Logfile of HijackThis v1.99.1 Scan saved at 20:23:02, on 2.6.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: G:\WINDOWS\System32\smss.exe G:\WINDOWS\system32\csrss.exe G:\WINDOWS\system32\winlogon.exe G:\WINDOWS\system32\services.exe G:\WINDOWS\system32\lsass.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\System32\svchost.exe G:\Program Files\TGTSoft\StyleXP\StyleXPService.exe G:\Program Files\Sygate\SPF\smc.exe G:\WINDOWS\system32\Ati2evxx.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\Explorer.exe G:\WINDOWS\system32\svchost.exe G:\WINDOWS\system32\spoolsv.exe G:\Program Files\AVPersonal\AVGUARD.EXE G:\Program Files\AVPersonal\AVWUPSRV.EXE G:\WINDOWS\system32\wbem\wmiprvse.exe G:\WINDOWS\System32\alg.exe G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe G:\Program Files\Logitech\iTouch\iTouch.exe G:\Program Files\AVPersonal\AVGNT.EXE G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe G:\WINDOWS\SOUNDMAN.EXE G:\Program Files\Microsoft AntiSpyware\gcasServ.exe G:\Program Files\Java\jre1.5.0_01\bin\jusched.exe G:\Program Files\Logitech\MouseWare\system\em_exec.exe G:\Program Files\MSN Messenger\MsnMsgr.Exe G:\Program Files\TGTSoft\StyleXP\StyleXP.exe G:\Program Files\MSI\PC Alert III\alert.exe G:\Program Files\Samurize\Client.exe G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe G:\WINDOWS\system32\wuauclt.exe C:\NNScript\mirc.exe C:\ircN\SYSTEM\mirc.exe C:\HJT\HijackThis.exe O1 - Hosts: 64.91.255.87 www.dcsresearch.com O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] G:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [TrojanScanner] G:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\RunServices: [RunAlert] G:\Program Files\MSI\PC Alert III\AService.exe O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [STYLEXP] G:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [180ClientStubInstall] "G:\DOCUME~1\VILLEP~1\LOCALS~1\Temp\nsu2B.tmp" O4 - HKCU\..\Run: [a-squared] "G:\Program Files\a2\a2guard.exe" O4 - Startup: Client Default.lnk = G:\Program Files\Samurize\Client.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: PC Alert III.lnk = G:\Program Files\MSI\PC Alert III\alert.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe O23 - Service: StyleXPService - Unknown owner - G:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Ainakin antivir vähän väliä huomauttaa tuosta poller.exe tiedostosta.
Laita piilotiedostot näkyviin http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339 Merkkaa nuo HjT:ssä, sulje selain ja muut ikkunat, klikkaa Fix O1 - Hosts: 64.91.255.87 www.dcsresearch.com O4 - HKCU\..\Run: [180ClientStubInstall] "G:\DOCUME~1\VILLEP~1\LOCALS~1\Temp\nsu2B.tmp Käynnistä vikasietotilaan ja tyhjennä tempit Nuo alemmat kaikissa käyttäjätileissä C:\Temp C:\Windows\Prefetch C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temp Normaalikäynnistys, auttoiko? Kertooko Antivir missä poller on?
Joo kyllä näyttää että auttoi, että kiitos. Antivir näytti että poller.exe olisi löytynyt WINDOWS kansion juuresta mutta eipä näytä enään herjaavan.