Miten saan nämä kiusalliset spywaret pois ?

winxp, kiitos sullekin.

Ehdin jo sanoa, että online scannitkin on nyt tehty, mutta eipä olekaan kokonaan (ja ohjeessahan luki, että vähintään kaksi niistä tulisi pyörittää). Miten kauan noiden online scannien tulisi kestää? Bit Defender pyöri ja pyöri mulla (yli yön), lopulta suljin sen. No Trend Micro sentään skannasi koneen, mutta päästyään recover-vaiheeseen tämä jatkui ja jatkui ja lopulta äsken huomasin herättyäni, että näiden pöpöjen takia ei enää ollakaan edes online (niin, siis yhteyshän pätkii n. vuorokauden välein noiden juttujen takia), joten ei paljon taida enää recoveroida.

Taidanpa siis jatkaa harjotuksia noista muista ohjeista.

 

Näköjään vieläkin jotain ryönää, jonka kyllä piti olla jo poissa... mutta vähän parannusta kuitenkin.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:36, on 10.7.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uta.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.jyu.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [wnddrv] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106171493075
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\mjtask.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Jaa oli näköjään vielä tuo yksi jäänyt hoksaamatta.

Skannaa hjt vikasietotilassa ja fixaa:

O4 - HKLM\..\Run: [wnddrv] C:\WINDOWS\svchost.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\mjtask.dll

Poista tämä tiedosto
C:\WINDOWS\system32\ -> mjtask.dll <-

Boottaa. Alkaiskohan jo oleen puhdasta.

 

Sen yhden .dll-tiedoston poistinkin jo, mutta jostain syystä tuolla se vaan kekkuloi silti. Mutta täytyy yrittää vielä.

Anyway, kone toimii jo, ei ole ainakaan tullut enää mitään aurareco-pyyntöjä tms. tämän päivän aikana Jotenka kiitos ja kumarrus

 

Plaah. Ei pitäisi nuolaista ennen kuin tipahtaa. No ei tule enää niitä pyyntöjä Nortonille eikä mitään muutakaan näkyvää häikkää, mutta nettiyhteys (tai pikemminkin webbiyhteys) ei kyllä toimi edelleenkään n. vuorokauden kuluttua yhteyden kytkemisestä, vaan siinä vaiheessa tulee nimipalvelimen kanssa ilmeisesti jokin ongelma ja se sitten siitä. Sitten buuttaus ja homma toimii taas. Ja taas vuorokausi... Eli eipä tuota välttämättä edes huomaisi, jos konetta kerran vuorokaudessa sulkisi, mutta kun aina ei tule niin tehtyä, niin on huomannut, että jotain on pielessä.

Tämän puhtaampaa tästä ei nyt tunnu tulevan:

Logfile of HijackThis v1.99.1
Scan saved at 21:20:16, on 12.7.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uta.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/fi/fin/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.jyu.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1106171493075
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\mjtask.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod-palvelu (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

Laita piilotiedostot näkyviin
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

Nuo sinne vielä jäi, koitas fixata uudelleen VIKASIETOTILASSA.
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\mjtask.dll

Poista tuo
C:\WINDOWS\system32\===>mjtask.dll<===

Normaalikäynnistys ja uusi loki

Edit: Tämähän olikin jo tehty, mutta koita kuitenki uudelleen.

 

Niin, noihan sinne jäi, kun ei ne vaan lähde, vaikka kuinka fixais vikasietotilassa. Mutta yritetäänpä vielä...

 

Joo, en onnistu noita saamaan pois. Yritin Killboxillakin saada tuota mjtask.dll:iä pois, mutta sanoo, että kys. tiedostoa ei voi tuhota. Mitäs sit tehtäis? Vai buuttaanko konetta vaan vuorokauden välein?

 

Laitoitko KillBoxilla rastin kohtaan Delete on reboot?

 

Tuosta mjtask.dll:stä ei pahemmin tietoa irronnu, mutta ei tuo "pahan alku" näyttäydy todennäköisesti noissa. Koneella on aikas varmasti joku downloader mikä saastuttaa sen aina uudelleen. En huomannu et olis poisteltu väliaikaisia tiedostoja missään vaiheessa. Kannattaa koittaa seuraavat:

Väliaikaset tiedostot veks:

IE:stä klikkaa työkalut -> internet asetukset -> poista tiedostot -> ruksi "poista kaikki offline sisältö" -> Ok. Suorita parikolme kertaa, ei ekalla välttämättä poistu kunnolla.

