Eli kone sammuu itsestään, netti toimii välillä, välillä ei. LÄmpötilat mitattu, f-secure uudelleen asennettu, ajettu regseeker,malwarebytes, adaware (eli niitä ohjelmia mitä täällä yleensä näihin ongelmiin suositellaan). Mutta mitään ei löydy! Eli hijackthis logi alla: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:48, on 9.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ASUSKBService.exe E:\Program Files\CPUCooL\CooLSrv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe E:\Program Files\daemon.exe C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:en-US:official R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:en-US:official R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:en-US:official R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/firefox?client=firefox-a&rls=org.mozilla:en-US:official R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll (file missing) O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Lapsilukko... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} (F-Secure Online Scanner 2.1 (CD version)) - file://C:\Documents and Settings\Taashätä\Local Settings\Temp\OnlineScanner\is2007ols\fscax.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4984/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B3B590F4-66CA-40B5-BBDF-0DB645DC0172}: NameServer = 217.78.196.2,217.78.196.18 O17 - HKLM\System\CCS\Services\Tcpip\..\{D717DA1F-1A16-4AEB-A0EC-834C196CF1A5}: NameServer = 217.78.196.2,217.78.196.18 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - E:\Program Files\CPUCooL\CooLSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - E:\Program Files\MCAfee\Msssrv.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9759 bytes
Luo poistolista: • Avaa HiJackThis • Klikkaa "Configure" valintaa oikealla alhaalla • Klikkaa "Misc Tools" • Klikkaa boxia joka sanoo "Uninstall Manager" • Klikkaa valintaa "Save list" • Kopioi ja liitä kyseinen lista muistiosta ketjuusi
Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Shockwave Player AngelPotion Video Codec V1 ArcSoft Camera Suite ArcSoft Camera Suite 1.3 ArcSoft PhotoImpression 5 Asterix Mega Madness Mini Game ASUS Enhanced Display Driver ASUS GameFace Live ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI-ohjelmiston poisto-ohjelma AudibleManager Auto Gordian Knot 2.45 AVIcodec (remove only) AviSynth 2.5 Barbie® Super Sports Call of Duty Canon Camera Support Core Library Canon Camera Window for ZoomBrowser EX Canon Digital Camera USB TWAIN Driver Canon Internet Library for ZoomBrowser EX Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver Canon IXY 300a, PowerShot S330, IXUS 330 WIA Driver Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon PowerShot A100 WIA Driver Canon PowerShot S45 WIA Driver Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities PhotoStitch 3.1 Canon Utilities RAW Image Converter2 Canon Utilities RemoteCapture 2.4 Canon Utilities ZoomBrowser EX C-Media 3D Audio Codec Pack - All In 1 6.0.3.0 CPUCooL (remove only) Creative MediaSource Creative MuVo NX-TX Creative System Information Creative WebCam Center Creative WebCam Instant Driver (1.00.08.0416) Creative WebCam Instant User's Guide (English) Creative ZEN Nano Plus DAEMON Tools Disney's Lilo & Stitch Trouble in Paradise DivX Codec DivX Converter D-Link AirPlus XtremeG+ Wireless LAN Adapter DVD Decrypter (Remove Only) DVD Genie (remove only) DVD Master Backup DVD Shrink 3.2 DVDAuthorGUI (remove only) EasyCleaner ffdshow (remove only) FlashFXP v3 Foxit Reader Free Tetrix F-Secure Internet Security 2008 GigaStaraoke 1.3 GIMP 2.4.1 Google Earth Google Video Player GTK+ 2.6.7 runtime environment Harry Potter - Quidditch World Cup Harry Potter TM HijackThis 2.0.2 Hotfix for Windows XP (KB952287) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 InCD (Ahead Software) iTunes Java 2 Runtime Environment, SE v1.4.2_04 K-Lite Codec Pack Logitech MouseWare 9.79.1 MailWasher Malwarebytes' Anti-Malware Max Payne 2 McAfee AntiSpyware McDonald's Fairies Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Beta 2 Microsoft Data Access Components KB870669 Microsoft Office Professional Edition 2003 Microsoft Web Publishing Wizard 1.53 Mozilla Firefox (1.5.0.5) Mozilla Firefox (2.0.0.14) Mozilla Firefox (2.0.0.4) Mozilla Firefox (3.0.4) Mozilla Thunderbird (1.5.0.10) Mozilla Thunderbird (2.0.0.16) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Music Manager Muumit ja Taikurin hattu MuVo Driver MyDVD Natural Color Nero 6 Ultra Edition netViz Demo Nokia Connectivity Cable Driver OCR Software by I.R.I.S 7.0 OpenAL OpenOffice.org 2.0 PC Connectivity Solution PC-cillin 2002 Pekka Kana 2 PennyHorse Pinnacle MPEG Realtime Codec Poista Runoreissu PowerDVD PowerQuest PartitionMagic 8.0 Prince of Persia The Sands of Time (Demo) Prince of Persia Warrior Within QuickTime Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) ShowBiz SiS 661FX_760_741_M661FX_M760_M741 SiS 900 PCI Fast Ethernet Adapter Driver Skype™ 3.8 SolveigMM AVI Trimmer SolveigMM WMP Trimmer Plugin SONIC HEROES TaloCD 2000 Versio 1.1 Tetris (remove only) The Incredibles The Sims 2 The Sims 2 Yliopisto The Sims™ 2 Lemmikkielämää Tomb Raider: Legend 1.0 Tony Hawk's Underground 2 Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) VideoLAN VLC media player 0.8.6c Winamp (remove only) Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) Windows Driver Package - Nokia Modem (02/15/2007 3.1) Windows Driver Package - Nokia Modem (02/15/2007 3.1) Windows Live Messenger Windows Media Format Runtime Windows Media Player 10 Windows WMF Metafile Vulnerability HotFix 1.2 Windows XP Service Pack 3 WinRAR v3.20 WinZip VobSub v2.23 (Remove Only) Worms 3D XviD MPEG-4 Video Codec XviD MPEG4 Video Codec (remove only)
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi ================= 1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ================ Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi. Käynnistä koneesi vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä hakkaa F8 nappia valitse nuolinäppäimellä vikasietotila paina enter ja enter valitse käyttäjätilisi paina kyllä Jossakin koneissa hakataan F8:sin sijasta F5:tä " Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix. " Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman. " Paina Y käynnistääksesi skriptin. " Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot". " Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen. " Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta. " Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished". " Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle. " Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
