Jump to content

Recommended Posts

*********************************************

2008-12-09:

Tråden är nu låst eftersom problemet är löst

Tycker du att den är felaktigt låst, var god kontakta

Malou

*********************************************

hej!

Trojan Vundo är så j**** jobbig.

Har kört att ta bort den med Vundodix, funkade inte, testade andra spyware programm funkade inte heller. Kan nån hjälpa mig att ta bort denna tråkiga viruset?

Tack

Link to comment
Share on other sites

Hej!

Här kommer logga;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:53:37, on 2008-12-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSvcHst.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32cisvc.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32cidaemon.exe

C:ProgramDELADE~1StardockSDMCP.exe

C:WINDOWSExplorer.EXE

C:ProgramSUPERAntiSpywareSUPERAntiSpyware.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramMozilla Firefoxfirefox.exe

C:ProgramTrend MicroHijackThisHijackThis.exe

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll

O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll

O2 - BHO: (no name) - {fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} - C:WINDOWSsystem32hozifofe.dll

O4 - HKLM..Run: [CPMf3016e4d] Rundll32.exe "c:windowssystem32fotowuta.dll",a

O4 - HKLM..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')

O20 - AppInit_DLLs: c:windowssystem32zurolehe.dll c:windowssystem32fotowuta.dll,C:WINDOWSsystem32juwufajo.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fotowuta.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fotowuta.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

Link to comment
Share on other sites

Hej AtaPulja!

Du har inte döpt om filen som det rekommenderas i instruktionen som Mickilina hänvisade till

C:ProgramTrend MicroHijackThisHijackThis.exe

Vänligen Läs/Följ information/instruktioner m.m som finns att hitta på nedanstående sida:

=> Trend Micro HiJack This (Nerladdning/Instruktioner):

Gör INGEN ny scanning med TM HJT förrän du blir ombedd att göra så.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna noga:

Hämta hem Malwarebytes Anti-Malware:

http://www.malwarebytes.org/index.php

1: Spara installationsfilen till skrivbordet

2: För att påbörja installationen dubbelklicka på mbam-setup.exe

3: Bocka för nedanstående

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

4: Klicka på Slutför

Om där finns uppdateringar kommer dessa att installeras.

Då ovanstående är gjort gå vidare med nedanstående procedur:

1: När programmet startar så välj Utför snabb scanning

2: Klicka på knappen Scanna

3: Scanningen kommer nu att ta en stund

3: När programmet scannat klart klicka Ok och sedan Visa resultat

4: Bocka för allt och klicka på Remove Selected

5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

OBS: Starta ingen ny tråd i ämnet utan fortsätt posta här i din tråd

MVH/Malou

Link to comment
Share on other sites

Ok, här kommer ny logga;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:15:49, on 2008-12-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSvcHst.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32cisvc.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32cidaemon.exe

C:ProgramDELADE~1StardockSDMCP.exe

C:WINDOWSExplorer.EXE

C:ProgramSUPERAntiSpywareSUPERAntiSpyware.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgramMozilla Firefoxfirefox.exe

C:ProgramTrend MicroHijackThisAtaPulja.exe

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll

O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll

O2 - BHO: (no name) - {fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} - C:WINDOWSsystem32hozifofe.dll

O4 - HKLM..Run: [CPMf3016e4d] Rundll32.exe "c:windowssystem32zurolehe.dll",a

O4 - HKLM..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')

O20 - AppInit_DLLs: c:windowssystem32zurolehe.dll c:windowssystem32fotowuta.dll,C:WINDOWSsystem32juwufajo.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32zurolehe.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32zurolehe.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 3354 bytes

____________________________________________________________________________________

Här är logga efter att jag har scannat med programmet Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.31

Databasversion: 1456

Windows 5.1.2600 Service Pack 3

2008-12-06 19:37:45

mbam-log-2008-12-06 (19-37-45).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 71429

Förfluten tid: 13 minute(s), 30 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 5

Infekterade registernycklar: 16

Infekterade registervärden: 9

Infekterade registerdataposter: 7

Infekterade mappar: 2

Infekterade filer: 99

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

C:WINDOWSsystem32hozifofe.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32sapahore.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32juwufajo.dll (Trojan.Vundo.H) -> Delete on reboot.

c:WINDOWSsystem32zurolehe.dll (Trojan.Vundo.H) -> Delete on reboot.

c:WINDOWSsystem32fotowuta.dll (Trojan.BHO) -> Delete on reboot.

