HJT-loki, trojan.vundo ongelma.

Discussion in 'Virukset ja haittaohjelmat' started by pAy, Jan 30, 2006.

  1. pAy

    pAy Member

    Joined:
    Sep 26, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 19:30:19, on 30.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\winsysban4.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    E:\asenna.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
    O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
    O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138362542681
    O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll
    O20 - Winlogon Notify: urssq - C:\WINDOWS\SYSTEM32\urssq.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2F0dQ\command.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
     
    pAy, Jan 30, 2006
    #1
  2. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Ensiksi kopioi tämä ohje, ja tallenna se työpöydälle tekstitiedostona,
    sillä fixin aikan sinulla ei ole nettiyhteyttä käytössä.

    Hae VundoFix© tuolta. http://www.atribune.org/downloads/VundoFix.exe
    Tallenna se työpöydälle

    * Tuplakilikkaa VundoFix.exe ,jolloin se tekee Vundofix kansion työpöydälle
    * Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä )
    * Vikasietotilassa avaa Vundofix kansio, ja tuplaklikkaa KillVundo.bat
    * Ruutuun pitäisi ilmestyä varoitus, joka näyttää tältä.

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....


    * Paina Enter.
    * Seuraavaksi pitäisi näkyä:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

    * Seuraavaksi kirjoita tiedoston sijainti. Ole tarkkana, että kirjoitat sen varmasti oikein

    C:\WINDOWS\system32\ljhif.dll

    * Paina Enter.
    * Seuraavaksi pitäisi näkyä:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

    * Seuraavaksi kirjoita tiedoston sijainti. Ole tarkkana, että kirjoitat sen varmasti oikein

    C:\WINDOWS\system32\urssq.dll

    * Paina Enter
    * Nyt pitäisi aueta HijackThis, jos ei aukea, niin avaa se itse ( make a system scan )
    * HjT:ssä Fixaa seuraavat


    O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
    O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
    O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
    O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
    O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll
    O20 - Winlogon Notify: urssq - C:\WINDOWS\SYSTEM32\urssq.dll

    * Kun olet fixannut nämä sulje HijackThis.
    * Paina Enter poistuaksesi ohjelmasta. Tämän jälkeen käynnistä kone uudestaan.


    Lähetä uusi HijackThis loki, ja vundofix.txt sisältö ( sen löydät vundofix kansiosta )

    Hae myös Ewido, ja aja scanni sillä. laita myös Ewidon loki ihmeteltäväksi. Ohje > http://keskustelu.afterdawn.com/thread_view.cfm/269186

    On erittäin tärkeää, että ajat tuon Vundofixin vikasietotilassa. Jos on ongelmia sinne pääsemisessä, niin kysy mielummin apua täältä, kuin aja se normaalitilassa.
     
    Last edited: Jan 30, 2006
    spertti, Jan 30, 2006
    #2
  3. Zipp2

    Zipp2 Regular member

    Joined:
    Sep 30, 2005
    Messages:
    376
    Likes Received:
    0
    Trophy Points:
    26
    poistin täälä oli jo reseptiä.
     
    Last edited: Jan 30, 2006
    Zipp2, Jan 30, 2006
    #3
  4. pAy

    pAy Member

    Joined:
    Sep 26, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 21:41:04, on 30.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\windows\winsysban4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
    O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
    O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138362542681
    O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll (file missing)
    O20 - Winlogon Notify: urssq - urssq.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2F0dQ\command.exe (file missing)
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



    VundoFix V2.15 by Atri
    --------------------------------------------------------------------------------------

    Listing files contained in the vundofix folder.
    --------------------------------------------------------------------------------------

    killvundo.bat
    process.exe
    ReadMe.txt
    vundo.reg
    vundofix.txt

    --------------------------------------------------------------------------------------

    Filepaths entered
    --------------------------------------------------------------------------------------

    The filepath entered was c:\WINDOWS\system32\ljhif.dll

    The second filepath entered was c:\WINDOWS\system32\urssq.dll

    --------------------------------------------------------------------------------------

    Log from Process
    --------------------------------------------------------------------------------------


    Killing PID 428 'smss.exe'

    Killing PID 1840 'explorer.exe'
    Killing PID 1840 'explorer.exe'


    Killing PID 684 'winlogon.exe'
    --------------------------------------------------------------------------------------

    c:\WINDOWS\system32\ljhif.dll Deleted sucessfully.
    c:\WINDOWS\system32\urssq.dll Deleted sucessfully.

    Fixing Registry
    --------------------------------------------------------------------------------------

     
    pAy, Jan 30, 2006
    #4
  5. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    No jäihän sinne vielä.

