*********************************************
[i]2008-12-09:
Tråden är nu låst eftersom problemet är löst
Tycker du att den är felaktigt låst, var god kontakta
Malou
*********************************************
hej!
Trojan Vundo är så j**** jobbig.
Har kört att ta bort den med Vundodix, funkade inte, testade andra spyware programm funkade inte heller. Kan nån hjälpa mig att ta bort denna tråkiga viruset?
Tack
16 svar i den här tråden
#2
Mickilina
-
- Moderator
-
- 1 303 inlägg
Skrivet 05 december 2008 - 21:37
Hej AtaPulja!
Flyttade din tråd där du lättare kan få hjälp!
Läs Malous instruktioner: http://www.alltomxp....p?topic=13158.0
Lägg sedan här på din tråd en TrendMicro HijackThis-logga.
Häls Mickilina
Flyttade din tråd där du lättare kan få hjälp!
Läs Malous instruktioner: http://www.alltomxp....p?topic=13158.0
Lägg sedan här på din tråd en TrendMicro HijackThis-logga.
Häls Mickilina
Stationär: Win XP Home ver 2002, SP3, Intel® Celeron® CPU 2.80GHz, Realtek AC97 Audio, RAM 1,5 GB, Samsung SP0812N 75 GB, WDC WD2500YS-01SHB0 240 GB, FIC P4M-865G
Laptop: Vista Home Premium x32, SP1, AMD Sempron SI-40 2,00 GHz, Ljudkort Sound Blaster Pro, RAM 2,0 GB, DDR II, Hårddisk -Typ SATA 5400 rpm -Storlek 160 GB, NVIDIA GeForce 8200M G
Laptop: Vista Home Premium x32, SP1, AMD Sempron SI-40 2,00 GHz, Ljudkort Sound Blaster Pro, RAM 2,0 GB, DDR II, Hårddisk -Typ SATA 5400 rpm -Storlek 160 GB, NVIDIA GeForce 8200M G
#3
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 18:54
Hej!
Här kommer logga;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:37, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:ProgramSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisHijackThis.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O2 - BHO: (no name) - {fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} - C:WINDOWSsystem32hozifofe.dll
O4 - HKLM..Run: [CPMf3016e4d] Rundll32.exe "c:windowssystem32fotowuta.dll",a
O4 - HKLM..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:windowssystem32zurolehe.dll c:windowssystem32fotowuta.dll,C:WINDOWSsystem32juwufajo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fotowuta.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fotowuta.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
Här kommer logga;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:37, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:ProgramSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisHijackThis.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O2 - BHO: (no name) - {fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} - C:WINDOWSsystem32hozifofe.dll
O4 - HKLM..Run: [CPMf3016e4d] Rundll32.exe "c:windowssystem32fotowuta.dll",a
O4 - HKLM..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:windowssystem32zurolehe.dll c:windowssystem32fotowuta.dll,C:WINDOWSsystem32juwufajo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fotowuta.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fotowuta.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
#4 Malou
Malou
-
- Gäster
Skrivet 06 december 2008 - 19:09
Hej AtaPulja!
Du har inte döpt om filen som det rekommenderas i instruktionen som Mickilina hänvisade till
C:ProgramTrend MicroHijackThisHijackThis.exe
Vänligen Läs/Följ information/instruktioner m.m som finns att hitta på nedanstående sida:
=> Trend Micro HiJack This (Nerladdning/Instruktioner):
Gör INGEN ny scanning med TM HJT förrän du blir ombedd att göra så.
Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:
Läs/Följ instruktionerna noga:
Hämta hem Malwarebytes Anti-Malware:
http://www.malwarebytes.org/index.php
1: Spara installationsfilen till skrivbordet
2: För att påbörja installationen dubbelklicka på mbam-setup.exe
3: Bocka för nedanstående
Uppdatera Malwarebytes' Anti-Malware
Starta Malwarebytes' Anti-Malware
4: Klicka på Slutför
Om där finns uppdateringar kommer dessa att installeras.
