Just nu i M3-nätverket
Jump to content

VIRUS


harryolsson

Recommended Posts

harryolsson

När jag startar min dator kommer fönster upp som säger
"dataexekveringsskydd rundll32.exe"
"dataexekveringsskydd inloggningsgränssnitt för windows"
"Rundll går inte att läsa c:/windows/system32/juzadido"
"Rundll går inte att läsa c:/windows/system32/tawisisa"
"Rundll går inte att läsa c:/windows/system32/jidikedo"

Datorn startas om lite när den vill..samt att när datorn startas kommer det upp en inloggningsruta (som det brukar göra när man har lösenord på datorn) denna ruta har aldrig kommit fram innan, och det enda jag behöver göra nu är att trycka OK, så loggas jag in.

Det enda jag gjort när det började var att köra Ad-aware x-antal ggr och den hittar en hel del infekterade filer varje gång som jag tar bort.

Det enda jag kan komma på att jag gjort är att trycka på nån uppdateringsknapp av adobe till version 10, samt införskaffat lite mp3 filer..

Link to comment
Share on other sites

Det där ser ut som typiska skadliga filer i alla fall. Vi kan se vad HijackThis visar till att börja med. Ladda ner från en av länkarna:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in den i ditt svar.

Link to comment
Share on other sites

harryolsson

Oj den blev lång...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:58:46, on 2009-03-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\HP\QuickPlay\QPService.exe
C:\Program\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Hp\HP Software Update\HPWuSchd2.exe
C:\Program\AirPort\APAgent.exe
C:\Program\Ext2Fsd\Ext2Mgr.exe
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft ActiveSync\wcescomm.exe
C:\Program\MI3AA1~1\rapimgr.exe
C:\Program\HPQ\Shared\HPQTOA~1.EXE
C:\Program\iPod\bin\iPodService.exe
C:\Documents and Settings\Sebastian\reader_s.exe
C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe
C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program\Prevx\prevx.exe
C:\Program\Prevx\prevx.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [Ext2 Volume Manager] C:\Program\Ext2Fsd\Ext2Mgr.exe -quiet
O4 - HKLM\..\Run: [Ad-Watch] C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [lifagituve] Rundll32.exe "C:\WINDOWS\system32\tawisisa.dll",s
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [3c6270fb] rundll32.exe "C:\WINDOWS\system32\juzadido.dll",b
O4 - HKLM\..\Run: [CPM3f514367] Rundll32.exe "c:\windows\system32\jidikedo.dll",a
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [comidle]  "C:\Documents and Settings\Sebastian\Application Data\comidle\comidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Sebastian\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [lifagituve] Rundll32.exe "C:\WINDOWS\system32\tawisisa.dll",s (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bnszjuyy.exe] C:\WINDOWS\bnszjuyy.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [phnnxujd.exe] C:\WINDOWS\phnnxujd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xlpmteru.exe] C:\WINDOWS\xlpmteru.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jrcrtjdz.exe] C:\WINDOWS\jrcrtjdz.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Skärmurklipp och start för OneNote 2007.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Photosmart Premier Snabbstart.lnk = C:\Program\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\pikuyaha.dll ualwjn.dll c:\windows\system32\jidikedo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jidikedo.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jidikedo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
O23 - Service: CSIScanner - Prevx - C:\Program\Prevx\prevx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11193 bytes

Link to comment
Share on other sites

Helt normal längd ;)
Men en hel del skadliga filer.

Kontrollpanelen - Lägg till eller ta bort program
Ta bort Ask Toolbar om den finns där, ta sedan bort mappen C:\Program\AskSBar

Om Prevx håller på och söker igenom datorn nu så vänta med resten tills den är klar och datorn omstartad.

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
http://projects.securitywonks.net/projects/details.php?file=158
Dubbelklicka på mbam-setup för att installera programmet.

Se till i slutet av installationen att det är bockar för:
Uppdatera Malwarebytes' Anti-Malware
Starta Malwarebytes' Anti-Malware
Tryck på Slutför
Om det finns någon uppdatering så kommer den att laddas ner och installeras.

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.
Skanningen tar ett tag.
När den är klar så tryck på OK och sedan "Visa resultat".
Bocka för allt och tryck sedan Ta bort markerade.
När borttagningen är klar så öppnar Anteckningar med en logg.

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.
Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.
Om programmet inte kommer igång efter omstarten så starta det.

