Mainospöpöjä!

Discussion in 'Virukset ja haittaohjelmat' started by maukka81, Nov 15, 2005.

  1. maukka81

    maukka81 Member

    Joined:
    Nov 14, 2005
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Joo oma konehan tuli eilen kuntoon pöpöistä mut nyt olis kaverin koneessa vähän samanlaisia ongelmia. Eli kun avaan internet explorer selaimen ja sieltä pistän osoitteeksi vaikka google niin se menee jonnekin peli-sivuille ja saman tekee muillakin sivuilla mihin yritän mennä! Tässä olisi hjt jos siitä jotain vaikka paljastuisi?..

    Logfile of HijackThis v1.99.1
    Scan saved at 18:32:00, on 15.11.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\windows\system32\1234abcd.exe
    C:\windows\system32\mplay64.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Hp\HP Software Update\HPWUCli.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\windows\system32\1234abcd.exe
    C:\windows\system32\mplay64.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q305&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [ChangeResolution] C:\System.sav\INTELRES\ChangeResolution.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [1234abcd] c:\windows\system32\1234abcd.exe /install
    O4 - HKLM\..\Run: [MPlay64] c:\windows\system32\mplay64.exe /noerrorinfo
    O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    maukka81, Nov 15, 2005
    #1
  2. Disa-

    Disa- Regular member

    Joined:
    Sep 6, 2005
    Messages:
    860
    Likes Received:
    0
    Trophy Points:
    26
    Fixaa seuraavat, eli do a system scan only, laita rastit seuraaviin ja fix checked:

    O4 - HKLM\..\Run: [1234abcd] c:\windows\system32\1234abcd.exe /install
    O4 - HKLM\..\Run: [MPlay64] c:\windows\system32\mplay64.exe /noerrorinfo

    Sitten viekasietotilaan (F8 käynnistyksen yhteydessä) poista seuraavat:

    c:\windows\system32\1234abcd.exe <- tiedosto
    c:\windows\system32\mplay64.exe <- tiedosto

    Sitten hae täältä eScan -> http://koti.mbnet.fi/pattaya1/escanmwav.htm päivitä, skannaa ja lähetä sen logi tänne.




     
    Disa-, Nov 15, 2005
    #2
  3. maukka81

    maukka81 Member

    Joined:
    Nov 14, 2005
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    poistettu logi.
     
    Last edited: Nov 16, 2005
    maukka81, Nov 15, 2005
    #3
  4. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Löysihän se sentään 29 virusta.
    Tuo on vaan hiukan väärä logi. Voit pyyhkiä sen kun se näyttää kaikki kansiot mitä se on tarkistanu....
    Kaspersky kansiossa pitäisi olla mwXface niminen notepad tiedosto jossa on viel ilmeisesti ne virukset näkyvissä, että voit sen pistää tilalle tuon edellisen päälle.
     
    aaxxeell, Nov 15, 2005
    #4
  5. maukka81

    maukka81 Member

    Joined:
    Nov 14, 2005
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Oliskohan tämä nyt se oikea logi?
    Ajoin äsken vielä toisen kerran tuon escan:in läpi ja ei se löytänyt mitään uutta. ainakin netti toimii nyt ihan ok ja ei mainosjuttuja näy...


