Kone boottailee + Hjt-loki

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

tiistai 22.7.2025 / 14:16

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > kone boottailee + hjt-loki

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Kone boottailee + Hjt-loki

Siirry:

Kirjoittaja

Viesti

Sussu82

Junior Member

6. maaliskuuta 2007 @ 13:52

Linkki tähän viestiin

Apua kaivattaisiin taas..

Eli kone on nyt parin päivän ajan boottaillut useita kertoja päivässä. Antivirillä en ole saanut konetta tarkastettua, koska kone kaatuu kesken skannauksen. Vikasietotilassa skannaus onnistui.

Tässä HjT-loki + vikasietotilassa ajettu Antivirin raportti:

Logfile of HijackThis v1.99.1
Scan saved at 18:46:27, on 6.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Ewido\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Airboard Manager] C:\Program Files\Netropa\Airboard Manager\TouchMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{168BF9B8-5614-42AD-8E29-BBA2A8D544FF}: NameServer = 193.210.19.19 193.210.18.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{168BF9B8-5614-42AD-8E29-BBA2A8D544FF}: NameServer = 193.210.19.19 193.210.18.18
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Aseman tilannevedos (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

AntiVir PersonalEdition Classic
Report file date: 5. maaliskuuta 2007 20:06

Scanning for 690218 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Alex
Computer name: 123-B1232ACD4A2

Version information:
BUILD.DAT : 217 12749 Bytes 5.12.2006 17:00:00
AVSCAN.EXE : 7.0.3.5 208936 Bytes 20.1.2007 09:04:04
AVSCAN.DLL : 7.0.3.1 35880 Bytes 5.12.2006 15:00:22
LUKE.DLL : 7.0.3.2 143400 Bytes 31.10.2006 15:07:46
LUKERES.DLL : 7.0.2.0 9256 Bytes 5.12.2006 15:00:22
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31.5.2006 14:30:06
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23.2.2007 10:30:24
ANTIVIR2.VDF : 6.37.1.182 86528 Bytes 1.3.2007 13:12:30
ANTIVIR3.VDF : 6.37.1.197 32256 Bytes 5.3.2007 13:12:31
AVEWIN32.DLL : 7.3.1.38 2322944 Bytes 21.2.2007 19:42:13
AVPREF.DLL : 7.0.2.0 23592 Bytes 3.11.2006 09:53:44
AVREP.DLL : 6.37.1.100 1142824 Bytes 16.2.2007 19:39:53
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30.3.2006 07:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 23.10.2006 14:21:31
AVREG.DLL : 7.0.1.2 30760 Bytes 20.1.2007 09:04:04
NETNT.DLL : No Information!
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 8.11.2006 11:26:26
RCTEXT.DLL : 7.0.12.1 77864 Bytes 5.12.2006 15:00:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000

Start of the scan: 5. maaliskuuta 2007 20:06

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'userinit.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 23 files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\vdmredir.dll
[WARNING] The file could not be opened!
C:\WINDOWS\system32\vssvc.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wbem\wbemperf.dll
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'F:\'
Begin scan in 'A:\'
The path A:\ could not be found!
Laite ei ole valmiina.

Begin scan in 'E:\'
The path E:\ could not be found!
Laite ei ole valmiina.

End of the scan: 5. maaliskuuta 2007 20:26
Used time: 20:23 min

The scan has been done completely.

4634 Scanning directories
183681 Files were scanned
0 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
183681 Files not concerned
2726 Archives were scanned
4 Warnings
14 Notes

[ + lainaa]

mikkoi

Senior Member

1 tuotearvio

6. maaliskuuta 2007 @ 15:09

Linkki tähän viestiin

Oletko varma ettei ole rautavikaa?

[ + lainaa]

Sussu82

Junior Member

6. maaliskuuta 2007 @ 15:14

Linkki tähän viestiin

En oo ollenkaan varma, mutta kun en ole niin taitava näiden koneiden kanssa, että osaisin lähteä itse sen tarkemmin selvittämään..