apua! kone tökkii pahasti!!! hjt loki.

voisko joku auttaa aloitteliaa kun kone hidastelee??? Tässä olis hjt loki tutkittavaksi!!Logfile of HijackThis v1.99.1
Scan saved at 15:27:29, on 4.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=22028
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

Fixaa nämä HJT:llä:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe

Poista java lisää poista sovellutuksesta

Lataa tuolta uusi java
http://java.sun.com/javase/downloads/index.jsp
Java Runtime Environment (JRE) 5.0 Update 9

Käy hae eScan ja skannaa kone sillä: http://koti.mbnet.fi/pattaya1/escanmwav.htm
Päivitä ihan ekaks, ohjeet löytyy tuolta sivulta, päivitystapa 2.

Kun oot saanu nuo tehtyä, lähetä tuo eScan logi, sekä uus HJT logi.

 

eli fixattu on,ja tässä uudet lokit.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temp\em3156\HbTools.mlpX tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temp\em3416\HbTools.mlpX tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temp\em3908\HbTools.mlpX tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temp\wh_cc.exe tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temp\WZS3.tmp\wbhshare.dll tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temporary Internet Files\Content.IE5\VRS19QYQ\hbtools[1].exe tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Documents and Settings\Titta-Riina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-3bde87bc.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Titta-Riina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-521c4f7f-458e9f94.zip infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Titta-Riina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-5a32f184-33f8e2e9.zip infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Titta-Riina\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-19304a-5da725b1.zip infected by "Trojan-Downloader.Java.OpenConnection.aj" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Titta-Riina\Local Settings\Temporary Internet Files\Content.IE5\ZZKF3ELI\popup[1].htm infected by "Trojan-Clicker.HTML.Agent.a" Virus. Action Taken: File Deleted.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc84.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc85.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP326\A0057550.exe tagged as not-a-virus:AdWare.Win32.Trymedia.b. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP326\A0057551.exe tagged as not-a-virus:AdWare.Win32.Trymedia.b. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP326\A0057552.exe tagged as not-a-virus:AdWare.Win32.Trymedia.b. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP326\A0057553.exe tagged as not-a-virus:AdWare.Win32.Trymedia.b. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP326\A0057554.exe tagged as not-a-virus:AdWare.Win32.Trymedia.b. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP326\A0057555.exe tagged as not-a-virus:AdWare.Win32.Trymedia.b. No Action Taken.
File C:\System Volume Information\_restore{5D94A54E-D239-44D0-B6B7-00803564F9D4}\RP330\A0058046.exe tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
Logfile of HijackThis v1.99.1
Scan saved at 14:53:54, on 5.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

Nuo fixiin:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Ser...omeLeftPane.htm
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

Tyhjennä tämä hakemisto:

C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temp\

Tyhjennä roskakori

Putsaa järjestelmänpalautus:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

Käynnistä uudelleen

Skannaa uudelleen eScanilla.

Lähetä escanin loki ja uusi HjT-loki.

 

nyt on fixattu tässä on escan loki ja hjt loki.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temporary Internet Files\Content.IE5\VRS19QYQ\hbtools[1].exe tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temporary Internet Files\Content.IE5\VRS19QYQ\hbtools[1].exe tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc84.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc85.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temporary Internet Files\Content.IE5\VRS19QYQ\hbtools[1].exe tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc84.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc85.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
Logfile of HijackThis v1.99.1
Scan saved at 11:49:19, on 6.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\hijackthis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc84.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc85.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.

 

Hae KillBox

http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Pura,avaa ja täppi kohtaan Delete on Reboot
Sitte kopioi rivit tosta alapuolelta yhellä kertaa

C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temporary Internet Files\Content.IE5\VRS19QYQ\hbtools[1].exe
C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP
C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc84.TMP
C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc85.TMP

Sitten KillBoxissa ylhäältä File > Paste from Clipboard
Valitse "All Files".Sen jälkeen paina Delete (punainen, jossa on valkonen X)
Vastaa myöntävästi kysymyksiin ja jos kone ei itestään käynnisty uudestaan,niin käynnistä se.

Skannaa uudestaan escanilla

Lähetä sen jälkeen uus Hijack-logi ja escanin tulokset.

 

mistä löydän nämä koneelta?
C:\Documents and Settings\Janita Von Pfaler\Local Settings\Temporary Internet Files\Content.IE5\VRS19QYQ\hbtools[1].exe
C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP
C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc84.TMP
C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc85.TMP

 

Maalaa nuo rivit hiirellä yhdellä kertaa ja sitten kopioi ne leikepöydälle (ctrl+c) ja liitä killboxiin (File > Paste from Clipboard ); se huolehtii kyllä noiden tiedostojen poistosta

 

tässä olis uudet escan ja hjt loki
File C:\!KillBox\Dc84.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\!KillBox\Dc84.TMP( 3) tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\!KillBox\Dc85.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\!KillBox\Dc85.TMP( 2) tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\!KillBox\hbtools[1].exe tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\!KillBox\hbtools[1].exe( 4) tagged as not-a-virus:AdWare.Win32.HotBar.bq. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc128.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc392.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc393.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc394.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc395.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc396.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc397.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc398.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc399.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
File C:\RECYCLER\S-1-5-21-3194234092-980385439-845768119-1007\Dc400.TMP tagged as not-a-virus:AdWare.Win32.WebHancer.214. No Action Taken.
Logfile of HijackThis v1.99.1
Scan saved at 23:23:36, on 8.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\hijackthis\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

 

Tyhjennä:

C:\!KillBox\

Tyhjennä Roskakori

Vielä ongelmia?

 

kiitoksia toivottavasti ongelmat on ohi