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.
Kopiera loggen och klistra in den i ditt svar.

Link to comment
Share on other sites

harryolsson

Nu är datorn helt fuckad....När jag höll på att läsa ditt inlägg startades den om, när den är på igen kommer bara ett tomt skrivbord upp..man kan komma in i aktivitetshanteraren "ctrl alt delete" och det är därifrån jag lyckats komma in här nu genom att skapa en ny aktivitet...däremot kunde ja inte installera malware..kommer upp massa fönster om runtime error m.m...har även startat om datorn x-antal ggr..men inga ikoner/startmeny m.m kommer upp


UPPD. Efter x-antal omstartet kom skrivbordet upp igen..så jag lyckades köra Malware..men efter reboot så kom inte ikonerna på skrivbordet upp igen...men iaf. här är loggen:

Malwarebytes' Anti-Malware 1.34
Databasversion: 1814
Windows 5.1.2600 Service Pack 3

2009-03-03 02:02:50
mbam-log-2009-03-03 (02-02-50).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 68690
Förfluten tid: 2 minute(s), 46 second(s)

Infekterade minnesprocesser: 2
Infekterade minnesmoduler: 0
Infekterade registernycklar: 9
Infekterade registervärden: 11
Infekterade registerdataposter: 2
Infekterade mappar: 1
Infekterade filer: 43

Infekterade minnesprocesser:
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Documents and Settings\Sebastian\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lifagituve (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3c6270fb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3f514367 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comidle (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registerdataposter:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infekterade mappar:
C:\Documents and Settings\Sebastian\Application Data\comidle (Trojan.Downloader) -> Quarantined and deleted successfully.

Infekterade filer:
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\woxanescmr.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\noecwarxms.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\ormnawscxe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\ecrsmnoawx.tmp (Virus.Virut) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Application Data\comidle\comidle.exe9i1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\rasesnet.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekacoecmlth.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekadlklnndt.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekapjusoirj.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekaqhrayvjn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekarammuwud.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekafvaqisdp.sys (Trojan.Agent) -> Quarantined and deleted successfully.


Körde sedan programmet engång till då kom följande upp:

Malwarebytes' Anti-Malware 1.34
Databasversion: 1814
Windows 5.1.2600 Service Pack 3

2009-03-03 02:11:03
mbam-log-2009-03-03 (02-11-03).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 67730
Förfluten tid: 2 minute(s), 37 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Körde ytterligare en gång

Malwarebytes' Anti-Malware 1.34
Databasversion: 1814
Windows 5.1.2600 Service Pack 3

2009-03-03 02:25:18
mbam-log-2009-03-03 (02-25-18).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 68540
Förfluten tid: 2 minute(s), 38 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 1
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 1

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Link to comment
Share on other sites

C:\Documents and Settings\Sebastian\Lokala inställningar\Temp\ecrsmnoawx.tmp (Virus.Virut) -> Quarantined and deleted successfully.
Virut det låter inte bra. Om datorn har verkligen har drabbats av virut fullt ut så går den inte att rädda den då är det ominstallation som gäller. Men vi får väl se hur det ser ut.

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\userinit.exe

Link to comment
Share on other sites

harryolsson

Gäller för explorer.exe

a-squared4.0.0.1012009.03.03Trojan.Win32.Patched!IKAhnLab-V35.0.0.22009.02.27-AntiVir7.9.0.982009.03.03W32/Virut.GenAuthentium5.1.0.42009.03.03W32/Virut.AI!GenericAvast4.8.1335.02009.03.02Win32:VitroAVG8.0.0.2372009.03.03-BitDefender7.22009.03.03Win32.Virtob.Gen.12CAT-QuickHeal10.002009.03.03W32.Virut.GClamAV0.94.12009.03.03-Comodo10172009.03.03-DrWeb4.44.0.091702009.03.03Win32.Virut.56eSafe7.0.17.02009.03.02-eTrust-Vet31.6.63812009.03.03Win32/Virut.17408F-Prot4.4.4.562009.03.02W32/Patched.E.gen!EldoradoF-Secure8.0.14470.02009.03.03Virus.Win32.Virut.ceFortinet3.117.0.02009.03.03-GData192009.03.03Win32.Virtob.Gen.12IkarusT3.1.1.45.02009.03.03Trojan.Win32.PatchedK7AntiVirus7.10.6542009.03.02-Kaspersky7.0.0.1252009.03.03Virus.Win32.Virut.ceMcAfee55412009.03.02W32/Virut.n.genMcAfee+Artemis55412009.03.02W32/Virut.n.genMicrosoft1.43062009.03.03Virus:Win32/Virut.BMNOD3239022009.03.02Win32/Virut.NBKNorman6.00.062009.03.02W32/Virut.BVnProtect2009.1.8.02009.03.03-Panda10.0.0.102009.03.02W32/Sality.AOPCTools4.4.2.02009.03.02-Prevx1V22009.03.03-Rising21.19.11.002009.03.03-SecureWeb-Gateway6.7.62009.03.03Win32.Virut.GenSophos4.39.02009.03.03W32/Scribble-ASunbelt3.2.1858.22009.03.02-Symantec102009.03.03W32.Virut.CFTheHacker6.3.2.6.2692009.03.02W32/Virut.genTrendMicro8.700.0.10042009.03.03PE_VIRUX.D-2VBA323.12.10.12009.03.03-ViRobot2009.3.3.16312009.03.03-VirusBuster4.5.11.02009.03.02-


