HJT-logi tarkastettavaksi

Löytyykö logista jotain sinne kuulumatonta?
Kiitos vastanneille.


Logfile of HijackThis v1.99.1
Scan saved at 10:51:28, on 23.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\APPS\EmailChecker\ech.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FI&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kiitolinja.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [Pdfquickview] C:\Program Files\PFU\ScanSnap\PDF Thumbnail View\pdfquickview.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ScanSnap Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132314288538
O17 - HKLM\System\CCS\Services\Tcpip\..\{2930A159-C909-425F-8C90-8FE7628DD68B}: NameServer = 212.63.10.250,212.63.11.250
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

Aika puhtaalta näyttää...

Mutta joku voisi vielä varmistaa.

Onko kone oireillut mitenkä?

 

Ei ole niinkään oireillut. Tarkistus on enemmänkin varotoimi, koska kyse on työkoneesta, jolla mm. hoidetaan laskut yms. Eli haluaisin varmuuden turvallisuudesta.

 

Näyttää tosiaan hyvässä kunnossa olevan kone.

Voit kokeilla vielä ewidoa jos haluat vielä varmistua:
http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaan ja lähetä Raportti tänne analysoitavaksi mikäli ajat.

 

Siinä olis Ewidion logi



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 13:30:59, 23.2.2006
+ Report-Checksum: DE695FF9

+ Scan result:

:mozilla.35:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.37:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.38:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.81:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.85:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.86:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.103:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.104:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.105:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.117:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.119:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.122:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.123:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.124:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.132:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.133:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.134:C:\Documents and Settings\HC Import Oy\Application Data\Mozilla\Firefox\Profiles\dlyp4752.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP53\A0003719.exe -> Adware.SaveNow : Cleaned with backup


::Report End

 

Adware oli mutta sekin on nyt poissa. Saat rauhassa työskennellä koneella =)

 

Kiitos kun vaivauduitte auttamaan. =)

 

Halutessasi voit asentaa koneellesi hosts tiedoston osoitteesta: http://www.mvps.org/winhelp2002/hosts.htm. Lataa sivulta löytyvä hosts.zip ja pura sisältö vaikka c:\hosttemp -hakemistoon. Aja paketista purkautunut mvps.bat. Tämän jälkeen voit poistaa tuon hakemiston. Nyt ei mainoscookieita pitäisi enää kovin helpolla löytyä ja muutenkin netin käyttö on mukavampaa.