Kone temppuilee hijackloki

käynnistä nappi ja sitten suorita siihen tuo -->
Combofix /u ja painat enter

====================
sulla on siellä CCleaner aja sillä puhdistaja ja virheet

=============

vieläkös kone temppuillee

=========

scannaa uusi hjt:n loki

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:46, on 23.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Elisa\Anti-Virus\fsgk32st.exe
D:\Elisa\Common\FSMA32.EXE
D:\Elisa\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Elisa\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
D:\Elisa\Common\FCH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
D:\Elisa\Common\FSM32.EXE
D:\Elisa\FSGUI\ispnews.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
D:\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe
D:\Elisa\Anti-Virus\fsqh.exe
D:\Elisa\Common\FAMEH32.EXE
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Elisa\Anti-Virus\fssm32.exe
D:\Elisa\FSAUA\program\fsaua.exe
D:\Elisa\FWES\Program\fsdfwd.exe
D:\Elisa\FSGUI\fsguidll.exe
D:\Elisa\FSAUA\program\fsus.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Elisa\Anti-Virus\fsav32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\adobe\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Elisa\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Elisa\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "D:\Elisa\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [RemoteControl] D:\PDVDServ.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Program Files\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\HalfLife\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Tuki - {A3E0137A-2916-4120-8C77-63290A78DB14} - http://tuki.elisa.net/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {AC0C846A-42DA-4F21-AD53-D37B212D5C78} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: SMS-viesti - {F7FE1C58-BC27-4A05-BC8F-D671E80C7C0B} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Elisa\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Elisa\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Elisa\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Elisa\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9274 bytes

 

Ei nyt ainakaan näillä näkymin taida temppuilla.

Nytkö siltä on sitten poistettu kaikki virukset sun muut vai vieläkö jotain löytyy?

 

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)


===============

Käynnistä > suorita kirjoita msconfig > ok
Käynnistys välilehti

Ota alla olevien edestä ruksi pois

qttask
realsched
jusched
nwiz
WkUFind

käytä ja ok
Käynnistä kone uudelleen ja laita pikkuseen neliöön ruksi ja paina sitten vasta ok

 

Okei, se homma on ny hoidettu. Mitäs sitten?

 

Luo poistolista:
• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

 

Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Apple Mobile Device Support -tuki
Apple Software Update
ASUS Probe V2.22.02
Audacity 1.2.6
AVS DVD Player version 2.4
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
EPSON PhotoQuicker3.5
EPSON PRINT Image Framer Tool2.1
EPSON Web-To-Page
EPSON-tulostinohjelma
ESC46 Ohjelmiston käyttöopas
ESC46 Pikaopas
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTA San Andreas
GTAIII
Half-Life(R) 2
HammerHead Rhythm Station
HijackThis 2.0.2
Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
iTunes
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Joint Operations: Escalation
Joint Operations: Typhoon Rising
Logitech iTouch -ohjelmisto
Logitech MouseWare 9.75
MagicTune 2.5
Malwarebytes' Anti-Malware
Microsoft AutoRoute v11.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Picture It! Photo Standard 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Osien valitseminen
Microsoft Works Suiten Microsoft Word -lisäosan
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Natural Color
Nero OEM
NVIDIA Drivers
Opera 9.25
PIF DESIGNER2.1
PowerDVD
QuickTime
RealPlayer
ScanToWeb
Shockwave
Sonera Internet Avustaja
Sonera Tietoturva
SoundMAX
Steam(TM)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows XP:lle (KB923789)
System Requirements Lab
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WinZip 11.1
Yahoo! Install Manager
Yahoo! Toolbar

 

Poista lisää poista sovelutuksesta

Java(TM) 6 Update 3

 

Ja sitten?

 

ok..

 

Jaa että kaikki on nyt ok vai? No kamalasti kiitoksia avusta!