Gäller för system32/userinit

a-squared4.0.0.1012009.03.03-AhnLab-V35.0.0.22009.02.27-AntiVir7.9.0.982009.03.03W32/Virut.GenAuthentium5.1.0.42009.03.03W32/Virut.AI!GenericAvast4.8.1335.02009.03.02Win32:VitroAVG8.0.0.2372009.03.03-BitDefender7.22009.03.03Win32.Virtob.Gen.12CAT-QuickHeal10.002009.03.03W32.Virut.GClamAV0.94.12009.03.03-Comodo10172009.03.03-DrWeb4.44.0.091702009.03.03Win32.Virut.56eSafe7.0.17.02009.03.02-eTrust-Vet31.6.63812009.03.03Win32/Virut.17408F-Prot4.4.4.562009.03.02W32/Patched.E.gen!EldoradoF-Secure8.0.14470.02009.03.03Virus.Win32.Virut.ceFortinet3.117.0.02009.03.03-GData192009.03.03Win32.Virtob.Gen.12IkarusT3.1.1.45.02009.03.03-K7AntiVirus7.10.6542009.03.02-Kaspersky7.0.0.1252009.03.03Virus.Win32.Virut.ceMcAfee55412009.03.02W32/Virut.n.genMcAfee+Artemis55412009.03.02W32/Virut.n.genMicrosoft1.43062009.03.03Virus:Win32/Virut.BMNOD3239022009.03.02Win32/Virut.NBKNorman6.00.062009.03.02W32/Virut.BVnProtect2009.1.8.02009.03.03-Panda10.0.0.102009.03.02W32/Sality.AOPCTools4.4.2.02009.03.02-Prevx1V22009.03.03-Rising21.19.11.002009.03.03-SecureWeb-Gateway6.7.62009.03.03Win32.Virut.GenSophos4.39.02009.03.03W32/Scribble-ASunbelt3.2.1858.22009.03.02Win32.Virut.cf (v)Symantec102009.03.03W32.Virut.CFTheHacker6.3.2.6.2692009.03.02W32/Virut.genTrendMicro8.700.0.10042009.03.03PE_VIRUX.D-2VBA323.12.10.12009.03.03-ViRobot2009.3.3.16312009.03.03-VirusBuster4.5.11.02009.03.02-

Link to comment
Share on other sites

Jag beklagar, men i stort sett alla körbara filer inkl. Windows-filer i datorn är infekterade och skadade, och då går det inte att göra något utan datorn måste formateras om och Windows installeras på nytt. Se sedan till att ha ett antivirusprogram så att datorn inte lika lätt blir infekterad av samma sak igen.

Link to comment
Share on other sites

harryolsson

Så..nu är man up and running igen....TACK SÅ MYCKET FÖR DIN HJÄLP...

Nu har jag installerat AVG  och malwarebytes för att liknande saker inte ska hända igen...Är detta bra?

ha det fint

Link to comment
Share on other sites

Inte mycket att tacka för, jag tycker det mest är tråkigt att det inte gick att lösa på något bättre sätt. Ledsen

Jag har några ytterligare tips på bra säkerhetsprogram som du kan installera som komplement, se min webbsida http://ceblstockholm.googlepages.com/home

Var nu rädd om datorn! Tumme upp

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...