kone aika jumissa..

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by wennamo, Sep 8, 2006.

Thread Status:
Not open for further replies.
  1. wennamo

    wennamo Member

    Joined:
    Sep 8, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    oon sitkeesti yrittäny poistaa troijalaista joka avg:n mukaan on system32:ssa mutta ei siellä mitään näy..aina virus ilmoituksia satelee koneen auetessa vaikka ne kuinka poistaa ja lähettää virus vaultiin..lisää/poista lista ei anna muuta ku zone alarmin ja Adawaren tiedot ja kone on muutenki aika komeesti sekasin..netti tökkii ja kaatuu koko ajan.Mikä poijjaat neuvoksi..?Logfile of HijackThis v1.99.1
    Scan saved at 15:12:44, on 8.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
    C:\PROGRA~1\Logitech\Video\FxSvr2.exe
    C:\Program Files\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157628116578
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Last edited: Sep 8, 2006
    wennamo, Sep 8, 2006
    #1
  2. kairis

    kairis Regular member

    Joined:
    Jun 1, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    Moi. Saatko siitä AVG:sta lokia, jonka voisit lähettää tänne.
     
    kairis, Sep 9, 2006
    #2
  3. wennamo

    wennamo Member

    Joined:
    Sep 8, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    "Partition table (MBR)","- OK -","Quick checked"
    "Boot sector of disk C:","- OK -","Quick checked"
    "System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
    "System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit","","Scanned"
    "System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
    "System registry exefile\shell\open\command","","Scanned"
    "System registry scrfile\shell\open\command","","Scanned"
    "System registry scrfile\shell\config\command","","Scanned"
    "System registry batfile\shell\open\command","","Scanned"
    "System registry cmdfile\shell\open\command","","Scanned"
    "System registry comfile\shell\open\command","","Scanned"
    "System registry piffile\shell\open\command","","Scanned"
    "System registry giffile\shell\open\command","","Scanned"
    "System registry htmlfile\shell\open\command","","Scanned"
    "System registry htafile\shell\open\command","","Scanned"
    "System registry jpegfile\shell\open\command","","Scanned"
    "System registry txtfile\shell\open\command","","Scanned"
    "System registry regfile\shell\open\command","","Scanned"
    "System registry cplfile\shell\cplopen\command","","Scanned"
    "System registry Word.Document.8\shell\open\command","","Scanned"
    "System registry WordPad.Document.1\shell\open\command","","Scanned"
    "System registry inffile\shell\open\command","","Scanned"
    "System registry vbsfile\shell\open\command","","Scanned"
    "System registry vbefile\shell\open\command","","Scanned"
    "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe","- OK -","Quick checked"
    "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe","- OK -","Quick checked"
    "C:\Program Files\ATI Technologies\ATI.ACE\Runtime.bat","- OK -","Quick checked"
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE","- OK -","Quick checked"
    "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe","- OK -","Quick checked"
    "C:\Program Files\Logitech\Video\ISStart.exe","- OK -","Quick checked"
    "C:\Program Files\Logitech\Video\LogiTray.exe","- OK -","Quick checked"
    "C:\Program Files\MSN Messenger\msnmsgr.exe","- OK -","Quick checked"
    "C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe","- OK -","Quick checked"
    "C:\Program Files\Windows Defender\MSASCui.exe","- OK -","Quick checked"
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe","- OK -","Quick checked"
    "C:\WINDOWS\SOUNDMAN.EXE","- OK -","Quick checked"
    "C:\WINDOWS\regedit.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\NeroCheck.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\mshta.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\rundll32.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\shell32.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\shimgvw.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\kernel32.dll","Change","Changed"
    "C:\WINDOWS\system32\wsock32.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\user32.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\shell32.dll","Change","Changed"
    "C:\WINDOWS\system32\ntoskrnl.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\drivers\etc\hosts","- OK -","Quick checked"
     
    wennamo, Sep 11, 2006
    #3
  4. kairis

    kairis Regular member

    Joined:
    Jun 1, 2003
    Messages:
    277
    Likes Received:
    0
    Trophy Points:
    26
    Moro. Tuo loki on puhdas.
    Vieläkö niitä ilmoituksia tulee ?
     
    kairis, Sep 11, 2006
    #4
Thread Status:
Not open for further replies.

Share This Page