kone hidas

Logfile of HijackThis v1.99.1
Scan saved at 3:40:14 AM, on 12/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\cisco.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VoipCheap\VoipCheap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\commdlg32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Microsoft Office Startup] cisco.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] cisco.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipCheap] "C:\Program Files\VoipCheap\VoipCheap.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows notepad] notpad.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\RunServices: [Windows notepad] notpad.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: commdlg (commdlg32) - Unknown owner - C:\WINDOWS\commdlg32.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

Ensinnäkin oletko varma että tarvitset todella msn ja yahoo toolbaarit?
Se hidastaa jonkin verran nettiä.

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):
O4 - HKLM\..\Run: [Microsoft Office Startup] cisco.exe
O4 - HKLM\..\RunServices: [Microsoft Office Startup] cisco.exe
O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe
O4 - HKCU\..\RunServices: [Windows notepad] notpad.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/s...
O23 - Service: commdlg (commdlg32) - Unknown owner - C:\WINDOWS\commdlg32.exe

Karsi nämäkin makuusi eli suosittelen fixamaan:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Sitten käynnistä -> suorita -> services.msc -> ok.
Etsi listalta "commdlg", tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä"

Hae eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm
tee ohjeiden mukaan päivitys. Päivitä samalla ewido!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Vikasietotila>>>>>>>>>>>>>>>>>>>>>>>>>>>

Poista:
C:\WINDOWS\System32\-->cisco.exe<--

Scannaa nyt kone vikasietotilassa eScanilla ja ewidolla.
tallenna ewidon raportti ja eScannin örkkilöydöt eli se alempi laatikko ja liitä uuden Hjt lokin kerta tänne! eli 3 lokia.

Päivitä windows!

 

Poista myös tämä siellä vikasiedossa:

C:\WINDOWS\==>commdlg32.exe<==

 

Logfile of HijackThis v1.99.1
Scan saved at 11:55:39 PM, on 12/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VoipCheap\VoipCheap.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [VoipCheap] "C:\Program Files\VoipCheap\VoipCheap.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:58:52 PM, 12/31/2005
+ Report-Checksum: 38DEF439

+ Scan result:

C:\Documents and Settings\cabdi\Cookies\anyuser@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@adtech[2].txt -> Spyware.Cookie.Adtech : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@advertising[1].txt -> Spyware.Cookie.Advertising : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@atdmt[2].txt -> Spyware.Cookie.Atdmt : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@centrport[1].txt -> Spyware.Cookie.Centrport : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@com[2].txt -> Spyware.Cookie.Com : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@ehg-lowermybills.hitbox[1].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@ehg-melbourneit.hitbox[1].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@fastclick[2].txt -> Spyware.Cookie.Fastclick : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@hitbox[2].txt -> Spyware.Cookie.Hitbox : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@qksrv[2].txt -> Spyware.Cookie.Qksrv : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@revenue[2].txt -> Spyware.Cookie.Revenue : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@targetnet[1].txt -> Spyware.Cookie.Targetnet : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@valueclick[1].txt -> Spyware.Cookie.Valueclick : Ignored
C:\Documents and Settings\cabdi\Cookies\cabdi@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Ignored


::Report End

ESCAN

File C:\WINDOWS\system32\cisco.exe infected by "Backdoor.Win32.Rbot.adf" Virus. Action Taken: File Renamed.
File C:\WINDOWS\commdlg32.exe infected by "Backdoor.Win32.SdBot.aad" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\lapset\Local Settings\Temporary Internet Files\Content.IE5\OVZ3CS1S\sinstaller[1].exe tagged as not-a-virus:AdWare.Win32.Comet.c. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\40202506.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton AntiVirus\Quarantine\403E1EE5 infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\RECYCLER\S-1-5-21-515967899-492894223-1708537768-1003\Dc1.exe infected by "Backdoor.Win32.SdBot.aad" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP2\A0000076.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP6\A0001291.DLL tagged as not-a-virus:AdWare.Win32.MyWebSearch.i. No Action Taken.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP6\A0001292.DLL tagged as not-a-virus:AdWare.Win32.MyWebSearch.l. No Action Taken.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP6\A0002272.DLL tagged as not-a-virus:AdWare.Win32.MySearch.g. No Action Taken.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP6\A0002276.dll tagged as not-a-virus:AdWare.Win32.MySearch.g. No Action Taken.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP8\A0002332.exe infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP8\A0002333.exe infected by "Backdoor.Win32.SdBot.yx" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0007415.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0007420.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0009442.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0009522.dll tagged as not-a-virus:AdWare.Win32.Comet.c. No Action Taken.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0010446.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0011453.exe infected by "Backdoor.Win32.SdBot.aad" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0011478.exe infected by "Backdoor.Win32.SdBot.aad" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0011550.exe infected by "Backdoor.Win32.Rbot.adf" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0011551.exe infected by "Backdoor.Win32.SdBot.aad" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0011552.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{7F1FABE8-9178-4658-8E84-EE3DD87770A1}\RP9\A0011553.exe infected by "Backdoor.Win32.SdBot.aad" Virus. Action Taken: File Renamed.


En löytänyt C:\WINDOWS\System32\-->cisco.exe<-- vaan cisvo, en kuitenkaan poistanut sitä. Poistin C:\WINDOWS\==>commdlg32.exe<==

 

Joo, tuo eScan uudelleennimesi sen C:\WINDOWS\System32\cisco.exe:n.
Näköjään et halunnu poistaa noita ewidon löytämiä evästeitä?

Tyhjennä nämä hakemistot:

C:\Program Files\Norton AntiVirus\Quarantine\
C:\Documents and Settings\lapset\Local Settings\Temporary Internet Files\

Ja jos haluat nuo örkit pois järjestelmän palautuksesta, tee näin:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

 

kone tukossa PASK** kannattas suoraa format C ja asentaaa vaan tärkeitä ohjelmia... ja lukea mitää asentaa. =)
Helpompaa ja ehkä hiukan nopeampaa???

 

@iBaL: Niin nuo örkit on saatu jo pois noilla kahdella ohjelmalla, että silleen

EDIT: Ai nii, ja laitas oma HjT-lokis, niin katotaan mitä p***aa siellä sun koneessa on

 

@iBaL:

Kyllä tämä taitaa vielä "vähän" nopeammin näin hoitua, kuin asentamalla kaiken uudestaan. Toki kaikki voivat itse aina tehdä valinnan, ja jos koneella ei mitään tärkeää ole toki uudelleenasennuskin voi olla joskus järkevä vaihtoehto...

 

hah hello