity Solution
Nokia Connectivity Cable Driver
hpg4600
HP Photo & Imaging 3.5 - HP Devices
Adobe Fonts All
Microsoft Visual J# .NET Redistributable Package 1.1
hpg3970
PhotoStitch
HP Diagnostic Assistant
Adobe Photoshop CS2
Scan
Adobe Device Central CS3
RemoteCapture Task 1.1
CameraDrivers
Internet Library
InterVideo WinDVD Creator 2
J2SE Runtime Environment 5.0 Update 6
iTunes
Google Earth
WingMan Software
Microsoft .NET Framework 1.1 Finnish Language Pack
HP Software Update
RAW Image Task 1.2
Tikkurilan V„risuunnitteluohjelma
Camera Window DVC
Adobe WinSoft Linguistics Plugin
Nokia PC Suite
Macromedia Extension Manager
FIFA 07
HP Image Zone Plus 4.2
Windows Genuine Advantage v1.3.0254.0
2006 FIFA World Cup (TM)
Power Tab Editor 1.7
Nero 7 Demo
Microsoft .NET Framework 2.0
Adobe Asset Services CS3
Adobe Stock Photos CS3
Adobe Stock Photos 1.0
DAEMON Tools
Nokia Software Updater
ArcSoft PhotoStudio 5.5
QFolder
Microsoft Baseline Security Analyzer 2.0
MovieEdit Task
Adobe Common File Installer
Microsoft Office XP Professional ja FrontPage
Microsoft Word 2002
Camera Window DS
InterVideo WinDVD Player
Adobe PDF Library Files
Camera Support Core Library
Sonic RecordNow!
Panda Titanium 2006 Antivirus + Antispyware
Adobe Anchor Service CS3
Adobe Type Support
Adobe Reader 7.0 - Suomi
hpg5530
Adobe Camera Raw 4.0
Adobe Bridge 1.0
Canon MP500
ConvertXtoDVD 2.1.12.214
Adobe Version Cue CS3 Client
digiTOP
Canon ZoomBrowser EX
Camera Window MC
Adobe Setup
Colin McRae Rally 2005
Adobe Bridge Start Meeting
PopStaraoke
Call of Duty(R) 2
NHL06
Adobe Default Language CS3
Adobe CMaps
HpSdpAppCoreApp
Adobe Linguistics CS3
LEGO Star Wars
Adobe Help Center 1.0
hpg2436
Adobe XMP Panels CS3
Adobe Photoshop CS3
Adobe Help Viewer 1.1
Adobe ExtendScript Toolkit 2
HP Deskjet Preloaded Printer Drivers
Adobe Bridge CS3
Microsoft Windows XP -k„ytt”j„rjestelm„n ohjatun CD-levylle tallentamisen HighMAT-laajennus

Finished

Sitte Hjt:

Logfile of HijackThis v1.99.1
Scan saved at 13:00:35, on 4.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\pommi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SMS-viesti - {A509AE0D-BA98-4A8A-B1B7-11EEE08580C0} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {C7E27440-643F-4319-9FF5-EED27E3CBE2D} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {F619C592-BA47-42F9-A7F4-28BC8D0882FF} - http://service.kolumbus.fi/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Hujo · Mar 4, 2007

scannaa hjt:llä merkkaa paina Fix checked

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

LoBer · Mar 4, 2007

Täs ois viel fixattuna Hjt:

Logfile of HijackThis v1.99.1
Scan saved at 16:41:58, on 4.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\pommi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SMS-viesti - {A509AE0D-BA98-4A8A-B1B7-11EEE08580C0} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {C7E27440-643F-4319-9FF5-EED27E3CBE2D} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {F619C592-BA47-42F9-A7F4-28BC8D0882FF} - http://service.kolumbus.fi/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Nytkö niinkun pitäs olla kone kunnossa, joko kehtaan Mesee yrittää asennuttaa?

Hujo · Mar 4, 2007

Kyllä tolla kehtaa netissä rymistellä

LoBer · Mar 4, 2007

Niin oliko tossa jokin tartunta/reksterimerkintä mikä olisi estänyt MSN-ohjelmat?

LoBer · Mar 4, 2007

Eli tämmöstä herjaa tulee ihan mikä versio ois vaan käsis:

LoBer · Mar 4, 2007

Ei siis vieläkään toimi MSN, MSN Messenger, IE, Automaattiset Päivitykset...
Onko jossain koneen asetuksissa nyt vikaa???

LoBer · Mar 4, 2007

Voi Vittu kun on kivaa!!!! Sain toimiin msgplus.netin ohjeilla jotka piti syöttää suorita komentoon!!!!

Hujo · Mar 4, 2007

joskus tuo takkuaa. Pitää välillä ootella.

eikös tuo ollut pois

Java
http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6.0
Täppi kohtaan Accept ja sitten klikkaa Windows Offline Installation, Multi-language

Log in or Sign up

Hidastelee, Microsoftin ohjelmat ei toimi

LoBer Regular member

Hujo Guest

LoBer Regular member

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

LoBer Regular member

LoBer Regular member

LoBer Regular member

Hujo Guest

Share This Page

Log in or Sign up

Hidastelee, Microsoftin ohjelmat ei toimi

LoBer Regular member

Hujo Guest

LoBer Regular member

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

Hujo Guest

LoBer Regular member

LoBer Regular member

LoBer Regular member

LoBer Regular member

Hujo Guest

Share This Page

Useful Searches