Då ovanstående är gjort gå vidare med nedanstående procedur:
1: När programmet startar så välj Utför snabb scanning
2: Klicka på knappen Scanna
3: Scanningen kommer nu att ta en stund
3: När programmet scannat klart klicka Ok och sedan Visa resultat
4: Bocka för allt och klicka på Remove Selected
5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
OBS: Starta ingen ny tråd i ämnet utan fortsätt posta här i din tråd
MVH/Malou
Du har inte döpt om filen som det rekommenderas i instruktionen som Mickilina hänvisade till
C:ProgramTrend MicroHijackThisHijackThis.exe
Vänligen Läs/Följ information/instruktioner m.m som finns att hitta på nedanstående sida:
=> Trend Micro HiJack This (Nerladdning/Instruktioner):
Gör INGEN ny scanning med TM HJT förrän du blir ombedd att göra så.
Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:
Läs/Följ instruktionerna noga:
Hämta hem Malwarebytes Anti-Malware:
http://www.malwarebytes.org/index.php
1: Spara installationsfilen till skrivbordet
2: För att påbörja installationen dubbelklicka på mbam-setup.exe
3: Bocka för nedanstående
Uppdatera Malwarebytes' Anti-Malware
Starta Malwarebytes' Anti-Malware
4: Klicka på Slutför
Om där finns uppdateringar kommer dessa att installeras.
Då ovanstående är gjort gå vidare med nedanstående procedur:
1: När programmet startar så välj Utför snabb scanning
2: Klicka på knappen Scanna
3: Scanningen kommer nu att ta en stund
3: När programmet scannat klart klicka Ok och sedan Visa resultat
4: Bocka för allt och klicka på Remove Selected
5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
OBS: Starta ingen ny tråd i ämnet utan fortsätt posta här i din tråd
MVH/Malou
#5
MrO
-
- Medlem
-
- 377 inlägg
Svenska Spywarehunters Teamet
Skrivet 06 december 2008 - 19:38
Hej Malou! Vill bara informera dig om att länken till malewarebytes inte fungerar längre/ Mvh MrO
ps denna funkar http://www.malwarebytes.org/
ps denna funkar http://www.malwarebytes.org/
#6
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 19:40
Ok, här kommer ny logga;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:49, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:ProgramSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisAtaPulja.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O2 - BHO: (no name) - {fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} - C:WINDOWSsystem32hozifofe.dll
O4 - HKLM..Run: [CPMf3016e4d] Rundll32.exe "c:windowssystem32zurolehe.dll",a
O4 - HKLM..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:windowssystem32zurolehe.dll c:windowssystem32fotowuta.dll,C:WINDOWSsystem32juwufajo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32zurolehe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32zurolehe.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
--
End of file - 3354 bytes
____________________________________________________________________________________
Här är logga efter att jag har scannat med programmet Malwarebytes Anti-Malware:
Malwarebytes' Anti-Malware 1.31
Databasversion: 1456
Windows 5.1.2600 Service Pack 3
2008-12-06 19:37:45
mbam-log-2008-12-06 (19-37-45).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 71429
Förfluten tid: 13 minute(s), 30 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 5
Infekterade registernycklar: 16
Infekterade registervärden: 9
Infekterade registerdataposter: 7
Infekterade mappar: 2
Infekterade filer: 99
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
C:WINDOWSsystem32hozifofe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32sapahore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32juwufajo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32zurolehe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32fotowuta.dll (Trojan.BHO) -> Delete on reboot.
Infekterade registernycklar:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{54c7d1dd-4296-451e-b756-1e94f665b4ff} (Spyware.Graball) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWARETrymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftinstkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Delete on reboot.
Infekterade registervärden:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncpmf3016e4d (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunreyoromufo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadssodl (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrhcroej0e54p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.
Infekterade registerdataposter:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32juwufajo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32juwufajo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32juwufajo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32zurolehe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32zurolehe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.BHO) -> Data: c:windowssystem32fotowuta.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.BHO) -> Data: system32fotowuta.dll -> Delete on reboot.
Infekterade mappar:
C:ProgramWMVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceApplication Datawsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
Infekterade filer:
C:WINDOWSsystem32driqpvnv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vnvpqird.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32nipavuyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32oyuvapin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qkkppgfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ufgppkkq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ssknbxux.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32xuxbnkss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vilwookq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qkoowliv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32zujawaro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32orawajuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:WINDOWSsystem32zurolehe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32sapahore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32hozifofe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32juwufajo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32fotowuta.dll (Trojan.BHO) -> Delete on reboot.
C:WINDOWSsystem32ikwosllc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32Driversirldalwz.dat (Rootkit.Agent) -> Delete on reboot.