    Fixaa nämä HjT:lla

    O2 - BHO: ATLDistrib Object - {83A5F7B7-DC75-44CE-9195-264F41709FA9} - C:\WINDOWS\system32\ljhif.dll (file missing)
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\urssq.dll (file missing)
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd3.exe
    O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
    O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
    O4 - HKLM\..\Run: [WinDLL (xvd32.dll)] rundll32.exe C:\WINDOWS\System32\xvd32.dll,start
    O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe
    O20 - Winlogon Notify: ljhif - C:\WINDOWS\system32\ljhif.dll (file missing)
    O20 - Winlogon Notify: urssq - urssq.dll (file missing)

    Laita piilotiedostot näkyviin, ohje ->
    http://keskustelu.afterdawn.com/thread_view.cfm/248944

    Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä ) ja poista nämä, jos löytyy:

    C:\windows\winsysupd3.exe
    C:\windows\winsysban4.exe
    c:\windows\myupdates.exe
    C:\WINDOWS\System32\xvd32.dll
    C:\PROGRA~1\COMMON~1\fmoq <- kansio

    Ajoitko äsken sen Ewidon? Se loki olis kiva kanssa nähdä.

    EDIT: Niin ja laita uusi loki tämän jälkeen.
     
    Last edited: Jan 30, 2006
    spertti, Jan 30, 2006
    #5
  6. pAy

    pAy Member

    Joined:
    Sep 26, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of HijackThis v1.99.1
    Scan saved at 16:16:50, on 31.1.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138362542681
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2F0dQ\command.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe






    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 16:15:00, 31.1.2006
    + Report-Checksum: 38FEF607

    + Scan result:

    C:\Documents and Settings\LocalService\Cookies\system@casinotropez[2].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@www.casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
    C:\Documents and Settings\Satu\ca32.exe/rm32.dll -> Adware.Virtumonde : Error during cleaning
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp00024ac7 -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp000430c0 -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp00044124 -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp00044efe -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp0004fbbd -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp0005e840 -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp00076a32 -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp0008425e -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\tmp00123a6f -> Adware.Virtumonde : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\~DP3.exe -> Dropper.Delf.fd : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\~DP4.exe -> Dropper.Delf.fd : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\~DP5.exe -> Dropper.Delf.fd : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\~DP6.exe -> Dropper.Delf.fd : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\~DP7.exe -> Dropper.Delf.fd : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temp\~DPF.exe -> Dropper.Delf.fd : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\4X81YTGX\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\4X81YTGX\winsysban4[1].exe -> Hijacker.VB.kc : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\b[1].zip -> Backdoor.Akbot.a : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\drsmartload46a[1].exe -> Downloader.Adload.j : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\8T6BSXIF\myupdates[1].exe -> Downloader.Adload.l : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\CNGPWDYD\ca32[2].zip/rm32.dll -> Adware.Virtumonde : Error during cleaning
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\CNGPWDYD\drsmartload[1].exe -> Downloader.Adload.j : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\OHYB8NI5\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\OHYB8NI5\winsysban3[1].exe -> Hijacker.VB.kc : Cleaned with backup
    C:\Documents and Settings\Satu\Local Settings\Temporary Internet Files\Content.IE5\OHYB8NI5\winsysupd3[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
    C:\drsmartload1.exe -> Downloader.Adload.j : Cleaned with backup
    C:\drsmartload46a.exe -> Downloader.Adload.j : Cleaned with backup
    C:\Installer.exe -> Spyware.Look2Me : Cleaned with backup
    C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
    C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
    C:\WINDOWS\system32\awvst.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\byxya.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\fccdc.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\mllmj.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\nnnol.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\opnmn.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\urqnn.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\system32\vtuuu.dll -> Adware.Virtumonde : Cleaned with backup
    C:\WINDOWS\winsysban3.exe -> Hijacker.VB.kc : Cleaned with backup


    ::Report End
     
    pAy, Jan 31, 2006
    #6
  7. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Tämän voit vielä fixata, muuten ok.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

    Ja poista tämä:

    C:\Documents and Settings\Satu\==>ca32.exe<==

    Vikasietotilassa, jos ei muuten lähde.
     
    Last edited: Jan 31, 2006
    -kemisti-, Jan 31, 2006
    #7
  8. pAy

    pAy Member

    Joined:
    Sep 26, 2002
    Messages:
    62
    Likes Received:
    0
    Trophy Points:
    16
    Suuret kiitokset avustanne!
     
    pAy, Jan 31, 2006
    #8
  9. spertti

    spertti Active member

    Joined:
    Jun 1, 2005
    Messages:
    1,222
    Likes Received:
    0
    Trophy Points:
    66
    Olepa hyvä =)
     
    spertti, Jan 31, 2006
    #9

Share This Page