Eli tarvis taas apua samaan vanhaan asiaan. Kone on pirun hidas. tässä olis hijack loki ja karspersky raportti Logfile of HijackThis v1.99.1 Scan saved at 23:12:53, on 12.2.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\The Aras\Omat tiedostot\Spyware programs\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [bike open] C:\DOCUME~1\THEARA~1\APPLIC~1\BARBMP~1\READMETHAT.exe O4 - HKCU\..\Run: [BitComet Acceleration Patch] C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\BitComet Acceleration Patch\BitComet Acceleration Patch.lnk O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_18) - http://javadl-esd.sun.com/update/1.3.1/jinstall-13-win32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{42145DFB-0C9B-4349-9E70-EAE0DA0643ED}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A62D41-82C4-48D2-8FF6-78E29A697E20}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{C3906E15-31F7-4101-98DE-ABFDC2B140A5}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{42145DFB-0C9B-4349-9E70-EAE0DA0643ED}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{42145DFB-0C9B-4349-9E70-EAE0DA0643ED}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus -ohjelman automaattinen suojaus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Monday, February 12, 2007 9:17:39 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 12/02/2007 Kaspersky Anti-Virus database records: 267092 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 46903 Number of viruses found 2 Number of infected objects 2 / 0 Number of suspicious objects 0 Duration of the scan process 01:36:19 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\EXITCURBINSIDENOUN\License 2 bows Object is locked skipped C:\Documents and Settings\All Users\Application Data\EXITCURBINSIDENOUN\regseach.exe Infected: Trojan.Win32.Obfuscated.bt skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-02-12_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\The Aras\Cookies\index.dat Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Temp\Free Download Manager\tic2.tmp Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Temp\Free Download Manager\tic20.tmp Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\The Aras\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\The Aras\NTUSER.DAT Object is locked skipped C:\Documents and Settings\The Aras\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{DFD76601-70A6-4C89-BEAA-583F34879080}\RP3\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_7d0.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
Noilla tehoilla en yhtään ihmettele että koneesi on hidas kun käytät nortonia.. Suosittelen pienemmillä tehoilla käyttämää Sygate palomuuria ja Antivir virus ohjelmaa jotka saat seuraavista osoitteista: http://www.savefile.com/download/267503?PHPSESSID=aafc95ac687dbf4c2aca0a0d0e368453 http://www.majorgeeks.com/downloadget.php?id=955&file=11&evp=b7cc93b8a46387032dd7756deb50bbbd -- Onko koneesi hidas? Tässä muutama ohje sen viritykseen. Lataa tuosta Startup niminen ohjelma ja asenna se: http://www.mlin.net/files/StartupCPL.zip Ohjelma tulee näkyviin Ohjauspaneeliisin nimellä Startup. Sillä voit ottaa koneen käynnistyksen yhteydessä käynnistyviä turhia ohjelmia pois. Esim: Adobe Reader Speed Launch, Neron BgMonitor, Nero FilterCheck, iTunesHelper, Messenger, SoundMan, CTFMON, Winamp Agent, Real Player Update (Real Sched), Quicktime yms. Lataa tuosta CCleaner ja asenna se: http://ccleaner.com/download/downloadpage.aspx?1 Kun asennat tätä ohjelmaa niin älä asenna sen mukana tulevaa yahoo-toolbaria. Tämä ohjelma etsii ja poistaa ns. turhia tiedostoja koneeltasi eli esim: temp tiedostot ja tällä saat myös puhdistettua rekisterisi. Lataa tuosta RegSeeker ja pura se: http://fileforum.betanews.com/download/RegSeeker/1035382760/1 Pura se haluamaasi kansioo ja käynnistä tiedosto nimeltä RegSeeker.exe. Ohjelma oikeassa yläkulmassa näet painikkeen 'languages', paina sitä ja aseta kieleksi suomi! Sen jälkeen paina vasemmassa laidassa olevaa painiketta 'Puhdista Rekisteri' ja sen jälkeen 'OK'. Odota että skannaus loppuu ja paina 'valitse' ja sitten 'valitse kaikki'. Sitten klikkaat hiiren oikealla jotain ohjelman löytänyttä kohdetta ja paina 'poista valitut kohteet', hyväksy poisto, hyväksy varmuuskopionluonti ja käynnistä kone uudelleen. Jos jotain ongelmia niin backupit saat palautettua 'varmuuskopiot' valikosta. -- Kerroppa mikä tuo on? O4 - HKCU\..\Run: [bike open] C:\DOCUME~1\THEARA~1\APPLIC~1\BARBMP~1\READMETHAT.exe Ja sit suosittelen päivittämään ton javan. Mene käynnistä -> asetukset -> ohjauspaneeli -> Java -> Update välilehti ja painat update painiketta. -- O17 - HKLM\System\CCS\Services\Tcpip\..\{42145DFB-0C9B-4349-9E70-EAE0DA0643ED}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{C2A62D41-82C4-48D2-8FF6-78E29A697E20}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\..\{C3906E15-31F7-4101-98DE-ABFDC2B140A5}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{42145DFB-0C9B-4349-9E70-EAE0DA0643ED}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{42145DFB-0C9B-4349-9E70-EAE0DA0643ED}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 ^ Sit jos joku viisas viel kertoo mitä nuo on?