C:WINDOWSTempTMP1F5.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemppmnnkJby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00021999 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000232ae (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000239b3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00024915 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00024db8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00025980 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00027bfc (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00027d06 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00028330 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002865c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00029783 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002a30c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002b0c8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002c133 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002c51b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00033096 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000344ab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00039c02 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003b3b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003be21 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003c871 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003da05 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003e0bc (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003ea51 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000404a0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00040f8d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002140b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000421fb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempbyXNdDTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempbyXNdDww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempddcYSKdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempfccBTlkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00043332 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00044ce4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00048374 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempxxyyaXPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000108e4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000109ce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00010bd2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00010ceb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011335 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000114ea (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011519 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000115d5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011690 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000117f7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011a59 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011bd0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011e8f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011fd7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00012296 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001266f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000129da (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001311d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001391c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00013c29 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000157a0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00015d9c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000177ea (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00019574 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001e922 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001fd47 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:ProgramWMVideoPlugin80_25.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceApplication Datawsnpoemaudio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32winsoft.nls (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:WINDOWSsystem32msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:WINDOWSsystem32yatool.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:WINDOWSBMf3016e4d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSBMf3016e4d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32autodis.dll (Spyware.BZub) -> Delete on reboot.
C:WINDOWSsystem32ws37678.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
________________________________________________________________________________
Strax ska jag göra ny logg med Trend Micro HijackThis..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:49, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:ProgramSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisAtaPulja.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O2 - BHO: (no name) - {fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} - C:WINDOWSsystem32hozifofe.dll
O4 - HKLM..Run: [CPMf3016e4d] Rundll32.exe "c:windowssystem32zurolehe.dll",a
O4 - HKLM..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:windowssystem32zurolehe.dll c:windowssystem32fotowuta.dll,C:WINDOWSsystem32juwufajo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32zurolehe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32zurolehe.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
--
End of file - 3354 bytes
____________________________________________________________________________________
Här är logga efter att jag har scannat med programmet Malwarebytes Anti-Malware:
Malwarebytes' Anti-Malware 1.31
Databasversion: 1456
Windows 5.1.2600 Service Pack 3
2008-12-06 19:37:45
mbam-log-2008-12-06 (19-37-45).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 71429
Förfluten tid: 13 minute(s), 30 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 5
Infekterade registernycklar: 16
Infekterade registervärden: 9
Infekterade registerdataposter: 7
Infekterade mappar: 2
Infekterade filer: 99
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
C:WINDOWSsystem32hozifofe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32sapahore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32juwufajo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32zurolehe.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32fotowuta.dll (Trojan.BHO) -> Delete on reboot.
Infekterade registernycklar:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{54c7d1dd-4296-451e-b756-1e94f665b4ff} (Spyware.Graball) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWARETrymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftinstkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Delete on reboot.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Delete on reboot.
Infekterade registervärden:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncpmf3016e4d (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunreyoromufo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadssodl (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrhcroej0e54p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.
Infekterade registerdataposter:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32juwufajo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32juwufajo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32juwufajo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32zurolehe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32zurolehe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.BHO) -> Data: c:windowssystem32fotowuta.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.BHO) -> Data: system32fotowuta.dll -> Delete on reboot.
Infekterade mappar:
C:ProgramWMVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceApplication Datawsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
Infekterade filer:
C:WINDOWSsystem32driqpvnv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vnvpqird.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32nipavuyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32oyuvapin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qkkppgfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ufgppkkq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32ssknbxux.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32xuxbnkss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32vilwookq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32qkoowliv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32zujawaro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32orawajuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:WINDOWSsystem32zurolehe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32sapahore.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32hozifofe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32juwufajo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32fotowuta.dll (Trojan.BHO) -> Delete on reboot.
C:WINDOWSsystem32ikwosllc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32Driversirldalwz.dat (Rootkit.Agent) -> Delete on reboot.
C:WINDOWSTempTMP1F5.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemppmnnkJby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00021999 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000232ae (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000239b3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00024915 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00024db8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00025980 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00027bfc (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00027d06 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00028330 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002865c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00029783 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002a30c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002b0c8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002c133 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002c51b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00033096 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000344ab (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00039c02 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003b3b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003be21 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003c871 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003da05 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003e0bc (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003ea51 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000404a0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00040f8d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002140b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000421fb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempbyXNdDTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempbyXNdDww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempddcYSKdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempfccBTlkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00043332 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00044ce4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00048374 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTempxxyyaXPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000108e4 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000109ce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00010bd2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00010ceb (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011335 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000114ea (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011519 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000115d5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011690 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000117f7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011a59 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011bd0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011e8f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011fd7 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00012296 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001266f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000129da (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001311d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001391c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00013c29 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000157a0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00015d9c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000177ea (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00019574 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001e922 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001fd47 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:ProgramWMVideoPlugin80_25.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Documents and SettingsLocalServiceApplication Datawsnpoemaudio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32winsoft.nls (Malware.Trace) -> Quarantined and deleted successfully.
C:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:WINDOWSsystem32msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:WINDOWSsystem32yatool.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:WINDOWSBMf3016e4d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSBMf3016e4d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:WINDOWSsystem32mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:WINDOWSsystem32autodis.dll (Spyware.BZub) -> Delete on reboot.
C:WINDOWSsystem32ws37678.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:WINDOWSsystem32TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
________________________________________________________________________________
Strax ska jag göra ny logg med Trend Micro HijackThis..
#7 Malou
Malou
-
- Gäster
Skrivet 06 december 2008 - 19:41
Citat
Hej Malou! Vill bara informera dig om att länken till malewarebytes inte fungerar längre/ Mvh MrO
ps denna funkar http://www.malwarebytes.org/
ps denna funkar http://www.malwarebytes.org/
Skall genast redigera
MVH/Malou
#8 Malou
Malou
-
- Gäster
Skrivet 06 december 2008 - 19:52
Hej AtaPulja!
Ser att Malwarebytes' Anti-Malware har hittat en hel del samt åtgärdat en del. För att förhoppningsvis kunna åtgärda resterande gå vidare med nedanstående procedur.
1: Starta om datorn
2: Uppdatera Malwarebytes' Anti-Malware
3: Starta programmet => välj Utför snabb scanning
4: Klicka på knappen Scanna
5: Scanningen kommer nu att ta en stund
6: När programmet scannat klart klicka Ok och sedan Visa resultat
7: Bocka för allt och klicka på Remove Selected
8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
MVH/Malou
Ser att Malwarebytes' Anti-Malware har hittat en hel del samt åtgärdat en del. För att förhoppningsvis kunna åtgärda resterande gå vidare med nedanstående procedur.
1: Starta om datorn
2: Uppdatera Malwarebytes' Anti-Malware
3: Starta programmet => välj Utför snabb scanning
4: Klicka på knappen Scanna
5: Scanningen kommer nu att ta en stund
6: När programmet scannat klart klicka Ok och sedan Visa resultat
7: Bocka för allt och klicka på Remove Selected
8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
MVH/Malou
#9
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 19:53
Här kommer loggen efter jag har scannat med programmet och startat om data;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:39, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32cidaemon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisAtaPulja.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: ,
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
--
End of file - 2882 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:39, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32cidaemon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisAtaPulja.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: ,
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
--
End of file - 2882 bytes
#10
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 19:54
Så, nu har jag gjort allt som du skrev.
Vad återstår nu? Är Vundo borta nu eller?
Vad återstår nu? Är Vundo borta nu eller?
#11 Malou
Malou
-
- Gäster
Skrivet 06 december 2008 - 19:58
Hej AtaPulja!
Gjorde du den sista instruktionen jag postade här ovan så snabbt?
Jag postade mitt inlägg kl: 19:52 och din sista TM HJT-logga är scannad kl: 19:51:39 och som du då postade kl: 19:53
Min sista instruktionsinlägg postat kl: 19:52
http://www.alltomxp....g99549#msg99549
MVH/Malou
Citat
Så, nu har jag gjort allt som du skrev.
Vad återstår nu? Är Vundo borta nu eller?
Vad återstår nu? Är Vundo borta nu eller?
Jag postade mitt inlägg kl: 19:52 och din sista TM HJT-logga är scannad kl: 19:51:39 och som du då postade kl: 19:53
Min sista instruktionsinlägg postat kl: 19:52
http://www.alltomxp....g99549#msg99549
MVH/Malou
#12
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 20:03
Håller på med den instruktionsinlägg just nu, scanning pågår....
#13
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 20:16
1. Nya loggen:
Malwarebytes' Anti-Malware 1.31
Databasversion: 1456
Windows 5.1.2600 Service Pack 3
2008-12-06 20:15:14
mbam-log-2008-12-06 (20-15-14).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 71035
Förfluten tid: 18 minute(s), 47 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 4
Infekterade registervärden: 4
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 2
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Trojan.BHO.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
Infekterade registervärden:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:WINDOWSsystem32autodis.dll (Trojan.BHO.H) -> Delete on reboot.
C:WINDOWSsystem32Driversirldalwz.dat (Rootkit.Agent) -> Delete on reboot.
Strax kommer andra loggen..
Malwarebytes' Anti-Malware 1.31
Databasversion: 1456
Windows 5.1.2600 Service Pack 3
2008-12-06 20:15:14
mbam-log-2008-12-06 (20-15-14).txt
Skanningstyp: Snabb skanning
Antal skannade objekt: 71035
Förfluten tid: 18 minute(s), 47 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 4
Infekterade registervärden: 4
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 2
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Trojan.BHO.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.
Infekterade registervärden:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:WINDOWSsystem32autodis.dll (Trojan.BHO.H) -> Delete on reboot.
C:WINDOWSsystem32Driversirldalwz.dat (Rootkit.Agent) -> Delete on reboot.
Strax kommer andra loggen..
#14
MrO
-
- Medlem
-
- 377 inlägg
Svenska Spywarehunters Teamet
Skrivet 06 december 2008 - 20:21
Du glömde uppdatera malewarebytes,aktuell data basversion är 1467 / Mvh MrO
#15
AtaPulja
-
- Medlem
-
- 63 inlägg
Skrivet 06 december 2008 - 20:24
Här kommer andra loggen;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:45, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisAtaPulja.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: ,
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
--
End of file - 2848 bytes
Vundo är borta faktiskt. Min Mozzila fungerar utmärkt, spyware programmet hittade första gången 107 olika virus, men andra gången bara 6. Jättebra!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:45, on 2008-12-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDelade filerSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:ProgramDELADE~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:ProgramMozilla Firefoxfirefox.exe
C:ProgramTrend MicroHijackThisAtaPulja.exe
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll
O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')
O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: ,
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe
--
End of file - 2848 bytes
Vundo är borta faktiskt. Min Mozzila fungerar utmärkt, spyware programmet hittade första gången 107 olika virus, men andra gången bara 6. Jättebra!
#16 Malou
Malou
-
- Gäster
Skrivet 06 december 2008 - 22:06
Hej AtaPulja!
Som MrO säger "Uppdatera Malwarebytes' Anti-Malware".
Ser att den hittar en massa otrevligheter och för att den skall kunna åtgärda måste du starta om datorn och göra om scanningen.
1: Starta om datorn
2: Uppdatera Malwarebytes' Anti-Malware
3: Starta programmet => välj Utför snabb scanning
4: Klicka på knappen Scanna
5: Scanningen kommer nu att ta en stund
6: När programmet scannat klart klicka Ok och sedan Visa resultat
7: Bocka för allt och klicka på Remove Selected
8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
MVH/Malou
Som MrO säger "Uppdatera Malwarebytes' Anti-Malware".
Ser att den hittar en massa otrevligheter och för att den skall kunna åtgärda måste du starta om datorn och göra om scanningen.
1: Starta om datorn
2: Uppdatera Malwarebytes' Anti-Malware
3: Starta programmet => välj Utför snabb scanning
4: Klicka på knappen Scanna
5: Scanningen kommer nu att ta en stund
6: När programmet scannat klart klicka Ok och sedan Visa resultat
7: Bocka för allt och klicka på Remove Selected
8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.
9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.
MVH/Malou
#17
lbl
-
- Medlem
-
- 1 050 inlägg
Ahhhh... SÅ var det jöö!
Skrivet 07 december 2008 - 10:19
Symantec har ju ett prg för att fixa bort VUNDO, som jag har kört, och den tog bort skiten på 2-3 re-boots, så jag hänger på det programmet för download här.
Snabbt och enkelt, men jag hämtade det kanske nån gång i början av året, så det är ju möjligt det finns andra VUNDO det inte rår på.
/LbL!
Snabbt och enkelt, men jag hämtade det kanske nån gång i början av året, så det är ju möjligt det finns andra VUNDO det inte rår på.
/LbL!
Använd ditt SUNDA FÖRNUFT - det kommer Du långt med!
Och Tappa inte Sugen - Världen är Full av Tappade Sugar!
(Kallas de "nappar" ??)