    [0x00000e78] 15/11/2005 20:07:26:046 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
    [0x00000e78] 15/11/2005 20:07:26:046 :[msvLclnt.dll]WARNING!!! "Autokey" Not Found
    [0x00000e78] 15/11/2005 20:07:28:609 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
    [0x00000e78] 15/11/2005 20:07:28:609 :[msvLclnt.dll]Mode :pACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
    [0x00000e78] 15/11/2005 20:07:28:609 :[msvLclnt.dll]TimeOut : ffffffff
    [0x00000e78] 15/11/2005 20:07:28:609 :[msvLclnt.dll]Priority : NORMAL
    [0x00000e78] 15/11/2005 20:07:29:328 :[msvLclnt.dll]VirusCount = 158764 Latest Date = 2005/11/08
    [0x00000bb4] 15/11/2005 20:11:58:437 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
    [0x00000bb4] 15/11/2005 20:11:58:437 :[msvLclnt.dll]Registry Key Deleted Properly!!!
    [0x00000bb4] 15/11/2005 20:11:59:359 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
    [0x00000bb4] 15/11/2005 20:11:59:359 :[msvLclnt.dll]Mode :pACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
    [0x00000bb4] 15/11/2005 20:11:59:359 :[msvLclnt.dll]TimeOut : ffffffff
    [0x00000bb4] 15/11/2005 20:11:59:359 :[msvLclnt.dll]Priority : NORMAL
    [0x00000bb4] 15/11/2005 20:11:59:703 :[msvLclnt.dll]VirusCount = 159987 Latest Date = 2005/11/15
    [0x000004bc] 15/11/2005 20:17:09:578 :[msvLclnt.dll][00000001] File C:\Documents and Settings\Anttoni\Local Settings\Temporary Internet Files\Content.IE5\O8DG25PO\mplay64[1].exe infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:17:10:750 :[msvLclnt.dll][00000001] File C:\Documents and Settings\Anttoni\Local Settings\Temporary Internet Files\Content.IE5\O8DG25PO\mplay64[1].exe infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:03:109 :[msvLclnt.dll][00000001] File C:\lf_550.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:24:03:343 :[msvLclnt.dll][00000001] File C:\lf_550.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:24:04:265 :[msvLclnt.dll][00000001] File C:\lf_678.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:05:156 :[msvLclnt.dll][00000001] File C:\lf_678.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:06:062 :[msvLclnt.dll][00000001] File C:\lf_894.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:06:937 :[msvLclnt.dll][00000001] File C:\lf_894.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:07:187 :[msvLclnt.dll][00000001] File C:\lf_A98.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:24:07:390 :[msvLclnt.dll][00000001] File C:\lf_A98.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:24:08:312 :[msvLclnt.dll][00000001] File C:\lf_AA0.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:09:203 :[msvLclnt.dll][00000001] File C:\lf_AA0.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:10:156 :[msvLclnt.dll][00000001] File C:\lf_AF0.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:11:046 :[msvLclnt.dll][00000001] File C:\lf_AF0.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:11:953 :[msvLclnt.dll][00000001] File C:\lf_B28.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:12:859 :[msvLclnt.dll][00000001] File C:\lf_B28.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:13:125 :[msvLclnt.dll][00000001] File C:\lf_B40.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:24:13:328 :[msvLclnt.dll][00000001] File C:\lf_B40.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:24:14:234 :[msvLclnt.dll][00000001] File C:\lf_B58.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:15:125 :[msvLclnt.dll][00000001] File C:\lf_B58.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:16:078 :[msvLclnt.dll][00000001] File C:\lf_BEC.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:24:16:953 :[msvLclnt.dll][00000001] File C:\lf_BEC.tmp infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:28:43:843 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\128933B1.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:44:140 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\128933B1.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:44:406 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\178D374D.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:44:625 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\178D374D.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:44:890 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18A545CB.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:45:109 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18A545CB.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:45:359 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35917FE7.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:45:593 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35917FE7.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:45:859 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39857AD3.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:46:078 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39857AD3.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:46:343 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B6E74A3.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:46:562 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B6E74A3.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:46:796 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D6315BC.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:47:031 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3D6315BC.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:47:375 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\49E85505.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:47:625 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\49E85505.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:47:906 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\523C3CF6.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:48:125 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\523C3CF6.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:48:218 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62AC58BA.dll infected by Trojan-Downloader.Win32.Dyfuca.et
    [0x000004bc] 15/11/2005 20:28:48:281 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\62AC58BA.dll infected by Trojan-Downloader.Win32.Dyfuca.et
    [0x000004bc] 15/11/2005 20:28:48:578 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75A616A4.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:48:796 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75A616A4.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:49:046 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76145BEA.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:49:281 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\76145BEA.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:49:562 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79625680.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:49:781 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79625680.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:50:031 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7965007C.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:28:50:250 :[msvLclnt.dll][00000001] File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7965007C.tmp infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:41:24:546 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP26\A0002417.exe infected by Trojan-Downloader.Win32.Dluca.bp
    [0x000004bc] 15/11/2005 20:41:24:953 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP26\A0002417.exe infected by Trojan-Downloader.Win32.Dluca.bp
    [0x000004bc] 15/11/2005 20:41:54:312 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP31\A0002600.exe infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:41:54:515 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP31\A0002600.exe infected by Trojan-Downloader.Win32.Dluca.bu
    [0x000004bc] 15/11/2005 20:41:55:421 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP31\A0002601.exe infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:41:56:328 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP31\A0002601.exe infected by Trojan-Downloader.Win32.Agent.wp
    [0x000004bc] 15/11/2005 20:41:56:500 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP31\A0002605.dll infected by Trojan-Downloader.Win32.Dyfuca.et
    [0x000004bc] 15/11/2005 20:41:56:562 :[msvLclnt.dll][00000001] File C:\System Volume Information\_restore{8129E08D-1AA7-409B-9D9D-DE05B0EE0B26}\RP31\A0002605.dll infected by Trojan-Downloader.Win32.Dyfuca.et
    [0x000004bc] 15/11/2005 20:49:53:078 :[msvLclnt.dll]VirusCount = 159987 Latest Date = 2005/11/15
    [0x00000e78] 16/11/2005 09:39:00:796 :[msvLclnt.dll]ModuleName = C:\Kaspersky\mwavscan.com
    [0x00000e78] 16/11/2005 09:39:00:796 :[msvLclnt.dll]Registry Key Deleted Properly!!!
    [0x00000e78] 16/11/2005 09:39:02:750 :[msvLclnt.dll]Options Set by External applications mwavscan.com are 9896960 (0x970400):
    [0x00000e78] 16/11/2005 09:39:02:750 :[msvLclnt.dll]Mode :pACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
    [0x00000e78] 16/11/2005 09:39:02:750 :[msvLclnt.dll]TimeOut : ffffffff
    [0x00000e78] 16/11/2005 09:39:02:750 :[msvLclnt.dll]Priority : NORMAL
    [0x00000e78] 16/11/2005 09:39:03:328 :[msvLclnt.dll]VirusCount = 160050 Latest Date = 2005/11/16
    [0x00000d84] 16/11/2005 10:15:13:312 :[msvLclnt.dll]VirusCount = 160050 Latest Date = 2005/11/16
    [0x00000e78] 16/11/2005 10:23:38:750 :[msvLclnt.dll]VirusCount = 160050 Latest Date = 2005/11/16
     
