Svchost.exe käyttää 100 % cpu:ta, eikä tule kuntoon millään...

Gingered · Dec 18, 2006

Eli olen googlettanu tätä ongelmaa aikas paljon, mutta ei ratkasua tunnu löytyvän.(suomen kielisiltä sivuilta, kun tuo englannin kieli on vähä hakusessa) Koneen käynnistyksen jälkeen svchost.exe käyttää prossun tehoa 100% joidenkin minuuttien ajan, minkä jälkeen svchostin muistin käyttö jää aika suureksi 30 000 - 60 000kt. Myös windows update sivulla päivityksiä etsiessä käy samoin joka kerta. Silloin kun prossu jauhaa 100% on svchostin muistin käyttö jopa 100 000kt. Kaikenlaisia scannereita olen ajellut jne. Mitähän tietoja pitäis kertoa, että joku pystyis ongelmaa ruveta ratkomaan? Prossu Amd Athlon XP 2600+, 1Gt muistia ja Xp Home käyttis + SP 2. Nii Elisa-tietoturva (F-Secure).

Logfile of HijackThis v1.99.1
Scan saved at 20:10:07, on 18.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Hjt\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Gingered · Dec 18, 2006

Tässä vielä eScannin virus log:

File C:\Karrin\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Karrin\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

Hujo · Dec 18, 2006

jauhas tolla

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Gingered · Dec 18, 2006

Omistaja - 06-12-19 11:41:26,90 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Karrin"

((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))

2006-12-18 21:26 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-18 21:26 <KANSIO> d-------- C:\Program Files\Grisoft
2006-12-18 20:59 <KANSIO> d--h----- C:\WINDOWS\PIF
2006-12-18 20:54 <KANSIO> d-------- C:\Downloads
2006-12-18 20:54 <KANSIO> d-------- C:\Bases
2006-12-18 20:09 <KANSIO> d-------- C:\Hjt
2006-12-18 19:07 <KANSIO> d-------- C:\Kaspersky
2006-12-17 20:15 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-12-17 20:15 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-12-17 20:14 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-12-17 20:14 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-12-17 20:14 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-12-17 20:14 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-12-17 20:14 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-12-17 20:14 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-12-17 20:11 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ahead
2006-12-17 20:06 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-17 20:05 24,064 -ra------ C:\WINDOWS\system32\msxml3a.dll
2006-12-17 20:05 1,708,032 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-17 20:02 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2006-12-17 20:02 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2006-12-17 20:02 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2006-12-17 20:02 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2006-12-17 20:02 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2006-12-17 20:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2006-12-16 22:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\X10 Settings
2006-12-16 22:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2006-12-16 22:01 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2006-12-16 22:01 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2006-12-16 22:01 <KANSIO> d-------- C:\Program Files\Common Files\ATI
2006-12-16 21:52 <KANSIO> d-------- C:\Program Files\ATI Multimedia
2006-12-16 19:45 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-16 19:43 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2006-12-16 19:39 <KANSIO> d-------- C:\ATI
2006-12-16 19:06 <KANSIO> d-------- C:\Program Files\Lavasoft
2006-12-16 19:06 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Lavasoft
2006-12-16 17:15 <KANSIO> d-------- C:\Program Files\EA SPORTS
2006-12-16 07:51 <KANSIO> dr-h----- C:\Documents and Settings\Omistaja\Recent
2006-12-16 06:48 <KANSIO> d-------- C:\Team17
2006-12-14 15:21 <KANSIO> d-------- C:\Program Files\Alawar
2006-12-14 14:24 2,650 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-14 14:21 <KANSIO> d-------- C:\Program Files\CCleaner
2006-12-14 14:04 <KANSIO> d-------- C:\Documents and Settings\Omistaja\WINDOWS
2006-12-14 12:26 <KANSIO> d-------- C:\Program Files\VIA
2006-12-14 12:05 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-12-14 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\ATI
2006-12-14 11:26 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2006-12-14 11:26 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2006-12-14 11:26 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2006-12-14 11:23 168,832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2006-12-14 11:13 <KANSIO> d-------- C:\Program Files\ToniArts
2006-12-13 00:28 <KANSIO> d-------- C:\WINDOWS\Sun
2006-12-10 11:53 84,512 -ra------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2006-12-10 11:53 6,080 -ra------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2006-12-10 11:53 6,080 -ra------ C:\WINDOWS\system32\drivers\ss_cm.sys
2006-12-10 11:53 6,064 -ra------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2006-12-10 11:52 52,384 -ra------ C:\WINDOWS\system32\drivers\ss_bus.sys
2006-12-10 11:52 5,744 -ra------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2006-12-10 11:52 5,744 -ra------ C:\WINDOWS\system32\drivers\ss_wh.sys
2006-12-10 11:50 <KANSIO> d-------- C:\Program Files\Samsung
2006-12-01 16:49 <KANSIO> d-------- C:\Program Files\ffdshow
2006-11-29 00:07 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-29 00:07 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-11-29 00:07 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-11-29 00:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-11-29 00:07 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-29 00:07 <KANSIO> d-------- C:\Program Files\Winamp
2006-11-28 23:26 <KANSIO> d-------- C:\Program Files\RevConnect
2006-11-26 15:03 <KANSIO> d-------- C:\WINDOWS\WBEM
2006-11-26 15:00 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 14:38 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-26 14:37 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2006-11-26 14:37 <KANSIO> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-26 14:37 <KANSIO> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-25 14:35 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-25 14:35 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-25 14:30 <KANSIO> d-------- C:\Config.Msi
2006-11-24 00:24 <KANSIO> d-------- C:\80_LUKU
2006-11-24 00:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-11-24 00:21 <KANSIO> d-------- C:\Program Files\DVD Shrink
2006-11-23 13:14 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2006-11-23 13:14 <KANSIO> d-------- C:\Program Files\Microsoft Office
2006-11-23 13:13 <KANSIO> dr-h----- C:\MSOCache
2006-11-23 12:42 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2006-11-23 12:41 <KANSIO> d--h-c--- C:\WINDOWS\ie7
2006-11-23 12:39 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2006-11-22 13:55 <KANSIO> d-------- C:\Program Files\DVD Decrypter
2006-11-22 13:08 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4119343L.exe
2006-11-20 11:21 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2006-11-20 11:20 79,679 --a------ C:\WINDOWS\system32\E_FLMADE.DLL
2006-11-20 11:20 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2006-11-20 11:20 64,000 --a------ C:\WINDOWS\system32\E_FBCBADE.DLL
2006-11-20 11:20 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-11-20 11:20 479,232 --a------ C:\WINDOWS\system32\PICSDK.dll
2006-11-20 11:20 34,304 --a------ C:\WINDOWS\system32\E_FBCHADE.DLL
2006-11-20 11:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-20 11:20 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2006-11-20 11:19 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-20 11:14 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2006-11-20 11:14 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2006-11-20 11:14 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2006-11-20 11:14 <KANSIO> d-------- C:\Program Files\epson