Infekterade registernycklar:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOTCLSID{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{fd3fbb9a-b8a7-4b6d-926a-24d58410bb86} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{54c7d1dd-4296-451e-b756-1e94f665b4ff} (Spyware.Graball) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWARETrymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSoftware Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USERSOFTWAREMicrosoftinstkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftrdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOTCLSID{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Delete on reboot.

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Spyware.BZub) -> Delete on reboot.

Infekterade registervärden:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncpmf3016e4d (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunreyoromufo (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadssodl (Trojan.BHO) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionrhcroej0e54p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32juwufajo.dll -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32juwufajo.dll  -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32juwufajo.dll -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32zurolehe.dll -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: system32zurolehe.dll -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.BHO) -> Data: c:windowssystem32fotowuta.dll -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.BHO) -> Data: system32fotowuta.dll -> Delete on reboot.

Infekterade mappar:

C:ProgramWMVideoPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsLocalServiceApplication Datawsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade filer:

C:WINDOWSsystem32driqpvnv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32vnvpqird.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32nipavuyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32oyuvapin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32qkkppgfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ufgppkkq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32ssknbxux.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32xuxbnkss.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32vilwookq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32qkoowliv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32zujawaro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:WINDOWSsystem32orawajuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:WINDOWSsystem32zurolehe.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32sapahore.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32hozifofe.dll (Trojan.Vundo.H) -> Delete on reboot.

C:WINDOWSsystem32juwufajo.dll (Trojan.Vundo.H) -> Delete on reboot.

c:WINDOWSsystem32fotowuta.dll (Trojan.BHO) -> Delete on reboot.

C:WINDOWSsystem32ikwosllc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32Driversirldalwz.dat (Rootkit.Agent) -> Delete on reboot.

C:WINDOWSTempTMP1F5.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemppmnnkJby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00021999 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000232ae (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000239b3 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00024915 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00024db8 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00025980 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00027bfc (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00027d06 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00028330 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002865c (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00029783 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002a30c (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002b0c8 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002c133 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002c51b (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00033096 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000344ab (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00039c02 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003b3b1 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003be21 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003c871 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003da05 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003e0bc (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0003ea51 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000404a0 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00040f8d (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0002140b (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000421fb (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTempbyXNdDTJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTempbyXNdDww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTempddcYSKdc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTempfccBTlkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00043332 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00044ce4 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00048374 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTempxxyyaXPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000108e4 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000109ce (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00010bd2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00010ceb (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011335 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000114ea (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011519 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000115d5 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011690 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000117f7 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011a59 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011bd0 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011e8f (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00011fd7 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00012296 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001266f (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000129da (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001311d (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001391c (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00013c29 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000157a0 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00015d9c (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp000177ea (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp00019574 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001e922 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:Documents and SettingsMirsad PuljicLokala inställningarTemptmp0001fd47 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:ProgramWMVideoPlugin80_25.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:Documents and SettingsLocalServiceApplication Datawsnpoemaudio.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:WINDOWSsystem32TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:WINDOWSsystem32delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:WINDOWSsystem32winsoft.nls (Malware.Trace) -> Quarantined and deleted successfully.

C:WINDOWSsystem32dllcachebeep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:WINDOWSsystem32msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:WINDOWSsystem32yatool.dll (Spyware.Passwords) -> Quarantined and deleted successfully.

C:WINDOWSBMf3016e4d.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSBMf3016e4d.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:WINDOWSsystem32mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:WINDOWSsystem32autodis.dll (Spyware.BZub) -> Delete on reboot.

C:WINDOWSsystem32ws37678.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:WINDOWSsystem32wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:WINDOWSsystem32TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.

________________________________________________________________________________

Strax ska jag göra ny logg med  Trend Micro HijackThis..

Link to comment
Share on other sites

Hej AtaPulja!

Ser att Malwarebytes' Anti-Malware har hittat en hel del samt åtgärdat en del. För att förhoppningsvis kunna åtgärda resterande gå vidare med nedanstående procedur.