Jos kone muuten toimii ni vanhat järjestelmänpalautuksen tiedostot veks:

1. Valitse Oma tietokone (klikkaa oikealla).
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen

Skannaa kone nyt läpi ja laita Järjestelmän palautus päälle samoin ku otit sen pois (eli ruksi veks 4. kohdasta).

Ja tuosta mjtask.dll:stä kannattaa ottaa mielipide myös Symantec:lta:

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031615501306

 

Kun Killboxista ruksii sen reboot-kohdan, ilmestyy seuraava teksti ennen kuin kone edes buuttaa:

"Pending file rename operations registry data has been removed by external process!" ja se siitä sitten eli mitään ei sen enempiä tapahdu, buuttaus jää sikseen.

Vellipaa, on tyhjätty moneen otteeseen IE:n välimuisti. Ja tein nyt tuon toisenkin jutskan, jonka sanoit. Mutta joku tässä nyt varmaan vielä vaan mättää...

Edit: sattumoisin muuten vähän aikaa sitten tilasin vuosittaisen liveupdate-"päivitykseni" Nortoniin ja äsken aktivoituani sen, Norton ilmoitti, että koneellani on 'task scheduling servicen' kanssa ongelma, mikä voi aiheuttaa sen, että Nortonin LiveUpdate ei toimi kunnolla. Tämä varmaankin liittyy jotenkin tähän tässä threadissa pähkäiltyyn ongelmaan.

 

Tarkistetaan vielä mitä Jotti sanoo tästä
C:\WINDOWS\system32\mjtask.dll

Scannaa se tällä
http://virusscan.jotti.org/


Hae DllCompare
http://www.downloads.subratam.org/DllCompare.exe

Aukaise se ja klikkaa -Run Locate.com- kohtaa
Sitten klikkaa -Compare- ja odota että scannaus valmistuu.
Sitten klikkaa -Make Log of what was found-.

Sitten kopioi alla oleva teksti muistioon(notepadiin)

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt

Tallenna se työpöydälle nimellä Appinit.bat
Tallennusmuodoksi valitse kaikki tiedostot.

Sitten klikkaa sitä Appinit.bat:ia työpöydällä
ja ulos tulee windows.txt logi.

Laita tänne ne molemmat lokit, sekä mitä Jotti kertoi mjtask.dll:stä

 

Jotti:

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

DLLCompare:

"* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!"

Toi Appinit.bat-homma sitten. Siitä tuli kyllä sellaista lokia, ettei ottanut mitään selvää, koska muutamia sanoja, mutta pääosin laatikoita ja ÿÿÿÿ jne. Eli jotain tein väärin?

 

Oikein se varmaan meni, sellaista siansaksaa se yleensä pukkaa mutta sieltä ei nähtävästi apuja kuitenkaan löydy. Etsintä jatkuu...
Hae Startdreck

http://www.niksoft.at/_data/startdreck.zip

Pura Startdreck OMAAN KANSIOON ja avaa se
Paina 'Config'
Paina 'Unmark All'
Laita merkki noihin ruutuihin
Registry = Run Keys
System/Drivers = Running processes
Paina Ok
Paina Save
Kansioon ilmestyi Startdreck.log, kopioi sisältö ja laita tänne.

 

Heh heh. Nyt meni yli meikäläiseltä

Odotan mielenkiinnolla tilaanteen edistymistä.

[bold] @ Nipsu [/bold]

Älä luovuta (= Format C
Jos nuo örkit on sitkeitä, niin on Toymaattikin

 

Hahhah, joo, täytyy yrittää vielä vaan, oli tossa viikonloppu vaan välissä, niin ei oikein jaksanut keskittyä. Mutta palailen kohta asiaan...

 

Miksköhän en pääse katsomaan tämän ketjun 2 sivua, tulee muutama virusilmoitus ja väittää että pääsy evätty tähän tiedostoon ? ja virus on bloodhound Exploit6 ???