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-19 11:39 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-18 14:06 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Macromedia
2006-12-17 20:07 -------- d-------- C:\Program Files\Ahead
2006-12-17 20:02 -------- d-------- C:\Program Files\Common Files
2006-12-16 22:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-16 19:43 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe
2006-12-14 13:10 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 13:10 -------- d-------- C:\Program Files\Common Files\System
2006-12-13 11:53 -------- d---s---- C:\Documents and Settings\Omistaja\Application Data\Microsoft
2006-12-13 00:32 -------- d-------- C:\Program Files\Java
2006-12-09 11:07 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-09 10:55 -------- d-------- C:\Program Files\Ubisoft
2006-12-07 08:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-26 15:05 -------- d-------- C:\Program Files\Internet Explorer
2006-11-26 14:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-25 14:31 -------- d-------- C:\Program Files\Elisa Tietoturvapalvelu
2006-11-20 11:25 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-16 21:51 -------- d-------- C:\Program Files\MSN Messenger
2006-11-16 21:16 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Identities
2006-11-16 05:47 118842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-4119343L.exe
2006-11-16 05:44 -------- d-------- C:\Program Files\Adobe
2006-11-16 05:23 -------- d-------- C:\Program Files\Movie Maker
2006-11-16 05:22 -------- d-------- C:\Program Files\Windows NT
2006-11-16 05:22 -------- d-------- C:\Program Files\NetMeeting
2006-11-16 05:03 -------- d-------- C:\Program Files\xerox
2006-11-16 05:03 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-16 05:02 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-16 05:02 -------- d-------- C:\Program Files\Common Files\Java
2006-11-16 05:02 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Sun
2006-11-16 05:01 0 -rahs---- C:\MSDOS.SYS
2006-11-16 05:01 0 -rahs---- C:\IO.SYS
2006-11-16 05:01 0 --a------ C:\CONFIG.SYS
2006-11-16 05:01 0 --------- C:\AUTOEXEC.BAT
2006-11-16 05:00 -------- d-------- C:\Program Files\Online Services
2006-11-16 05:00 -------- d-------- C:\Program Files\Common Files\Services
2006-11-16 05:00 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-16 04:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-16 04:59 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-16 04:59 -------- d-------- C:\Program Files\MSN
2006-11-16 04:59 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-15 23:53 -------- d-------- C:\Program Files\BitComet
2006-11-15 22:09 -------- d-------- C:\Program Files\WinRAR
2006-11-15 21:30 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Help
2006-11-15 21:14 -------- d-------- C:\Program Files\Windows Media Player
2006-11-15 21:12 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-11-15 21:12 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-11-15 21:12 -------- d-------- C:\Program Files\Messenger
2006-11-15 20:52 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-15 20:50 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-15 20:49 -------- d-------- C:\Program Files\WinImage
2006-11-15 20:27 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Mozilla
2006-11-15 20:11 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-15 20:11 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2006-11-15 20:11 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Adobe
2006-11-15 20:03 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\F-Secure
2006-11-15 19:54 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\PEX
2006-11-15 19:53 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\ispnews
2006-11-15 18:54 62 --ahs---- C:\Documents and Settings\Omistaja\Application Data\desktop.ini
2006-11-15 18:54 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-15 18:54 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-20 03:39 713728 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ATI Remote Control"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\ispnews.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"EPSON Stylus DX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADE.EXE /P26 \"EPSON Stylus DX4800 Series\" /O6 \"USB001\" /M \"Stylus DX4800\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061218-203442-778
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-12-19 11:42:05.96
C:\ComboFix.txt ... 06-12-19 11:42

Gingered · Dec 19, 2006

Eikö oikeesti kukaan tiedä mikä mahtaa olla vikana??

Hujo · Dec 19, 2006

ajas tuo

Lataa VundoFix.exe
http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

• Tupla-klikkaa VundoFix.exe ajaaksesi sen.
• Klikkaa Scan for Vundo valintaa.
• Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
• Sinulta kysytään haluatko poistaa filut - klikkaa YES.
• Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
• Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
• Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

Gingered · Dec 20, 2006

Tämmösen tuloksen sai Vundo, eikä ruvennu käynnistelee uudestaan

VundoFix V6.2.13

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.9

Scan started at 12:54:19 20.12.2006

Listing files found while scanning....

No infected files were found.

Beginning removal...

Sit tää Hjt

Logfile of HijackThis v1.99.1
Scan saved at 13:01:11, on 20.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Hjt\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Hujo · Dec 20, 2006

Sulla pitäis lisää poista sovelutuksesta löytyä

Java version is 1.4.2.3 poista tuo

Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
tai täältä >
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.

Lähetä uusi HjT-loki ja c:\fixwareout\report.txt sisältö

Gingered · Dec 20, 2006

Jep, jep. Eli poistin ton javan ja logit olis tässä.

