kone aika jumissa..

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi wennamo 08.09.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. wennamo

    wennamo Member

    Liittynyt:
    08.09.2006
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    oon sitkeesti yrittäny poistaa troijalaista joka avg:n mukaan on system32:ssa mutta ei siellä mitään näy..aina virus ilmoituksia satelee koneen auetessa vaikka ne kuinka poistaa ja lähettää virus vaultiin..lisää/poista lista ei anna muuta ku zone alarmin ja Adawaren tiedot ja kone on muutenki aika komeesti sekasin..netti tökkii ja kaatuu koko ajan.Mikä poijjaat neuvoksi..?Logfile of HijackThis v1.99.1
    Scan saved at 15:12:44, on 8.9.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
    C:\PROGRA~1\Logitech\Video\FxSvr2.exe
    C:\Program Files\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157628116578
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

     
    Viimeksi muokattu: 08.09.2006
    wennamo, 08.09.2006
    #1
  2.  
  3. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Moi. Saatko siitä AVG:sta lokia, jonka voisit lähettää tänne.
     
    kairis, 09.09.2006
    #2
  4. wennamo

    wennamo Member

    Liittynyt:
    08.09.2006
    Viestejä:
    2
    Kiitokset:
    0
    Pisteet:
    11
    "Partition table (MBR)","- OK -","Quick checked"
    "Boot sector of disk C:","- OK -","Quick checked"
    "System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load","","Scanned"
    "System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\Run","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServices","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce","","Scanned"
    "System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit","","Scanned"
    "System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell","","Scanned"
    "System registry exefile\shell\open\command","","Scanned"
    "System registry scrfile\shell\open\command","","Scanned"
    "System registry scrfile\shell\config\command","","Scanned"
    "System registry batfile\shell\open\command","","Scanned"
    "System registry cmdfile\shell\open\command","","Scanned"
    "System registry comfile\shell\open\command","","Scanned"
    "System registry piffile\shell\open\command","","Scanned"
    "System registry giffile\shell\open\command","","Scanned"
    "System registry htmlfile\shell\open\command","","Scanned"
    "System registry htafile\shell\open\command","","Scanned"
    "System registry jpegfile\shell\open\command","","Scanned"
    "System registry txtfile\shell\open\command","","Scanned"
    "System registry regfile\shell\open\command","","Scanned"
    "System registry cplfile\shell\cplopen\command","","Scanned"
    "System registry Word.Document.8\shell\open\command","","Scanned"
    "System registry WordPad.Document.1\shell\open\command","","Scanned"
    "System registry inffile\shell\open\command","","Scanned"
    "System registry vbsfile\shell\open\command","","Scanned"
    "System registry vbefile\shell\open\command","","Scanned"
    "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe","- OK -","Quick checked"
    "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe","- OK -","Quick checked"
    "C:\Program Files\ATI Technologies\ATI.ACE\Runtime.bat","- OK -","Quick checked"
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE","- OK -","Quick checked"
    "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe","- OK -","Quick checked"
    "C:\Program Files\Logitech\Video\ISStart.exe","- OK -","Quick checked"
    "C:\Program Files\Logitech\Video\LogiTray.exe","- OK -","Quick checked"
    "C:\Program Files\MSN Messenger\msnmsgr.exe","- OK -","Quick checked"
    "C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe","- OK -","Quick checked"
    "C:\Program Files\Windows Defender\MSASCui.exe","- OK -","Quick checked"
    "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe","- OK -","Quick checked"
    "C:\WINDOWS\SOUNDMAN.EXE","- OK -","Quick checked"
    "C:\WINDOWS\regedit.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\NeroCheck.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\mshta.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\rundll32.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\shell32.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\shimgvw.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\kernel32.dll","Change","Changed"
    "C:\WINDOWS\system32\wsock32.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\user32.dll","- OK -","Quick checked"
    "C:\WINDOWS\system32\shell32.dll","Change","Changed"
    "C:\WINDOWS\system32\ntoskrnl.exe","- OK -","Quick checked"
    "C:\WINDOWS\system32\drivers\etc\hosts","- OK -","Quick checked"
     
    wennamo, 11.09.2006
    #3
  5. kairis

    kairis Regular member

    Liittynyt:
    01.06.2003
    Viestejä:
    277
    Kiitokset:
    0
    Pisteet:
    26
    Moro. Tuo loki on puhdas.
    Vieläkö niitä ilmoituksia tulee ?
     
    kairis, 11.09.2006
    #4
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu