Okay, I didn’t see so many trojans since my last encounter with Vundo… It was all over the place…
Here’s the log:
CmdLine - quick
aswBoot.exe /A:“" /L:“Romanian” /KBD:2
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=D:\Program Files\Alwil Software\Avast4\DATA
PROG=D:\Program Files\Alwil Software\Avast4
BUILD=1335
Microsoft Windows XP Service Pack 3
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
cmnbInit
SetFolders
SetFolders end
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"” /L:“Romanian” /KBD:2
CmdLine end
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,52,00,6F,00,6D,00,61,00,6E,00,
69,00,61,00,6E,00,22,00,20,00,2F,00,4B,00,42,00,
44,00,3A,00,32,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
NtSetEvent(g_hInitEvent) - 1
InitKeyboard
g_dwKbdNum: 2
s_dwKbdClassCnt: 2
InitKeyboard end
FreeMemory: 713060352
avworkInitialize
NtSetEvent(g_hInitEvent) - 2
GetKey
FreeMemory: 635953152
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *RAW:C:\ [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *RAW:D:\ [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *RAW:E:\ [Fs: 000700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
CKbBuffer::Get
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (11): 1
CKbBuffer::Get
0, 2, 1, 0, 0
0, 2, 0, 0, 0
GetKey end (1/31)
CKbBuffer::Put
CKbBuffer::Put end
GetKey
CKbBuffer::Get end
WaitForKeys (4): 1
0, 2, 1, 0, 0
I don’t know how it will help since I don’t get a thing but it resolved almost all my problems, except one… A file in Temp called “5t34my.bat” that tries to start everytime I start Windows. And also at start-up I noticed that Calculator starts 3 times, but I don’t start it…
EDIT: The 5t34my.bat was tested for about 4 times, no virus…