Hjtlog tarkistettavaksi

Arnevi · Jan 27, 2006

Ilmeisesti virukset ovat koneen vallanneet.

Logfile of HijackThis v1.99.1
Scan saved at 15:27:28, on 16.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
C:\WINDOWS\system32\auditchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJuZXZpIFBlcm1p\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Tonski · Jan 27, 2006

Fixaa tämä:

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJuZXZpIFBlcm1p\command.exe (file missing)

Sitten mene Käynnistä-valikkoon ja ota Suorita-toiminto esille. Sitten kirjoita siihen tekstikenttään [bold]services.msc[/bold] niin tulee esille Palvelut-lista. Etsi sieltä tuo Command Service ja tuplaklikkaa sitä, ja sitten valitse Seis. Ja toiminnoksi "Ei käytössä".

Sitten aseta piilotiedostot näkyviin, tässä ohje:

* Klikkaa Käynnistä.
* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.

Sen jälkeen poista lihavoitu kansio tuosta tiedostopolusta ja kaikki sen sisältö:
C:\WINDOWS\[bold]QXJuZXZpIFBlcm1p[/bold]\command.exe

Sitten käynnistä kone uudelleen ja lähetä uusi HJT-loki.

Arnevi · Jan 27, 2006

Tässä uusi lista. En löytänyt toista kertaa qxju... kansiota, muuten tein ohjeiden mukaan.

Logfile of HijackThis v1.99.1
Scan saved at 18:09:20, on 16.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\auditchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

spertti · Jan 27, 2006

Hyvältä näyttää, mutta ajetaan nyt Ewido vielä.
http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaan ja lähetä sen raportti tänne.

Arnevi · Jan 28, 2006

Joku vielä ilmeisesti koneessa mättää, nettiin ei pääse ja norton ilmoittaa viruksesta nimeltä trojan horse, tms. ja ilmoittaa ettei pysty sitä poistaa ja norton ei lähde enää päällekkään..

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:06:58, 16.2.2006
+ Report-Checksum: AA6C2B67

+ Scan result:

C:\Documents and Settings\Arnevi\Local Settings\Temp\dl23063.exe -> Downloader.Small.cgc : Cleaned with backup
C:\Documents and Settings\Arnevi\Local Settings\Temp\dl26678.exe -> Downloader.Small.cgc : Cleaned with backup
C:\Documents and Settings\Arnevi\Local Settings\Temp\dl27329.exe -> Downloader.Small.cgc : Cleaned with backup
C:\Documents and Settings\Arnevi\Local Settings\Temp\dl27529.exe -> Downloader.Small.cgc : Cleaned with backup
C:\Documents and Settings\Arnevi\Local Settings\Temp\dl27699.exe -> Downloader.Small.cgc : Cleaned with backup
C:\Documents and Settings\Arnevi\Local Settings\Temporary Internet Files\Content.IE5\01234567\mc[1].exe -> Downloader.Small.cgc : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\elite.ocx -> Adware.MediaMotor : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 22:10:33, on 16.2.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
C:\WINDOWS\system32\auditchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

spertti · Jan 28, 2006

Ei kyllä lokista osu tosiaan mitään vieläkään silmään, joten kokeillaan nyt sitten vaikka eScania > http://koti.mbnet.fi/pattaya1/escanmwav.htm Laita alalaatikon örkkitulokset tänne, kun skanni on valmis

Arnevi · Jan 29, 2006

Ei pääse nettiin ,muutakuin pariksi sekuntiksi kerrallaan, ja sitten töppää. Ei onnistunut ohjelman asentaminen.Olisiko vielä jotain muuta keinoa, kuin sen ohjelman asennus??

Arnevi · Jan 29, 2006

No nyt sain sen pelittämään ja tässä logi.

File C:\WINDOWS\System32\i infected by "Trojan-Downloader.BAT.Ftp.ab" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Arnevi\Local Settings\Temp\dl33007.exe infected by "BkCln.Unknown" Virus.
Action Taken: File Renamed.

File C:\Documents and Settings\Arnevi\Local Settings\Temporary Internet Files\Content.IE5\0V4LA7IX\mc[1].exe
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\Documents and Settings\Arnevi\Local Settings\Temporary Internet Files\Content.IE5\0V4LA7IX\mc[2].exe
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\Documents and Settings\Arnevi\Local Settings\Temporary Internet Files\Content.IE5\0V4LA7IX\mc[3].exe
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\Program Files\Alwil Software\Avast4\DATA\moved\MMAPI32.DLL.2.vir infected by "BkCln.Unknown" Virus.
Action Taken: File Renamed.

