HTJ ja muut logit...koneessa oli monta pöpöä... nyt joku auto.inf kiusaa =)

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by zappan, Dec 31, 2011.

Thread Status:
Not open for further replies.
  1. zappan

    zappan Member

    Joined:
    Aug 12, 2008
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    16
    Moikka,

    mun pikku nerot vähän fiksaili... poistelivat ohjelmia ja sitten hyökkäsi trojat ja muut =) sain kaikki fiksaittua että näyttäisi olevan puhdas =) mutta koko ajan avira blokkailee jotain auto.inf.. ei kauheita ongelmia kyllä mutta varmasti te hakacompuutterienkelit löydätte poikien koneesta korjattavaa =)

    Ihanasti mukavasti kiitos ja ihanaa uuuttavuotta
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:10:33, on 31.12.2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Eeva\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google-päivityspalvelu (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6147 bytes

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.28.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Eeva :: EEVA-LAPTOP [administrator]

    28.12.2011 21:01:46
    mbam-log-2011-12-28 (21-01-46).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 180026
    Time elapsed: 42 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    Avira Free Antivirus
    Report file date: 28. joulukuuta 2011 21:55

    Scanning for 2987526 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Eeva
    Computer name : EEVA-LAPTOP

    Version information:
    BUILD.DAT : 12.0.0.872 41826 Bytes 12/15/2011 17:24:00
    AVSCAN.EXE : 12.1.0.18 490448 Bytes 12/24/2011 22:54:24
    AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/23/2011 11:34:56
    LUKE.DLL : 12.1.0.17 68304 Bytes 9/23/2011 10:55:16
    AVSCPLR.DLL : 12.1.0.21 99536 Bytes 12/19/2011 20:24:08
    AVREG.DLL : 12.1.0.27 227536 Bytes 12/19/2011 20:24:07
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 09:07:39
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 22:54:22
    VBASE003.VDF : 7.11.19.171 2048 Bytes 12/20/2011 22:54:22
    VBASE004.VDF : 7.11.19.172 2048 Bytes 12/20/2011 22:54:22
    VBASE005.VDF : 7.11.19.173 2048 Bytes 12/20/2011 22:54:22
    VBASE006.VDF : 7.11.19.174 2048 Bytes 12/20/2011 22:54:22
    VBASE007.VDF : 7.11.19.175 2048 Bytes 12/20/2011 22:54:22
    VBASE008.VDF : 7.11.19.176 2048 Bytes 12/20/2011 22:54:22
    VBASE009.VDF : 7.11.19.177 2048 Bytes 12/20/2011 22:54:22
    VBASE010.VDF : 7.11.19.178 2048 Bytes 12/20/2011 22:54:22
    VBASE011.VDF : 7.11.19.179 2048 Bytes 12/20/2011 22:54:22
    VBASE012.VDF : 7.11.19.180 2048 Bytes 12/20/2011 22:54:22
    VBASE013.VDF : 7.11.19.217 182784 Bytes 12/22/2011 22:54:22
    VBASE014.VDF : 7.11.19.255 148480 Bytes 12/24/2011 22:54:22
    VBASE015.VDF : 7.11.20.29 164352 Bytes 12/27/2011 19:45:49
    VBASE016.VDF : 7.11.20.30 2048 Bytes 12/27/2011 19:45:50
    VBASE017.VDF : 7.11.20.31 2048 Bytes 12/27/2011 19:45:50
    VBASE018.VDF : 7.11.20.32 2048 Bytes 12/27/2011 19:45:50
    VBASE019.VDF : 7.11.20.33 2048 Bytes 12/27/2011 19:45:51
    VBASE020.VDF : 7.11.20.34 2048 Bytes 12/27/2011 19:45:51
    VBASE021.VDF : 7.11.20.35 2048 Bytes 12/27/2011 19:45:51
    VBASE022.VDF : 7.11.20.36 2048 Bytes 12/27/2011 19:45:51
    VBASE023.VDF : 7.11.20.37 2048 Bytes 12/27/2011 19:45:52
    VBASE024.VDF : 7.11.20.38 2048 Bytes 12/27/2011 19:45:52
    VBASE025.VDF : 7.11.20.39 2048 Bytes 12/27/2011 19:45:54
    VBASE026.VDF : 7.11.20.40 2048 Bytes 12/27/2011 19:45:54
    VBASE027.VDF : 7.11.20.41 2048 Bytes 12/27/2011 19:45:55
    VBASE028.VDF : 7.11.20.42 2048 Bytes 12/27/2011 19:45:55
    VBASE029.VDF : 7.11.20.43 2048 Bytes 12/27/2011 19:45:55
    VBASE030.VDF : 7.11.20.44 2048 Bytes 12/27/2011 19:45:55
    VBASE031.VDF : 7.11.20.59 133120 Bytes 12/28/2011 19:46:00
    Engineversion : 8.2.8.14
    AEVDF.DLL : 8.1.2.2 106868 Bytes 12/19/2011 20:23:59
    AESCRIPT.DLL : 8.1.3.95 479612 Bytes 12/28/2011 19:47:36
    AESCN.DLL : 8.1.7.2 127349 Bytes 9/1/2011 21:46:02
    AESBX.DLL : 8.2.4.5 434549 Bytes 12/19/2011 20:24:05
    AERDL.DLL : 8.1.9.15 639348 Bytes 9/8/2011 21:16:06
    AEPACK.DLL : 8.2.15.1 770423 Bytes 12/19/2011 20:23:52
    AEOFFICE.DLL : 8.1.2.24 201084 Bytes 12/19/2011 20:23:28
    AEHEUR.DLL : 8.1.3.12 4268407 Bytes 12/28/2011 19:47:30
    AEHELP.DLL : 8.1.18.0 254327 Bytes 12/19/2011 20:22:21
    AEGEN.DLL : 8.1.5.17 405877 Bytes 12/19/2011 20:22:15
    AEEMU.DLL : 8.1.3.0 393589 Bytes 9/1/2011 21:46:01
    AECORE.DLL : 8.1.24.3 201079 Bytes 12/28/2011 19:46:06
    AEBB.DLL : 8.1.1.0 53618 Bytes 9/1/2011 21:46:01
    AVWINLL.DLL : 12.1.0.17 27344 Bytes 9/23/2011 10:13:18
    AVPREF.DLL : 12.1.0.17 51920 Bytes 9/23/2011 09:53:57
    AVREP.DLL : 12.1.0.17 179408 Bytes 9/23/2011 09:55:01
    AVARKT.DLL : 12.1.0.19 208848 Bytes 12/24/2011 22:54:24
    AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 9/23/2011 09:34:37
    SQLITE3.DLL : 3.7.0.0 398288 Bytes 9/16/2011 00:05:58
    AVSMTP.DLL : 12.1.0.17 62928 Bytes 9/23/2011 10:03:47
    NETNT.DLL : 12.1.0.17 17104 Bytes 9/23/2011 10:58:06
    RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 9/23/2011 11:37:25
    RCTEXT.DLL : 12.1.1.16 96208 Bytes 12/24/2011 22:54:20

    Configuration settings for the scan:
    Jobname.............................: Local Hard Disks
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
    Logging.............................: default
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: 28. joulukuuta 2011 21:55

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '966' files ).


    Starting the file scan:

    Begin scan in 'C:\' <Local Disk>
    Begin scan in 'D:\'


    End of the scan: 28. joulukuuta 2011 22:18
    Used time: 23:00 Minute(s)

    The scan has been done completely.

    3723 Scanned directories
    182275 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    182275 Files not concerned
    908 Archives were scanned
    0 Warnings
    0 Notes
     
    zappan, Dec 31, 2011
    #1
Thread Status:
Not open for further replies.

Share This Page