Logfile of HijackThis v1.99.1
Scan saved at 0:29:41, on 21.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsqh.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\PROGRA~1\ELISAT~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Hjt\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Elisa Tietoturvapalvelu.lnk = C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - BackWeb Technologies Inc. - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Fixwareout
Last edited 12/06/2006
Post this report in the forums please
...
Prerun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

...
...
Reg Entries that were deleted
...

Random Runs removed from HKLM
...
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

...

Hujo · Dec 20, 2006

Ota uusi combofix loki

Gingered · Dec 20, 2006

Omistaja - 06-12-21 1:12:58,73 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Omistaja\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-11-21 to 2006-12-21 ))))))))))))))))))))))))))))))))))

2006-12-21 00:21 <KANSIO> d-------- C:\fixwareout
2006-12-20 12:54 <KANSIO> d-------- C:\VundoFix Backups
2006-12-18 21:26 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-18 21:26 <KANSIO> d-------- C:\Program Files\Grisoft
2006-12-18 20:59 <KANSIO> d--h----- C:\WINDOWS\PIF
2006-12-18 20:54 <KANSIO> d-------- C:\Downloads
2006-12-18 20:54 <KANSIO> d-------- C:\Bases
2006-12-18 20:09 <KANSIO> d-------- C:\Hjt
2006-12-18 19:07 <KANSIO> d-------- C:\Kaspersky
2006-12-17 20:15 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-12-17 20:15 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-12-17 20:14 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-12-17 20:14 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-12-17 20:14 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-12-17 20:14 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-12-17 20:14 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-12-17 20:14 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-12-17 20:11 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Ahead
2006-12-17 20:06 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-12-17 20:05 24,064 -ra------ C:\WINDOWS\system32\msxml3a.dll
2006-12-17 20:05 1,708,032 --------- C:\WINDOWS\UNNeroVision.exe
2006-12-17 20:02 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2006-12-17 20:02 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2006-12-17 20:02 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2006-12-17 20:02 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2006-12-17 20:02 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2006-12-17 20:02 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2006-12-16 22:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\X10 Settings
2006-12-16 22:03 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2006-12-16 22:01 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2006-12-16 22:01 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2006-12-16 22:01 <KANSIO> d-------- C:\Program Files\Common Files\ATI
2006-12-16 21:52 <KANSIO> d-------- C:\Program Files\ATI Multimedia
2006-12-16 19:45 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-12-16 19:43 <KANSIO> d-------- C:\Program Files\Radeon Omega Drivers
2006-12-16 19:39 <KANSIO> d-------- C:\ATI
2006-12-16 19:06 <KANSIO> d-------- C:\Program Files\Lavasoft
2006-12-16 19:06 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Lavasoft
2006-12-16 17:15 <KANSIO> d-------- C:\Program Files\EA SPORTS
2006-12-16 07:51 <KANSIO> dr-h----- C:\Documents and Settings\Omistaja\Recent
2006-12-16 06:48 <KANSIO> d-------- C:\Team17
2006-12-14 15:21 <KANSIO> d-------- C:\Program Files\Alawar
2006-12-14 14:24 2,650 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-14 14:21 <KANSIO> d-------- C:\Program Files\CCleaner
2006-12-14 14:04 <KANSIO> d-------- C:\Documents and Settings\Omistaja\WINDOWS
2006-12-14 12:26 <KANSIO> d-------- C:\Program Files\VIA
2006-12-14 12:05 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-12-14 11:31 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\ATI
2006-12-14 11:26 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2006-12-14 11:26 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2006-12-14 11:26 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2006-12-14 11:23 168,832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2006-12-14 11:13 <KANSIO> d-------- C:\Program Files\ToniArts
2006-12-13 00:28 <KANSIO> d-------- C:\WINDOWS\Sun
2006-12-10 11:53 84,512 -ra------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2006-12-10 11:53 6,080 -ra------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2006-12-10 11:53 6,080 -ra------ C:\WINDOWS\system32\drivers\ss_cm.sys
2006-12-10 11:53 6,064 -ra------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2006-12-10 11:52 52,384 -ra------ C:\WINDOWS\system32\drivers\ss_bus.sys
2006-12-10 11:52 5,744 -ra------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2006-12-10 11:52 5,744 -ra------ C:\WINDOWS\system32\drivers\ss_wh.sys
2006-12-10 11:50 <KANSIO> d-------- C:\Program Files\Samsung
2006-12-01 16:49 <KANSIO> d-------- C:\Program Files\ffdshow
2006-11-29 00:07 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-29 00:07 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-11-29 00:07 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-11-29 00:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-11-29 00:07 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-29 00:07 <KANSIO> d-------- C:\Program Files\Winamp
2006-11-28 23:26 <KANSIO> d-------- C:\Program Files\RevConnect
2006-11-26 15:03 <KANSIO> d-------- C:\WINDOWS\WBEM
2006-11-26 15:00 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 14:38 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-26 14:37 <KANSIO> d-------- C:\Program Files\Microsoft.NET
