[margus645]

Selline probla siis ,et arvutisse on sattunud mingisugune Virtumonde.fp.ning vtunnnli.dll on sellega nakatunud nüüd.nod32 ütleb,et peale restart cleaned by deleting(after next restart)-guarantined kuigi restarte on juba omajagu tehtud.proovisin ka undlliga seda nakatunud dlli fixida kuid abi sellest ei ole.mis muidugi kõigeparem ,et enne resa või shutdowni viskab kenasti bsodi ka ette.on kellelgi aimu mida teha tuleks?

[Tiim]

mine safe modega sisse ja siis lase uuesti skänniga üle...tavaliselt win. neid kaustu/faile kustutada ei lase mida win ise hetkel kasutab.

[Lord Ami]

http://www.atribune.org/ccount/click.php?id=4
http://www.arvutikaitse.ee/?p=665
Skänni nendega läbi ja eemalda leitud objektid.

[margus645]

sain vist sellest jamast lahti kuid selle tõttu on nüüd mingid dll-id kadunud

[Lord Ami]

Tee HJT logi:
http://taimar.pri.ee/spyware/hjt.php

[margus645]

Viirus tundub kaval olevat,kui mingid filed puhtad siis juba on ta nakatanud midagi muud.neid kadunud dll oleks vaja ka kuidagi tagasi saada.olen kaalunud ka wini uuesti peale panekut kuid kuram alles sai seda ju tehtud

[XYZ]

sfc /scannow

[margus645]

ei aidanud ka scan now.sellest viirusest ei saakski nagu lahti.nüüd restarti tehes on kohe bluescreen ees.annab mingisuguse veateate ka
0x00000019(0x00000020,0x89ee5e28,0x89ee6c88,0x0bcc1dd8)

[Lord Ami]

[XYZ]

veateate tüüpseletus on, et mingi draiver on vigane/pole laetav

[margus645]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05:18, on 11.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\Diamondback\razertra.exe
C:\Program Files\Razer\Diamondback\razerofa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0d7b72fc-93f9-4a3b-8dc9-f852822a6aa0} - (no file)
O2 - BHO: (no name) - {0e4a4144-238d-48fe-9d42-7be79eed48bb} - (no file)
O2 - BHO: (no name) - {3e14c911-5924-48c4-90de-ac4eb9029dc8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8213e5be-2b99-4985-9ebe-ae7653c49388} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {cd73603b-5348-aeeb-b654-aef9223136f9} - {9f631322-9fea-456b-beea-8435b30637dc} - C:\WINDOWS\system32\chnfyxde.dll (file missing)
O2 - BHO: (no name) - {A8A01C66-D6F9-4F92-91E6-24CB17A5BA2A} - C:\WINDOWS\system32\vtUnnnli.dll (file missing)
O2 - BHO: (no name) - {a93fe147-252b-4f72-b7dc-b474185e2912} - (no file)
O2 - BHO: (no name) - {f98d188f-8f68-4ace-aa35-6487f8a82b17} - (no file)
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [fc452ab2] rundll32.exe "C:\WINDOWS\system32\qxhugeen.dll",b
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%%%.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [BMff76192e] Rundll32.exe "C:\WINDOWS\system32\eenkqnit.dll",s
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{A82F1~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A82F1~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup2] C:\PROGRA~1\INSTAL~1\{4D8AA~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{4D8AA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{A82F1~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A82F1~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup4] C:\PROGRA~1\INSTAL~1\{32903~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{32903~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup3] C:\PROGRA~1\INSTAL~1\{A82F1~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A82F1~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup5] C:\PROGRA~1\INSTAL~1\{0E5AA~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{0E5AA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup6] C:\PROGRA~1\INSTAL~1\{6BF90~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{6BF90~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup7] C:\PROGRA~1\INSTAL~1\{A82F1~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A82F1~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup8] C:\PROGRA~1\INSTAL~1\{B8DA9~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{B8DA9~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup9] C:\PROGRA~1\INSTAL~1\{D8A54~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{D8A54~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup10] C:\PROGRA~1\INSTAL~1\{18F11~1\SETUP.EXE -rebootC:\PROGRA~1\INSTAL~1\{18F11~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [CTPostBootSequencer] "C:\WINDOWS\TEMP\CTPBSeq.exe" /reglaunch /self_destruct
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifgfuno - C:\WINDOWS\
O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (ctaudsvcservice) - Unknown owner - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (file missing)
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA (pnkbstra) - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8953 bytes

[Lord Ami]

Pane linnuke ette HJT-s ja fixi järgmised:
O2 - BHO: (no name) - {0d7b72fc-93f9-4a3b-8dc9-f852822a6aa0} - (no file)
O2 - BHO: (no name) - {0e4a4144-238d-48fe-9d42-7be79eed48bb} - (no file)
02 - BHO: (no name) - {3e14c911-5924-48c4-90de-ac4eb9029dc8} - (no file)
02 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8213e5be-2b99-4985-9ebe-ae7653c49388} - (no file)
02 - BHO: {cd73603b-5348-aeeb-b654-aef9223136f9} - {9f631322-9fea-456b-beea-8435b30637dc} - C:\WINDOWS\system32\chnfyxde.dll (file missing)
02 - BHO: (no name) - {A8A01C66-D6F9-4F92-91E6-24CB17A5BA2A} - C:\WINDOWS\system32\vtUnnnli.dll (file missing)
O2 - BHO: (no name) - {a93fe147-252b-4f72-b7dc-b474185e2912} - (no file)
O2 - BHO: (no name) - {f98d188f-8f68-4ace-aa35-6487f8a82b17} - (no file)
O4 - HKLM\..\Run: [fc452ab2] rundll32.exe "C:\WINDOWS\system32\qxhugeen.dll",b
O4 - HKLM\..\Run: [BMff76192e] Rundll32.exe "C:\WINDOWS\system32\eenkqnit.dll",s
O20 - Winlogon Notify: iifgfuno - C:\WINDOWS\
O20 - Winlogon Notify: wlctrl32 - C:\WINDOWS\


Imelikud on ka need:
O4 - HKLM\..\RunOnce: [InstallShieldSetup2] C:\PROGRA~1\INSTAL~1\{4D8AA~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{4D8AA~1\reboot.ini -l0x9
Ma ei tea mis need on, aga vist võib need ka fixida.

[margus645]

no jah tegin restardi peale seda ja ette lendas selline jura.irql_not_less_or_equal.

[Lord Ami]

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/6077.mspx?mfr=true
http://www.tweaksforgeeks.com/IRQL_NOT_LESS_OR_EQUAL.html

[margus645]

No jah se lugu on ikka täitsa pepus.viimane veateade ei ole enam selline paranda kiiresti ja lihtsalt