 

StartDreck (build 2.1.7 public stable) - 2005-07-18 @ 18:02:47 (GMT +03:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as x x at x

»Registry
»Run Keys
»Current User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\ctfmon.exe
*LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*DVDSentry=C:\WINDOWS\System32\DSentry.exe
*AdaptecDirectCD="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*URLLSTCK.exe=C:\Program Files\Norton Internet Security\UrlLstCk.exe
*zBrowser Launcher=C:\Program Files\Logitech\iTouch\iTouch.exe
*EM_EXEC=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
*CnxDslTaskBar="C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe"
*Mirabilis ICQ=C:\PROGRA~1\ICQ\ICQNet.exe
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
+OptionalComponents
+MSFS
+MAPI
+MAPI
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+392=\SystemRoot\System32\smss.exe
+484=<unkown>
+512=\??\C:\WINDOWS\system32\winlogon.exe
+676=C:\WINDOWS\system32\services.exe
+688=C:\WINDOWS\system32\lsass.exe
+852=C:\WINDOWS\system32\svchost.exe
+876=C:\WINDOWS\System32\svchost.exe
+988=<unkown>
+1048=<unkown>
+1128=C:\WINDOWS\system32\rundll32.exe
+1256=C:\WINDOWS\system32\spoolsv.exe
+1356=<unkown>
+1376=C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
+1396=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1436=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+1500=C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
+1544=C:\WINDOWS\System32\nvsvc32.exe
+1608=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
+1644=C:\WINDOWS\System32\svchost.exe
+1656=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
+1704=<unkown>
+1796=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+416=C:\WINDOWS\Explorer.EXE
+588=C:\WINDOWS\System32\DSentry.exe
+596=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
+612=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+792=C:\Program Files\TeleWell\TW-EA100B ADSL USB\CnxDslTb.exe
+904=C:\Program Files\iTunes\iTunesHelper.exe
+936=C:\Program Files\QuickTime\qttask.exe
+952=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+968=C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
+920=C:\WINDOWS\System32\ctfmon.exe
+996=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
+1028=C:\Program Files\MSN Messenger\MsnMsgr.Exe
+1196=C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
+2268=C:\Program Files\iPod\bin\iPodService.exe
+2376=C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
+2624=C:\Program Files\Messenger\msmsgs.exe
+3556=C:\PROGRA~1\ICQ\ICQ.exe
+3756=C:\WINDOWS\System32\wuauclt.exe
+3564=C:\Program Files\startdreck217\StartDreck.exe
+3896=C:\Program Files\Internet Explorer\iexplore.exe
»Application specific

 

Ei siinäkään näy mitään ylimääräistä?? Oletko muuten scannannut eScanilla?
http://koti.mbnet.fi/pattaya1/escanmwav.htm

Dietka, bloodhound Exploit6 on hieman yliherkän Nortonin harhanäky

 

Hetkoinen pienoinen, kohta logia...

No, nyt löytyi jotain ryönää escanilla, tässä virus log filea (joka ei näytä kovin kauniilta... ihan kuin ikinä ei olisi käytetty Ad-Awarea tms.):