2006-11-26 14:37 <KANSIO> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-26 14:37 <KANSIO> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-25 14:35 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-11-25 14:35 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-25 14:30 <KANSIO> d-------- C:\Config.Msi
2006-11-24 00:24 <KANSIO> d-------- C:\80_LUKU
2006-11-24 00:22 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-11-24 00:21 <KANSIO> d-------- C:\Program Files\DVD Shrink
2006-11-23 13:14 <KANSIO> d-------- C:\WINDOWS\SHELLNEW
2006-11-23 13:14 <KANSIO> d-------- C:\Program Files\Microsoft Office
2006-11-23 13:13 <KANSIO> dr-h----- C:\MSOCache
2006-11-23 12:42 <KANSIO> d-------- C:\WINDOWS\system32\fi-fi
2006-11-23 12:41 <KANSIO> d--h-c--- C:\WINDOWS\ie7
2006-11-23 12:39 <KANSIO> d-------- C:\WINDOWS\network diagnostic
2006-11-22 13:55 <KANSIO> d-------- C:\Program Files\DVD Decrypter
2006-11-22 13:08 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4119343L.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-21 01:10 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-18 14:06 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Macromedia
2006-12-17 20:07 -------- d-------- C:\Program Files\Ahead
2006-12-17 20:02 -------- d-------- C:\Program Files\Common Files
2006-12-16 22:01 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-16 19:43 451072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe
2006-12-14 13:10 -------- d-------- C:\Program Files\Outlook Express
2006-12-14 13:10 -------- d-------- C:\Program Files\Common Files\System
2006-12-13 11:53 -------- d---s---- C:\Documents and Settings\Omistaja\Application Data\Microsoft
2006-12-13 00:32 -------- d-------- C:\Program Files\Java
2006-12-09 11:07 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-09 10:55 -------- d-------- C:\Program Files\Ubisoft
2006-12-07 08:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-26 15:05 -------- d-------- C:\Program Files\Internet Explorer
2006-11-26 14:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-25 14:31 -------- d-------- C:\Program Files\Elisa Tietoturvapalvelu
2006-11-20 11:25 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-11-20 11:22 -------- d-------- C:\Program Files\epson
2006-11-16 21:51 -------- d-------- C:\Program Files\MSN Messenger
2006-11-16 21:16 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Identities
2006-11-16 05:47 118842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-4119343L.exe
2006-11-16 05:44 -------- d-------- C:\Program Files\Adobe
2006-11-16 05:23 -------- d-------- C:\Program Files\Movie Maker
2006-11-16 05:22 -------- d-------- C:\Program Files\Windows NT
2006-11-16 05:22 -------- d-------- C:\Program Files\NetMeeting
2006-11-16 05:03 -------- d-------- C:\Program Files\xerox
2006-11-16 05:03 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-16 05:02 -------- d--h----- C:\Program Files\Uninstall Information
2006-11-16 05:02 -------- d-------- C:\Program Files\Common Files\Java
2006-11-16 05:02 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Sun
2006-11-16 05:01 0 -rahs---- C:\MSDOS.SYS
2006-11-16 05:01 0 -rahs---- C:\IO.SYS
2006-11-16 05:01 0 --a------ C:\CONFIG.SYS
2006-11-16 05:01 0 --------- C:\AUTOEXEC.BAT
2006-11-16 05:00 -------- d-------- C:\Program Files\Online Services
2006-11-16 05:00 -------- d-------- C:\Program Files\Common Files\Services
2006-11-16 05:00 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-11-16 04:59 -------- d--h----- C:\Program Files\WindowsUpdate
2006-11-16 04:59 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-16 04:59 -------- d-------- C:\Program Files\MSN
2006-11-16 04:59 -------- d-------- C:\Program Files\ComPlus Applications
2006-11-15 23:53 -------- d-------- C:\Program Files\BitComet
2006-11-15 22:09 -------- d-------- C:\Program Files\WinRAR
2006-11-15 21:30 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Help
2006-11-15 21:14 -------- d-------- C:\Program Files\Windows Media Player
2006-11-15 21:12 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-11-15 21:12 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-11-15 21:12 -------- d-------- C:\Program Files\Messenger
2006-11-15 20:52 -------- d-------- C:\Program Files\DAEMON Tools
2006-11-15 20:50 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-15 20:49 -------- d-------- C:\Program Files\WinImage
2006-11-15 20:27 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Mozilla
2006-11-15 20:11 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-15 20:11 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\AdobeUM
2006-11-15 20:11 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Adobe
2006-11-15 20:03 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\F-Secure
2006-11-15 19:54 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\PEX
2006-11-15 19:53 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\ispnews
2006-11-15 18:54 62 --ahs---- C:\Documents and Settings\Omistaja\Application Data\desktop.ini
2006-11-15 18:54 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-15 18:54 -------- d-------- C:\Program Files\Common Files\ODBC
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-20 03:39 713728 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ATI Remote Control"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"EPSON Stylus DX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADE.EXE /P26 \"EPSON Stylus DX4800 Series\" /O6 \"USB001\" /M \"Stylus DX4800\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ispnews"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elisa Tietoturvapalvelu\\FSGUI\\ispnews.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 06-12-21 1:13:36.25
C:\ComboFix.txt ... 06-12-21 01:13
C:\ComboFix2.txt ... 06-12-19 11:42