1: Starta om datorn

2: Uppdatera Malwarebytes' Anti-Malware

3: Starta programmet => välj Utför snabb scanning

4: Klicka på knappen Scanna

5: Scanningen kommer nu att ta en stund

6: När programmet scannat klart klicka Ok och sedan Visa resultat

7: Bocka för allt och klicka på Remove Selected

8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

MVH/Malou

Link to comment
Share on other sites

Här kommer loggen efter jag har scannat med programmet och startat om data;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:51:39, on 2008-12-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSvcHst.exe

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe

C:ProgramDELADE~1StardockSDMCP.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32cisvc.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32ctfmon.exe

C:WINDOWSsystem32cidaemon.exe

C:ProgramMozilla Firefoxfirefox.exe

C:ProgramTrend MicroHijackThisAtaPulja.exe

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll

O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')

O20 - AppInit_DLLs:  ,  

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 2882 bytes

Link to comment
Share on other sites

Hej AtaPulja!

Så, nu har jag gjort allt som du skrev.

Vad återstår nu? Är Vundo borta nu eller?

Gjorde du den sista instruktionen jag postade här ovan så snabbt?

Jag postade mitt inlägg kl: 19:52 och din sista TM HJT-logga är scannad kl: 19:51:39 och som du då postade kl: 19:53

Min sista instruktionsinlägg postat kl: 19:52

http://www.alltomxp.se/forum/index.php?top...g99549#msg99549

MVH/Malou

Link to comment
Share on other sites

1. Nya loggen:

Malwarebytes' Anti-Malware 1.31

Databasversion: 1456

Windows 5.1.2600 Service Pack 3

2008-12-06 20:15:14

mbam-log-2008-12-06 (20-15-14).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 71035

Förfluten tid: 18 minute(s), 47 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 4

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CLASSES_ROOTCLSID{c7e7dc63-1386-407a-888d-5eaf79524dcf} (Trojan.BHO.H) -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesqlrusqsu (Rootkit.Agent) -> Delete on reboot.

Infekterade registervärden:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsbk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsiu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Settingsmu (Trojan.Agent) -> Delete on reboot.

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

C:WINDOWSsystem32autodis.dll (Trojan.BHO.H) -> Delete on reboot.

C:WINDOWSsystem32Driversirldalwz.dat (Rootkit.Agent) -> Delete on reboot.

Strax kommer andra loggen..

Link to comment
Share on other sites

Här kommer andra loggen;

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:22:45, on 2008-12-06

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDelade filerSymantec SharedccSvcHst.exe

C:WINDOWSsystem32spoolsv.exe

C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe

C:WINDOWSsystem32cisvc.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:ProgramDELADE~1StardockSDMCP.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32ctfmon.exe

C:ProgramMozilla Firefoxfirefox.exe

C:ProgramTrend MicroHijackThisAtaPulja.exe

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:ProgramDELADE~1SYMANT~1IDSIPSBHO.dll

O2 - BHO: (no name) - {C7E7DC63-1386-407A-888D-5EAF79524DCF} - C:WINDOWSsystem32autodis.dll

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - HKUSS-1-5-19..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'LOKAL TJÄNST')

O4 - HKUSS-1-5-20..Run: [reyoromufo] Rundll32.exe "C:WINDOWSsystem32sapahore.dll",s (User 'NETWORK SERVICE')

O20 - AppInit_DLLs:  , 

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:ProgramSymantecLiveUpdateAluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:ProgramGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:ProgramSymantecLiveUpdateLuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:ProgramDelade filerSymantec SharedccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: Symantec Core LC - Unknown owner - C:ProgramDELADE~1SYMANT~1CCPD-LCsymlcsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 2848 bytes

Vundo är borta faktiskt. Min Mozzila fungerar utmärkt, spyware programmet hittade första gången 107 olika virus, men andra gången bara 6. Jättebra!

Link to comment
Share on other sites

Hej AtaPulja!

Som MrO säger "Uppdatera Malwarebytes' Anti-Malware".

Ser att den hittar en massa otrevligheter och för att den skall kunna åtgärda måste du starta om datorn och göra om scanningen.

1: Starta om datorn

2: Uppdatera Malwarebytes' Anti-Malware

3: Starta programmet => välj Utför snabb scanning

4: Klicka på knappen Scanna

5: Scanningen kommer nu att ta en stund

6: När programmet scannat klart klicka Ok och sedan Visa resultat

7: Bocka för allt och klicka på Remove Selected

8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

MVH/Malou

Link to comment
Share on other sites

Symantec har ju ett prg för att fixa bort VUNDO, som jag har kört, och den tog bort skiten på 2-3 re-boots, så jag hänger på det programmet för download här.

Snabbt och enkelt, men jag hämtade det kanske nån gång i början av året, så det är ju möjligt det finns andra VUNDO det inte rår på.

/LbL!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...