File C:\WINDOWS\NDNuninstall6_38.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\WINDOWS\woinstall.exe tagged as not-a-virus:AdWare.EZula.ak. No Action Taken.
File C:\WINDOWS\System32\dhusic.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\guard.tmp tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\iaircl.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\opbc32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\System32\oybccp32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Documents and Settings\x x\Local Settings\Temp\GL_6FE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\x x\Local Settings\Temp\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\x x\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXKZWZ8J\wow[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\x x\Local Settings\Temp\__unin__.exe tagged as not-a-virus:AdWare.Altnet.b. No Action Taken.
File C:\Documents and Settings\x x\Omat tiedostot\easterchickswal.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Documents and Settings\x x\Omat tiedostot\scanms.exe tagged as not-a-virus:NetTool.Win32.MS-DCOM. No Action Taken.
File C:\Documents and Settings\x x\Suosikit\Mp3 - prímé stažení.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Program Files\DVD2SVCD\D2SRoBa360.exe tagged as not-a-virus:Tool.Win32.Processor.20. No Action Taken.
File C:\Program Files\FileSubmit\Easter Chicks\NNEZTX638.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken.
File C:\Program Files\mirc61.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06A00475 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06AE035B tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0C747EE5 infected by "Trojan.WinREG.StartPage" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D2F68E8 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0D3212E4 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0EA6347B infected by "Backdoor.Win32.Agent.bg" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0FC15517 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10EF0FF7 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10F239F4 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10F563F0 tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10FC37E9 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\10FF61E5 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\112C1502 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12304074 tagged as not-a-virusorn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12D677EC tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\162F3B0B infected by "Trojan-Spy.Win32.Briss.g" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\171973F9 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DC17C73 infected by "Trojan-Downloader.Win32.Small.apf" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1EFF6C7C tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1F6C63E5 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2228715D infected by "Trojan-Downloader.Win32.Swizzor.cw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25BC1D65 infected by "Trojan-Downloader.Win32.Swizzor.i" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\277148DE.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2A9044E7 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2B27610D tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2BAB7AF3 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CC900FD.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2D817A2D.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2DBB141F.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\305471E2 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\310668B4.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\34C018C8 infected by "Trojan-Downloader.Win32.Swizzor.i" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\380C646E tagged as not-a-virus:AdWare.WinAD.f. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\38EB5924 tagged as not-a-virus:AdWare.ToolBar.Comet.b. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39EB5C3F tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3EF74DC0.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F2C366A tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40D82676 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40E32A21.class infected by "Trojan.Java.Femad" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\414B0255.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\421A6167 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\464C0866 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\47864B3F.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51697013.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\516D1A0F.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\559A3C05 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56990BFD tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57F91E73 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\623425A9 tagged as not-a-virus:AdWare.Suggestor.g. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63895A72 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\64E4744E tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\65E31CF3 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\67182C31 infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\671C562E infected by "Trojan-Downloader.Win32.Agent.eq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\677745C1 tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E3F26B1 infected by "Trojan-Downloader.Win32.Swizzor.cw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E5D1A3A tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E9717BD tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71822CC9 tagged as not-a-virus:AdWare.BetterInternet. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\744B2489 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77EB5B35.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\782A16BF.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78995CA4 infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79C6724D tagged as not-a-virus:AdWare.FunWeb.a. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7A8C0A43 tagged as not-a-virus:AdWare.WinAD. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7ED0553C tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000153.exe infected by "Backdoor.Win32.Agent.bg" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000154.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000155.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000156.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000157.dll tagged as not-a-virus:AdWare.Suggestor.g. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000158.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000159.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000160.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000161.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000162.exe tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000163.exe tagged as not-a-virus:AdWare.MDH.a. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000164.exe tagged as not-a-virusorn-Dialer.Win32.ALifeDialer. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000165.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000166.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000167.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000168.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000169.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000170.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000171.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000172.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000173.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000174.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000175.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000176.exe tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000177.DLL tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP2\A0000190.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP5\A0000492.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\System Volume Information\_restore{072817DA-89F3-4694-B497-2DFF32439BBF}\RP5\A0000508.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\Vanhat\D-asema\mirc61.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.61. No Action Taken.
File C:\Vanhat\D-asema\startmagr.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\PopularScreenSaversInitialSetup1.0.0.8.exe tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as not-a-virus:AdWare.NewDotNet. No Action Taken.
File C:\WINDOWS\SYSTEM32\dhusic.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\guard.tmp tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\iaircl.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\opbc32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\SYSTEM32\oybccp32.dll tagged as not-a-virus:AdWare.Look2Me.ag. No Action Taken.
File C:\WINDOWS\woinstall.exe tagged as not-a-virus:AdWare.EZula.ak. No Action Taken.

Ja erroreita n kappaletta, tässä nyt murto-osa (humanisti ei osannut poimia vain error-rivejä logista):

Mon Jul 18 18:59:18 2005 => ERROR!!! Invalid Entry System32\DRIVERS\intelppm.sys in SYSTEM\CurrentControlSet\Services\intelppm...
Mon Jul 18 18:59:38 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WIADEBUG.LOG
Mon Jul 18 18:59:38 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WIASERVC.LOG
Mon Jul 18 18:59:38 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
Mon Jul 18 18:59:47 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\System32\CnxDslWz.log
Mon Jul 18 19:00:24 2005 => ERROR!!! ScanFile fails for C:\WINDOWS\System32\mjtask.dll
Mon Jul 18 19:01:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Network\DOWNLO~1\qmgr0.dat
Mon Jul 18 19:01:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\Network\DOWNLO~1\qmgr1.dat
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Confid.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Content.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Privacy.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\Restrict.log
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\settings.dat
Mon Jul 18 19:01:25 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\COMMON~1\WebHist.log
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\Cookies\INDEX.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\SIVUHI~1\History.IE5\INDEX.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\Content.IE5\INDEX.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\NTUSER.DAT
Mon Jul 18 19:02:23 2005 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\NTUSER~1.LOG