poller.exe vaivaa (HJT loki)

Discussion in 'Virukset ja haittaohjelmat' started by wolmari, Jun 2, 2005.

  1. wolmari

    wolmari Member

    Joined:
    May 4, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 20:23:02, on 2.6.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\csrss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\System32\svchost.exe
    G:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    G:\Program Files\Sygate\SPF\smc.exe
    G:\WINDOWS\system32\Ati2evxx.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\Explorer.exe
    G:\WINDOWS\system32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\AVPersonal\AVGUARD.EXE
    G:\Program Files\AVPersonal\AVWUPSRV.EXE
    G:\WINDOWS\system32\wbem\wmiprvse.exe
    G:\WINDOWS\System32\alg.exe
    G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    G:\Program Files\Logitech\iTouch\iTouch.exe
    G:\Program Files\AVPersonal\AVGNT.EXE
    G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    G:\WINDOWS\SOUNDMAN.EXE
    G:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    G:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    G:\Program Files\Logitech\MouseWare\system\em_exec.exe
    G:\Program Files\MSN Messenger\MsnMsgr.Exe
    G:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    G:\Program Files\MSI\PC Alert III\alert.exe
    G:\Program Files\Samurize\Client.exe
    G:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    G:\WINDOWS\system32\wuauclt.exe
    C:\NNScript\mirc.exe
    C:\ircN\SYSTEM\mirc.exe
    C:\HJT\HijackThis.exe

    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O4 - HKLM\..\Run: [ATIPTA] G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] G:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [AVGCtrl] G:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SmcService] G:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [gcasServ] "G:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKLM\..\Run: [TrojanScanner] G:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunServices: [RunAlert] G:\Program Files\MSI\PC Alert III\AService.exe
    O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [STYLEXP] G:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [180ClientStubInstall] "G:\DOCUME~1\VILLEP~1\LOCALS~1\Temp\nsu2B.tmp"
    O4 - HKCU\..\Run: [a-squared] "G:\Program Files\a2\a2guard.exe"
    O4 - Startup: Client Default.lnk = G:\Program Files\Samurize\Client.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = G:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: PC Alert III.lnk = G:\Program Files\MSI\PC Alert III\alert.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - G:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - G:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - G:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: StyleXPService - Unknown owner - G:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

    Ainakin antivir vähän väliä huomauttaa tuosta poller.exe tiedostosta.
     
  2. morsku

    morsku Guest

  3. Toymaatti

    Toymaatti Active member

    Joined:
    Feb 4, 2005
    Messages:
    1,038
    Likes Received:
    0
    Trophy Points:
    66
    Laita piilotiedostot näkyviin
    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

    Merkkaa nuo HjT:ssä, sulje selain ja muut ikkunat, klikkaa Fix
    O1 - Hosts: 64.91.255.87 www.dcsresearch.com
    O4 - HKCU\..\Run: [180ClientStubInstall] "G:\DOCUME~1\VILLEP~1\LOCALS~1\Temp\nsu2B.tmp

    Käynnistä vikasietotilaan ja tyhjennä tempit
    Nuo alemmat kaikissa käyttäjätileissä
    C:\Temp
    C:\Windows\Prefetch
    C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Käyttäjä nimi\Local Settings\Temp

    Normaalikäynnistys, auttoiko? Kertooko Antivir missä poller on?
     
  4. wolmari

    wolmari Member

    Joined:
    May 4, 2002
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    16
    Joo kyllä näyttää että auttoi, että kiitos. Antivir näytti että poller.exe olisi löytynyt WINDOWS kansion juuresta mutta eipä näytä enään herjaavan.
     

Share This Page