Gingered · Dec 20, 2006

Kerroppa Hujo mulle miks toi Hijackthis.exe pitää välillä joidenki muuttaa skanneri.exe:ksi????

Hujo · Dec 20, 2006

sillä Huijataan örkkiä että saadaan lokiiin näkyville.

Gingered · Dec 24, 2006

Okei. Mut toi itse ongelma ei kyl oo vielä poistunu. Jostain sivustolta luin, että office 2003:lla olis jotain tekemistä ton hässäkän kanssa. Aika huono toi ulkomaankielen taito, ni ihan kaikki ei menny jakeluu...

Log in or Sign up

Svchost.exe käyttää 100 % cpu:ta, eikä tule kuntoon millään...

Gingered Member

Gingered Member

Hujo Guest

Gingered Member

Gingered Member

Hujo Guest

Gingered Member

Hujo Guest

Gingered Member

Hujo Guest

Gingered Member

Gingered Member

Hujo Guest

Gingered Member

Share This Page

Log in or Sign up

Svchost.exe käyttää 100 % cpu:ta, eikä tule kuntoon millään...

Gingered Member

Gingered Member

Hujo Guest

Gingered Member

Gingered Member

Hujo Guest

Gingered Member

Hujo Guest

Gingered Member

Hujo Guest

Gingered Member

Gingered Member

Hujo Guest

Gingered Member

Share This Page

Useful Searches