toiset käyttäjätilit jumittaa

saman tietokoneen toiset käyttäjätilit toimii iha hyvi ja toiset jumittaa koko ajan ja on tosi hitaita. Täs on nyt viel hjt-logi

Logfile of HijackThis v1.99.1
Scan saved at 16:00:42, on 4.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\Program Files\MaxMusic\Bin\scServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsrw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\PROGRA~1\SONERA~1\ANTI-S~1\fsaw.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguidll.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hijack this\HijackThis_v1.99.1[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Sonera Tietoturva\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Sonera Tietoturva.lnk = C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Sonera Tietoturva\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web01.ifi.fi/Webupload/ActiveX/IfiUploader.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Sonera Tietoturva - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: scMaxMusic - Unknown owner - C:\Program Files\MaxMusic\Bin\scServer.exe

 

escan ajo

Ohjeet tuolla sivulla.
http://koti.mbnet.fi/pattaya1/escanmwav.htm

lataa tuosta
http://www.spywareinfo.dk/download/mwav.exe

päivitä tuosta
http://koti.mbnet.fi/pattaya1/lataus/Mwav.bat

laita täpit merkkauksien mukaan
http://koti.mbnet.fi/pattaya1/eScan6.jpg

scannaa

jos ala luukkuun tulee jotain niin kopioi se näin:

Käytä komentoa Ctrl+A.
Kopioi rivit komennolla Ctrl+C.
Liitä rivit komennolla Ctrl+V.

Laita virus log tänne.

 

File C:\Documents and Settings\Riitta\Local Settings\Temporary Internet Files\Content.IE5\LJNFL10E\ErrorSafeFreeInstall_fi[1].exe tagged as not-a-virusownloader.Win32.WinFixer.d. No Action Taken.
File C:\NoLopBackups\Bin Admin.exe.01.infected tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\NoLopBackups\Blehmulti.exe.03.infected tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\NoLopBackups\Meta Store.exe.06.infected tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.
File C:\NoLopBackups\Third Info.exe.08.infected tagged as not-a-virus:AdWare.Win32.Lop.bb. No Action Taken.

 

laita piilotiedostot näkyviin.
* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.



etsi tuota polkua seuraten ja poista
C:\Documents and Settings\Riitta\Local Settings\Temporary Internet Files\Content.IE5\LJNFL10E\ErrorSafeFreeInstall_fi[1].exe

 

kiitos vaa avust mut ei tää kone toimi nyttekää yhtää sen paremmi

 

1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
tiedosto työpöydällesi.
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

Omistaja - 06-12-07 17:24:44,95 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Omistaja\Ty”p”yt„"

((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-05 11:35 <KANSIO> d-------- C:\Downloads
2006-12-05 11:35 <KANSIO> d-------- C:\Bases
2006-12-01 12:31 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Samsung
2006-12-01 12:25 80,272 -ra------ C:\WINDOWS\system32\drivers\sscdbus.sys
2006-12-01 12:25 137,884 -ra------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2006-12-01 12:25 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2006-12-01 12:25 11,877 -ra------ C:\WINDOWS\system32\drivers\sscdcm.sys
2006-12-01 12:25 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2006-12-01 12:25 11,188 -ra------ C:\WINDOWS\system32\drivers\sscdwh.sys
2006-12-01 12:25 10,864 -ra------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2006-11-30 16:22 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Apple Computer
2006-11-30 16:21 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\ConvertTemp
2006-11-30 16:17 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Samsung
2006-11-30 07:40 <KANSIO> d-------- C:\Program Files\MSXML 4.0
2006-11-30 07:40 <KANSIO> d-------- C:\4180c0c0331758c11361
2006-11-29 16:30 77,824 --a------ C:\WINDOWS\system32\fun_mp4_dec.dll
2006-11-29 16:30 684,032 --a------ C:\WINDOWS\system32\fun_mp4_enc.dll
2006-11-29 16:30 2,729,472 --a------ C:\WINDOWS\system32\fun_avcodec.dll
2006-11-29 16:30 <KANSIO> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2006-11-29 16:01 <KANSIO> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2006-11-29 16:01 <KANSIO> d-------- C:\Program Files\Samsung
2006-11-29 14:40 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\Adobe
2006-11-23 18:54 <KANSIO> d-------- C:\Kaspersky
2006-11-19 18:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-17 12:49 <KANSIO> d-------- C:\Program Files\eMule
2006-11-14 19:11 <KANSIO> d--hs---- C:\found.001
2006-11-13 15:11 <KANSIO> d-------- C:\Program Files\MaxMusic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-04 16:00 -------- d-------- C:\Program Files\hijack this
2006-12-04 15:46 -------- d-------- C:\Program Files\DC++
2006-12-01 13:27 -------- d---s---- C:\Documents and Settings\Omistaja\Application Data\Microsoft
2006-12-01 12:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-30 16:14 -------- d-------- C:\Program Files\BitComet
2006-11-28 18:35 -------- d-------- C:\Program Files\Google
2006-11-28 14:40 -------- d-------- C:\Program Files\QuickTime
2006-11-28 14:06 -------- d-------- C:\Program Files\Apple Software Update
2006-11-19 17:56 -------- d-------- C:\Program Files\Internet Explorer
2006-11-19 17:51 -------- d-------- C:\Program Files\Java
2006-11-09 16:11 -------- d-------- C:\Program Files\Paint Shop Pro 6
2006-11-04 15:55 -------- d-------- C:\Documents and Settings\Omistaja\Application Data\Template
2006-11-04 15:54 0 --a------ C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-13 07:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\ATI-CPanel\\atiptaxx.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"F-Secure Manager"="\"C:\\Program Files\\Sonera Tietoturva\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Sonera Tietoturva\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Sonera Tietoturva\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Sonera Tietoturva\\FSGUI\\ispnews.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-07 17:25:59.89
C:\ComboFix.txt ... 06-12-07 17:25