Tietämätön kun olen, niin voiskos joku vilkaista tätä ja kertoa tartteskos tehdä jotain? Logfile of HijackThis v1.99.1 Scan saved at 16:33:17, on 18.3.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Kari\Työpöytä\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "D:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129133050057 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1130476268015 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: ISSvc (ISSVC) - Symantec Corporation - D:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Hijack This omaan kansioonsa tuohon C:n juureen, eli vaikka näin: C:\Hijack This\HijackThis.exe Muuten loki on puhdas minun silmilleni. Mitä oireita koneessa on ollut?
Ensinnäkin kiitos ja kumarrus ripeästä toiminnasta. Jonkun verran kone on hidastunut esim. nettiyhteydet eivät ole yhtä virkeitä kuin aikaisemmin.
Ehkä siellä on jotain konetta kuormittavaa kuonaa jäänyt. Hae ja aja Ewido: (Ohjeet ja lataus): http://keskustelu.afterdawn.com/thread_view.cfm/269186 Päivitä se, ja aja Full System Scan. Tallenna raportti, ja lähetä se tänne(Samalla lailla kuin hjt-lokikin)
Tuommoiselta se sitten näytti --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 7:30:41, 19.3.2006 + Report-Checksum: 87F6FD90 + Scan result: :mozilla.13:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.14:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.16:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup :mozilla.18:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.19:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.34:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.35:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.36:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.37:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.44:C:\Documents and Settings\Kari\Application Data\Mozilla\Firefox\Profiles\bwk77jx4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup ::Report End
Hmm... Keksejä se vain löysi. Ajappa vielä eScan: Ohjeet ja lataus täällä: http://koti.mbnet.fi/pattaya1/escanmwav.htm Seuraa ohjeita tarkasti, ja muista päivittää! Aja se, ja kopioi skannauksessa alemman laatikon örkkilöydökset tänne
On aivan tavallista, että kone hidastuu kun sinne tulee lisää ohjelmia. Seuraavt voit makusi mukaan fixata pois, turhaan käynnistymästä: O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