    maukka81, Nov 15, 2005
    #5
  6. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    Nonniin, eli CleanUp ->
    http://www.stevengould.org/software/cleanup/download.ht ml
    asenna ja aja sillä, kaikki turhat tiedostot (Temp kansiossa örkit) lähtee siten.

    Sitten nuo: C:\System Volume Information\_restore örkin
    Poisto ohjeet: http://support.f-secure.fi/fin/home/virusproblem/howtoclean/cleansystemrestore.shtml
    HUOM. kaikki edelliset järjestelmän palautuspisteet lähtevät!

    Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä):
    Tarkista norttonin quarantine loki. anti-virus -> raportit -> karanteeniin asetetut objektit ja poisto jos löytyy jotain ja aja eScan.

    uudelleen käynnistys -> järjestelmän palautus pisteen uudelleen ottaminen käyttöön mikäli olet sen ottanut pois.

    ja poistakko tämän pitkän turhan lokin!



     
    Last edited: Nov 15, 2005
    aaxxeell, Nov 15, 2005
    #6
  7. maukka81

    maukka81 Member

    Joined:
    Nov 14, 2005
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    ja poistakko tämän pitkän turhan lokin!

    Miten se onnistuu?...
     
    maukka81, Nov 15, 2005
    #7
  8. aaxxeell

    aaxxeell Regular member

    Joined:
    Jul 28, 2005
    Messages:
    2,145
    Likes Received:
    0
    Trophy Points:
    46
    paremmin sanoen muokkaat sen sillain ettei häiritse kun ei voi poistaa.
    Eli tuolla oikealla puolella on tuollainen:
    [​IMG]
    Siittä muokkaat sen pois...
     
    aaxxeell, Nov 15, 2005
    #8
  9. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    EDIT: aaxxeell oli nopeampi :)
     
    Last edited: Nov 16, 2005
    -kemisti-, Nov 15, 2005
    #9
  10. maukka81

    maukka81 Member

    Joined:
    Nov 14, 2005
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    16
    Ajoin escan:in läpi ja ei löytynyt enään mitään, et kyl varmaan nyt on kone puhdas. ei ainakaan mainokset pompi enään...

    Kiitoksia vaan....
     
    maukka81, Nov 16, 2005
    #10

Share This Page