File C:\Program Files\Alwil Software\Avast4\DATA\moved\MMAPI32.DLL.vir infected by "BkCln.Unknown" Virus.
Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP80\A0037922.dll
infected by "Backdoor.Win32.Agent.th" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP82\A0038006.ocx
tagged as not-a-virus:AdWare.Win32.MediaMotor.h. No Action Taken.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038170.exe
infected by "Trojan-Downloader.Win32.Small.cgc" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038172.exe
infected by "Trojan-Clicker.Win32.VB.kc" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038173.dll
tagged as not-a-virus:AdWare.Win32.E2Give.d. No Action Taken.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038174.exe
infected by "Trojan-Downloader.Win32.Adload.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038176.exe
infected by "Backdoor.Win32.SdBot.yx" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038177.exe
infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038178.exe
infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038179.exe
infected by "Trojan.Win32.Crypt.d" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038180.exe
infected by "Trojan.Win32.VB.afn" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038181.exe
tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038182.exe
infected by "Trojan-Downloader.Win32.VB.ri" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038183.exe
infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038185.exe
infected by "Trojan.Win32.LowZones.am" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038186.exe
infected by "Trojan.Win32.LowZones.am" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038187.ocx
infected by "Trojan-Downloader.Win32.VB.ov" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038189.exe
infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038190.exe
infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038191.exe
infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038192.exe
infected by "Trojan-Downloader.Win32.Small.afq" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038193.exe
tagged as not-a-virus:AdWare.Win32.CommAd.a. No Action Taken.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038194.exe
infected by "Trojan-Downloader.Win32.VB.ri" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038195.exe
infected by "Trojan-Downloader.Win32.Small.bgl" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038196.exe
tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038197.dll
tagged as not-a-virus:AdWare.Win32.Look2Me.ab. No Action Taken.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038198.ocx
infected by "Trojan-Downloader.Win32.VB.ov" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038200.exe
infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038201.exe
infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038202.exe
infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038203.exe
infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038204.exe
infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038205.exe
infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038206.exe
infected by "Trojan.Win32.StartPage.aw" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038207.exe
infected by "Backdoor.Win32.SdBot.yx" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0038209.exe
infected by "Trojan.Win32.LowZones.cf" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0040226.dll
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0040267.dll
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP83\A0041277.exe
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP84\A0043279.dll
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP84\A0044282.dll
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP84\A0047841.dll
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\System Volume Information\_restore{EE96CCA0-4AE2-444C-BA43-CCC126C97893}\RP84\A0048182.exe
infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\WINDOWS\Temp\_avast4_\unp244821042.tmp infected by "Trojan-Downloader.Win32.Small.cgc"
Virus. Action Taken: File to be deleted on reboot.

File D:\System Volume Information\_restore{9DB946B2-90FC-4AEE-8192-E2280982E761}\RP2\A0001187.exe
infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File D:\System Volume Information\_restore{9DB946B2-90FC-4AEE-8192-E2280982E761}\RP2\A0001342.exe
infected by "Trojan-Downloader.Win32.Adload.j" Virus. Action Taken: File Deleted.

File D:\System Volume Information\_restore{9DB946B2-90FC-4AEE-8192-E2280982E761}\RP4\A0001436.exe
tagged as not-a-virus:AdWare.Win32.Comet.f. No Action Taken.

Arnevi · Jan 30, 2006

ei ´lähde virukset millään.

Logfile of HijackThis v1.99.1
Scan saved at 22:05:59, on 30.1.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
C:\WINDOWS\System32\auditchk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\tkxbicf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\perfont.exe
C:\DOCUME~1\Arnevi\LOCALS~1\Temp\dl23223.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\oppmn.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\3011A WIRELESS OPTICAL DESKSET\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DRam prosessor] tkxbicf.exe
O4 - HKLM\..\RunServices: [DRam prosessor] tkxbicf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - Winlogon Notify: oppmn - C:\WINDOWS\SYSTEM32\oppmn.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe
O23 - Service: svcdll32 (svcdll) - Unknown owner - C:\WINDOWS\System32\svcdll32.exe (file missing)

blade81 · Jan 31, 2006

File D:\System Volume Information\_restore{9DB946B2-90FC-4AEE-8192-E2280982E761}\RP4\A0001436.exe
tagged as not-a-virus:AdWare.Win32.Comet.f. No Action Taken.
Click to expand...

Ajoitko tuon Ewidon vikasietotilassa?

spertti · Jan 31, 2006

@arnevi

Nyt näyttää tietyllä tapaa hyvältä =) Eli siis tossa lokissa on nyt vundo niminen örkki näkyvissä, joka oli maastoutunut jonnekin piiloon noissa aiemmissa lokeissa. Toivotaan, että nyt löydettiin ongelman aiheuttaja....

Eli fixaillaan pikkasen

Hae VundoFix.exe tuolta ->http://www.atribune.org/ccount/click.php?id=4 ja tallenna se työpöydälle
[*]Tuplaklikkaa VundoFix.exe
[*]Klikkaa Scan for Vundo nappia.
[*]Kun se on saanut skannattua paina Remove Vundo nappia.
[*]Vundofix kysyy haluatko poistaa filut. Klikkaa yes
[*]Työpöytäsi menee tyhjäksi, kun vundofix poistaa vundoa. Tämä on normaalia, joten älä hätäänny
[*]Kun fixi on valmis, se ehdottaa koneen sammuttamista. Klikkaa OK.
[*]Käynnistä kone uudelleen.
[*]Lähetä C:\vundofix.txt sisältö, ja uusi HiJackThis loki.

Ja juu. Tiedän ettei vielä auttanut, kun sinne jäi vielä tuo toinen mato, mikä näkyy 04 rivillä... Sille koetan koko ajan löytää kuumeisesti lääkettä =)

Arnevi · Feb 2, 2006

No hermot meni ja asensin kaikki uuudestaan. Ja ainakin vielä
kaíkki tuntuu pelaavan=)
Kiitoksia paljon avusta kaikille

spertti · Feb 2, 2006

Jeps =) Nyt on ainakin sitten takuuvarmasti puhdas se kone...

Log in or Sign up

Hjtlog tarkistettavaksi

Arnevi Guest

Tonski Regular member

Arnevi Guest

spertti Active member

Arnevi Guest

spertti Active member

Arnevi Guest

Arnevi Guest

Arnevi Guest

blade81 Active member

spertti Active member

Arnevi Guest

spertti Active member

Share This Page

Log in or Sign up

Hjtlog tarkistettavaksi

Arnevi Guest

Tonski Regular member

Arnevi Guest

spertti Active member

Arnevi Guest

spertti Active member

Arnevi Guest

Arnevi Guest

Arnevi Guest

blade81 Active member

spertti Active member

Arnevi Guest

spertti Active member

Share This Page

Useful Searches