HJT-logi tarkastukseen

Alkanu kone pikku hiljaa sekoilla niin ajattelin tulla näyttämään:

Logfile of HijackThis v1.99.1
Scan saved at 17:47:24, on 19.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Netlimiter\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Acer\Omat tiedostot\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acer Media Server - Unknown owner - C:\Program Files\acer\Acer eConsole\MediaServerService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\Netlimiter\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

No tuossa lokissasi ei näy ihmeempää(Odota kuitenkin että joku osaavampi sen vielä katsoo!!)

Millä lailla kone on sekoillut?

 

kone jumittaa jo sisäänkirjautumisekohdassa, niin ettei päästä sisään tai jos pääsee niin ei pysty tehdä mitään. Vikasietotilassa kun kone toimii niin poistin muutamat aloituksessa heti päälle menevät ohjelmat niin alkoi pikku hiljaa toimimaan. Mutta välillä vieläkin sekoilee.

 

Vainiin.

Olethan skannannut koneen Avastilla? Ja eWidolla?

Hae eWido täältä, kun sinulla ei näy sitä olevan:

http://keskustelu.afterdawn.com/thread_view.cfm/269186

Seuraa ohjeita, skannaa eWidolla ja lähetä sen loki tänne.

 

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:01:00, 19.2.2006
+ Report-Checksum: 56E72D9

+ Scan result:

:mozilla.11:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\2zxps9kw.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Realcastmedia : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\vwg09hgm.Oletuskäyttäjä\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-3477001925-1637353623-494557079-1006\Dc41.tmp/LMSetup2.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup

 

Ok.Hijack logiisi vastaus:

Koneellasi on nortonin jämä servicenä:

Poistetaan se

käynnistä -> suorita -> cmd

sc stop Symantec Network Drivers Service
sc delete Symantec Network Drivers Service

Boottaa kone, ja lähetä uusi hijackthis loki ja kerro auttoiko.

Lisäksi koneellasi on turhia ohjelmia käynnistyksessä. Katso voitko niitä sammutella.

Run: [ntiMUI] < CD ohjelma
Run: [IMJPMIG8.1] < itämäisien kielien tulkki
Run: [MSPY2002] < itämäisien kielien tulkki
Run: [MediaSync] < ???
Run: [SunJavaUpdateSched] < Javan päivitys
Startup: Adobe Gamma.lnk < Acrobat Reader
Startup: Adobe Reader Speed Launch.lnk < Acrobat Reader

käynnistä -> suorita ->msconfig

Valitse "Käynnistys" välilehti

Etsi ohjelma, jonka ei tarvitse käynnistyä.
Ota merkki pois ruudusta > Käytä > ok.

Bootin jälkeen tulevaan ikkunaan merkki ruutuun ja ok.

 

Lisäys
käynnistä -> suorita -> cmd

Kirjoita ruutuun:

sc stop Symantec Network Drivers Service
sc delete Symantec Network Drivers Service

 

Saako käynnistyksen aikaan käynnistyviin ohjelmiin itse jollain tavalla lisättyä ohjelmia, kun ei joka kerta jaksaisi laittaa palomuuria päälle erikseen? Kiitos kaikesta avusta. Noista symantecin poisto jutuista vielä kun kirjoitin antamasi komennot tuli vastaus:
"C:\Documents and Settings\Acer>sc stop symantec network drivers service
[SC] OpenService FAILED 1060:
Mõõritettyõ palvelua ei ole asennettu.".
Joten onko ohjelma poistettu kunnolla vai onko kone enemmän sekaisin?

 

Sinullahan on Zone Alarm niin laita sen asetuksista nyt hyvänen aika se automaattisesti käynnistymään ennekuin kone on sekaisin.



Overview -> preferences
Tämän näköiset pitäisi olla asetukset!
[bold]Load ZoneAlarm at startup [/bold]

 

Käynnistä kone vikasietotilaan ja poista kansio:

C:\Program Files\Common Files\ >>>Symantec Shared\ <<<

 

Taitaa toi Zone Alarm jotenki sekottaa tota tietokonetta. Kun laitoin sen käynnistyksen yhteydessä käynnistymään, niin ei seuraavalla kerralla kone käynnistynyt.

 

Eikö voi poistaa normaalissa tilassa?

 

Voi poistaa, jos vaan lähtee pois