viirus ongelma...

nyt löyty ton avulla toi troijalainen viirus.

 

Joo o no laita ihan suosiolla HJT logi tänne toi lop bari on aika varmasti siellä..

 

sitku toi scannaus on valmis ni poistaako se noi kaikki koneelt jos painan ok ???

 

Laita se koko tulos tänne tai siis logi..

 

mikä toi on ku en tiiä näist mitään HJT logi??

 

ok sitku se on scannannu

 

http://koti.mbnet.fi/pattaya1/hijackthis.htm ton ohjeen mukaan logi tänne.

 

Laita se eScanin tulos tänne!

 

siis anna sen hijack this sen login kaikki?

 

Se kun painat Save log niin sen muision sisältö..

 

Logfile of HijackThis v1.98.2
Scan saved at 21:06:02, on 21.6.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN PLUS\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\condition zero\steam\steam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Miika\Omat tiedostot\viirus scannaus\mwavscan.com
C:\Documents and Settings\Miika\Omat tiedostot\viirus scannaus\kavss.exe
C:\Documents and Settings\Miika\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jippii.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN PLUS\MsgPlus.exe"
O4 - HKLM\..\Run: [sect enc plan ooze] C:\Documents and Settings\All Users\Application Data\Log Memo Sect Enc\trust window.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Steam] "d:\condition zero\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN PLUS\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

EEK vanhempi versio uusin on v1.99.1 http://www.majorgeeks.com/download3155.html
Laita se tuon vanhan paikalle Muokkaa viestiä napista
Varaudu jo mese plussan poistoon.

 

mno onko nois jutuis mitään hämärää ja koht saat ton scannauksen kaikki logit ..mä poista ton vanhemman hicak shis tuolt ohjauspaneelist ja sit asennan ton toisen enhän mä nyt tommost hijack this osaa käyttää

 

Sää et sitä löydä ohjauspaneelista sun pitää vaan korvata se uudemmalla se HijackThis.exe

 

File C:\DOCUME~1\ALLUSE~1\APPLIC~1\LOGMEM~1\TRUSTW~1.EXE tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Log Memo Sect Enc\trust window.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\Miika\Application Data\16stupidfile\eiolbeoc.exe tagged as not-a-virus:AdWare.Lop.p. No Action Taken.
File C:\Documents and Settings\Miika\Local Settings\Temp\temp.fr95B8 tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\C2Media\Setup.exe tagged as not-a-virus:AdWare.Lop. No Action Taken.
File C:\Program Files\divx\DivXPro503GAINBundle.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\MyTotalSearch\bar\1.bin\MTSOEMON.EXE_tobedeleted tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\MyTotalSearch\bar\2.bin\MTSBAR.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\MyTotalSearch\bar\3.bin\F3CJPEG.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\MyTotalSearch\bar\3.bin\F3SCRCTR.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\MyTotalSearch\bar\3.bin\MTSOEMON.EXE tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\MyTotalSearch\bar\3.bin\MTSOEPLG.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\Program Files\NoNameScript\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
File C:\Program Files\NoNameScript\mirc616.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.16. No Action Taken.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\25.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2A.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2B.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2C.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2D.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2E.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\2F.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\30.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\31.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\32.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\34.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\35.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\36.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\37.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\A81.tmp infected by "Trojan-Downloader.Win32.Swizzor.ck" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP251\A0198114.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP251\A0198115.EXE tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP251\A0198117.DLL tagged as not-a-virus:AdWare.ToolBar.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP253\A0202313.exe tagged as not-a-virus:AdWare.Lop.m. No Action Taken.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP254\A0203444.exe infected by "Trojan-Downloader.Win32.Swizzor.ca" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP254\A0203445.exe infected by "Trojan-Downloader.Win32.Swizzor.cb" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{4D4001B8-42CB-4AC1-93F3-4A38096DE5FB}\RP254\A0203446.exe infected by "Trojan-Downloader.Win32.Swizzor.bo" Virus. Action Taken: File Deleted.

SIIN ON NOI KAIKKI MITÄ LÖYTY ELI MITEN POISTAN NE???
morskuu mihis katosit DD

 

File Deleted. Meinaa sitä että ne on poistettu.

Edit:vielä se uudemman hijackthisin logi kiitos..
Edit2:voisit buutata koneenkin..

 

Logfile of HijackThis v1.99.1
Scan saved at 21:51:05, on 21.6.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\MSN PLUS\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\condition zero\steam\steam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jippii.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fi\msnappau.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN PLUS\MsgPlus.exe"
O4 - HKLM\..\Run: [sect enc plan ooze] C:\Documents and Settings\All Users\Application Data\Log Memo Sect Enc\trust window.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Steam] "d:\condition zero\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN PLUS\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Anti-Virus\fswsclds.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

 

niin voisitko neuvoo sen verran et mitä mä tuolt lataan tuolt sivuilt???
vittu mä en tajuu miks toi pc-cillin löytää aina vaan ton troijalaisen???mä latasin nyt sielt ton registry mechanic et mitä muuta tuolt pitää ottaa et se mywebsearch poituu??

 

Hijackthis oikeaan paikkaan. C:\hjt\hijackthis.exe

Liittyisköhän tuo ongelmaan? Todennäköisesti.

04 - HKLM\..\Run: [sect enc plan ooze] C:\Documents and Settings\All Users\Application Data\Log Memo Sect Enc\trust window.exe

Mäsä plussa sulla näyttäis kans olevan. Suosittelen poistamaan.

 

mulha on toi hjt tuol c:/program files