[Rainu]

tõmbasin hijackthisi ja tegin analüüsi....
äkki saaksite pilgu peale heita....

Logfile of HijackThis v1.99.1
Scan saved at 13:06:56, on 26.02.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\windrives.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Rainu\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [Systems Backup] windrives.exe
O4 - HKLM\..\Run: [Service pack 2] svhost.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\RunServices: [Systems Backup] windrives.exe
O4 - HKLM\..\RunServices: [Service pack 2] svhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Service pack 2] svhost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBA98C10-A3E1-42EB-8C37-948693DDADC5}: NameServer = 192.168.1.1
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Systems Backup (Restores) - Unknown owner - C:\WINDOWS\System32\windrives.exe" -service (file missing)



ja kui panna see http://hijackthis.de/index.php#anl siis näitab probleemi svoots.exe-ga

[Rainu]

sorry probleem on C:\WINDOWS\System32\svhost.exe

[SKG]

[Rainu]

running process. (svhost.exe)
Added as result of a RBOT.QG worm infection This is a nasty process! You should fix it and try to delete it manually!

[Rainu]

aga point ongi selles et kuidas seda parandada ja see uss välja saada....

[HacaX]

Linnuke sissekande ette, klõps "Fix" nupul, alglaadimine ja siis kustutad konkreetselt selle SVCHOST.EXE ära (aga justnimelt selle, kuna ka aus samanimeline tegelane on masinas olemas).

PS! Edaspidi ürita informatiivseid pealkirju panna.

[Rainu]

[HacaX]

No OK, minupoolne näpukas. Pane *SVHOST.EXE* ette linnuke...