Logfile of HijackThis v1.99.1 Scan saved at 17:01:48, on 4.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\devldr32.exe C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\Program\fspex.exe C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\FSGK32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fssm32.exe c:\jetsuite\jsdaemon.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMB32.EXE C:\MSSQL7\binn\sqlservr.exe C:\Program Files\Elisa Tietoturvapalvelu\Common\FCH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\Common\FAMEH32.EXE C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsav32.exe C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\fsguiexe.exe C:\WINDOWS\system32\wuauclt.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://elisa.net/paketti/haku.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://elisa.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://elisa.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://elisa.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Elisa Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;<local> F3 - REG:win.ini: load= O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Elisa Tietoturvapalvelu\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Elisa Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Elisa Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {173228EE-965D-4C1F-8B0E-88204B22F4A2} - http://tuki.elisa.net/ (file missing) (HKCU) O9 - Extra button: SMS-viesti - {2768A10F-5453-406C-9163-690D5B1F4DFC} - http://sms.kolumbus.fi/ (file missing) (HKCU) O9 - Extra button: Palvelut - {80D3207D-401E-4246-9A87-3C39571FB5DE} - http://service.kolumbus.fi/ (file missing) (HKCU) O9 - Extra button: SMS - {AD306DA3-C1AF-4022-B943-B71B6CE733CD} - http://sms.kolumbus.fi/ (file missing) (HKCU) O9 - Extra button: Service - {B0D4D425-E40D-402E-91BF-9BF150E15B52} - http://service.kolumbus.fi/ (file missing) (HKCU) O9 - Extra button: Tuki - {F7523809-AAFA-4D05-A022-557C63375BB1} - http://tuki.elisa.net/ (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/ O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O23 - Service: Elisa Tietoturvapalvelu (BackWeb Plug-in - 4119343) - Unknown owner - C:\PROGRA~1\ELISAT~1\backweb\4119343\Program\SERVIC~1.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Elisa Tietoturvapalvelu\backweb\4119343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Elisa Tietoturvapalvelu\Common\FSMA32.EXE O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe Löytyiskö jotain epätavallista tai kuulumatonta. laitoin merkille,että svchost.exejä on 5 kpl TaskManagerista katsottuna.( Local Service 4004K,Network service 2760K, System 18752K, Network service 3944K ja vielä system 4216K.???
Eipä juuri. Tuon voit fixata HjT:llä (do a system scan only, merkkaa ja paina fix checked): F3 - REG:win.ini: load= Ja svchost.exejä voi olla päällä 1-6 kpl, eli normaalia. Kuinka korkealla on lämmöt?
Hmonitor Version 4.2.2.2 Pro (Trial) H/W diagnostics info: Windows XP Professional Version 5.1.2600 Service Pack 2 M/B Chipset: Intel 820 Main Sensor: AS99127F ISA port used: 290 SMB port used: E800 1st sensor: Thermistor 0 2nd sensor: Thermistor 1 3rd sensor: Transistor 0 CPU ID:0-6-7-3 BrandName:GenuineIntel Internal Freq=452,0 MHz External Freq=100,44 MHz SystemBus Freq=100,4 MHz Multiplier=4,5 Manufacturer: ASUSTeK Computer INC. Board model: P3C-2000 Version: REV 1.xx BIOS vendor: Award Software, Inc. BIOS version: ASUS P3C-2000 ACPI BIOS Revision 1011.A, Release date: 01/21/2000 Thermo control configuration: Full Throttle:100,0% CPU Low Power mode:N Win 95/98 Idle Control:N Device:None Throttle:25,0% Enable at:70,0°C Disable at:65,0°C Monitored data values: Mainboard=35,0°C CPU1=35,0°C CPU2=-31,5°C Power=4326 rpm CPU=0 rpm N/A=0 rpm +12V=+12,22V +5V=+4,98V Core=+2,03V I/O=+3,47V -12V=-12,31V -5V=-x.xxV Aux=+2,51V HDD1 (QUANTUM FIREBALLlct20 20 APL.0900) temp=xx.x°C
