Hjälp igen med virus!

[ulrslo]

Hej!

Jag hade virus för ett tag sedan och tackar för svaret jag fick här. Till slut kände jag dock att jag formaterade om datorn i stället för det dök upp mer och mer konstigheter.

Nu har jag varit igång i knappt två veckor och idag dyker viurs upp igen!

Jag blir så ledsen.

Nu hoppas jag att det är borta...men jag vet ju inte. 2 filer kunde inte öppnas när jag scannade och jag är rädd att det finns något kvar.

Vad gör jag.

Klistrar in senaste loggen här

[log]

 

 

AntiVir PersonalEdition Classic

Report file date: den 6 september 2007 19:17

 

Scanning for 1048839 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: ULRIKA

 

Version information:

BUILD.DAT : 268 15604 Bytes 2007-08-31 13:04:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-09-06 15:51:32

AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-09-06 15:51:32

LUKE.DLL : 7.0.5.3 147496 Bytes 2007-09-06 15:51:33

LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-09-06 15:51:33

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 13:08:58

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 14:30:58

ANTIVIR2.VDF : 6.39.1.74 1637376 Bytes 2007-09-02 15:51:34

ANTIVIR3.VDF : 6.39.1.96 104448 Bytes 2007-09-06 15:51:34

AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-09-06 15:51:34

AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-09-06 15:51:32

AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-24 14:31:02

AVREG.DLL : 7.0.1.6 30760 Bytes 2007-09-06 15:51:32

AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-09-06 15:51:29

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-09-06 15:51:30

NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-09-06 15:51:23

RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-09-06 15:51:23

SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-09-06 15:51:33

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: den 6 september 2007 19:17

 

The scan of running processes will be started

Scan process "WINWORD.EXE" - "0" Module(s) have been scanned

Scan process "avscan.exe" - "1" Module(s) have been scanned

Scan process "avguard.exe" - "1" Module(s) have been scanned

Scan process "avcenter.exe" - "1" Module(s) have been scanned

Scan process "OUTLOOK.EXE" - "1" Module(s) have been scanned

Scan process "iexplore.exe" - "1" Module(s) have been scanned

Scan process "HPZipm12.exe" - "1" Module(s) have been scanned

Scan process "sched.exe" - "1" Module(s) have been scanned

Scan process "avgnt.exe" - "1" Module(s) have been scanned

Scan process "wuauclt.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "hprblog.exe" - "1" Module(s) have been scanned

Scan process "hpqste08.exe" - "1" Module(s) have been scanned

Scan process "alg.exe" - "1" Module(s) have been scanned

Scan process "NMIndexStoreSvr.exe" - "1" Module(s) have been scanned

Scan process "NMIndexingService.exe" - "1" Module(s) have been scanned

Scan process "wdfmgr.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "MediaServer.exe" - "1" Module(s) have been scanned

Scan process "MediaGUI.exe" - "1" Module(s) have been scanned

Scan process "hpqtra08.exe" - "1" Module(s) have been scanned

Scan process "PASTARTER.EXE" - "1" Module(s) have been scanned

Scan process "NMBgMonitor.exe" - "1" Module(s) have been scanned

Scan process "msmsgs.exe" - "1" Module(s) have been scanned

Scan process "ctfmon.exe" - "1" Module(s) have been scanned

Scan process "apdproxy.exe" - "1" Module(s) have been scanned

Scan process "hpwuSchd2.exe" - "1" Module(s) have been scanned

Scan process "igfxpers.exe" - "1" Module(s) have been scanned

Scan process "hkcmd.exe" - "1" Module(s) have been scanned

Scan process "smax4pnp.exe" - "1" Module(s) have been scanned

Scan process "spoolsv.exe" - "1" Module(s) have been scanned

Scan process "explorer.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "svchost.exe" - "1" Module(s) have been scanned

Scan process "lsass.exe" - "1" Module(s) have been scanned

Scan process "services.exe" - "1" Module(s) have been scanned

Scan process "winlogon.exe" - "1" Module(s) have been scanned

Scan process "csrss.exe" - "1" Module(s) have been scanned

Scan process "smss.exe" - "1" Module(s) have been scanned

41 processes with 41 modules were scanned

 

Start scanning boot sectors:

Boot sector "C:\"

[NOTE] No virus was found!

Boot sector "D:\"

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( "29" files ).

 

 

Starting the file scan:

 

Begin scan in "C:\"

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in "D:\" <Dell 300>

D:\RECYCLER\S-1-5-21-1454471165-2146929623-839522115-1003\Dd18.rar

[0] Archive type: RAR

--> Windows Activation Crack.exe

[DETECTION] Contains detection pattern of the dropper DR/VB.bal.11

[iNFO] The file was moved to "4711fb6d.qua"!

 

 

End of the scan: den 7 september 2007 09:18

Used time: 14:01:29 min

 

The scan has been done completely.

 

5414 Scanning directories

185355 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

185354 Files not concerned

2205 Archives were scanned

2 Warnings

90 Notes

[/log]

 

[Cecilia]

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Det är helt normala filer som Windows har öppna så att andra program inte ska komma åt dem, alltså normalt.

 

 

D:\RECYCLER\S-1-5-21-1454471165-2146929623-839522115-1003\Dd

18.rar

[0] Archive type: RAR

--> Windows Activation Crack.exe

[DETECTION] Contains detection pattern of the dropper DR/VB.bal.11

[iNFO] The file was moved to "4711fb6d.qua"!

Alltså en fil som du hade liggande i Papperskorgen, numera flyttad till AVGs karantän. Om man håller på och krackar program så blir datorn väldigt lätt infekterad.

 

[ulrslo]

Tack!

Papperskorgen innebär troligtvis att det är något jag fått och slängt...hoppas jag :-)

Innebär det att det inte är någon fara nu då?

Ulrika

 

[Cecilia]

Kör åtminstone ett av antispionprogrammen nedan och en online-skanning också.

[log]Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware Free Edition och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Använd en brandvägg (bättre än den inbyggda i XP), det finns gratis t ex Comodo (avancerad) och ZoneAlarm (mer lättanvänd).

http://www.personalfirewall.comodo.com/

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "I only want basic ZoneAlarm protection" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips på:

http://surfthenetsafely.com/surfsafely6.htm

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Se vilka webbplatser som är säkra/osäkra med hjälp av SiteAdvisor http://www.siteadvisor.com

 

Allt gratis för hemanvändare/personligt bruk.

[/log]

 

[ulrslo]

Stort, stort tack för all din hjälp.

Den var mycket värdefull

Kram Ulrika