Just nu i M3-nätverket
Jump to content

Har haft lite problem med trojaner Hjälp.


Steen Pedersen

Recommended Posts

Steen Pedersen

Har haft en hel del trojaner på datorn och skulle behöva lite hjälp med att säkerhetställa att datorn är ren.

 

jag hämtade hem Malwarebytes' Anti-Malware och gjorde en scan detta är resultatet

 

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2053

Windows 5.1.2600 Service Pack 3

 

2009-04-28 15:52:55

mbam-log-2009-04-28 (15-52-55).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 69017

Förfluten tid: 1 minute(s), 24 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 22

Infekterade registervärden: 4

Infekterade registerdataposter: 14

Infekterade mappar: 4

Infekterade filer: 8

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\z444.z444mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\z444.z444mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51b15f5a-e98b-4658-b9cb-9307b74773a7} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ViRsLab (Rogue.AVLab) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\virslabwarning.warningbho (Rogue.AVLab) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\virslabwarning.warningbho.1 (Rogue.AVLab) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com'>http://windiwsfsearch.com) Good: (http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html'>http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://windiwsfsearch.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}'>http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s'>http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

 

Infekterade mappar:

C:\Program\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

C:\Documents and Settings\Användare1\Application Data\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Användare1\Application Data\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\Documents and Settings\Användare1\Application Data\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.

C:\Program\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\Användare1\Favoriter\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

[/log]

 

här är en hijackThis utförd efter att jag hade tagit bort ovanstående

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:45:11, on 2009-04-28

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Documents and Settings\Användare1\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe

C:\Program\OpenOffice.org 2.4\program\soffice.exe

C:\Program\OpenOffice.org 2.4\program\soffice.BIN

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\Användare1\Skrivbord\HiJackThis.exe

[/log]

 

Link to comment
Share on other sites

Starta om datorn och kolla med MBAM igen. Om något hittas så klistra in loggen. Klistra sedan in en ny HijackThis-logg och hela loggen denna gång.

Hur fungerar datorn efter det?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...