1. Dator och IT
  2. Programvara: Windows

MSNvirus

Svara
  • 1
  • 2
2008-05-31, 01:27
  #1
qtj
Medlem
Tja!

Vet hur detta låter men men ... Syrran har fått msn virus och skickar ut mail på finska med en adress och min mailadress. Har varit och kört msnfix men det löste ej bekymmret. Finns det någon annan lösning?
Citera
2008-05-31, 11:46
  #2
Plåt Niklas
Medlem
Byta lösen?
Citera
2008-05-31, 11:51
  #3
Vapendragare
Bannlyst
lite mer detaljer
Citera
2008-05-31, 17:59
  #4
qtj
Medlem
Medelandet ser ut såhär: otko tässä?
Klicka inte!
http://imaageshack.org/image.php?=min@mail.adress
Klicka inte!
Har testat med att byta lösen men det hjälpte inte. Har även scannat med msnfix och antivirus och adavare. men inget hjälper.
Citera
2008-05-31, 18:43
  #5
927
Medlem
927s avatar
posta loggen från msnfix
Citera
2008-05-31, 19:41
  #6
qtj
Medlem
Så ser loggen ut.

MSNFix 1.719

C:\Documents and Settings\Laptop\Skrivbord\MSNFix\MSNFix
Sokningen var klar pa 2008-05-31 - 15:23:02,50 By Laptop
normalt lage

************************ Kollar filer

... C:\WINDOWS\winudpmgr.exe
... C:\??????.exe
... C:\\bot.exe
... C:\WINDOWS\service.exe

************************ Kollar mappar

Inga Mappar Funna




************************ Tar bort virus filer

/!\ ... C:\WINDOWS\winudpmgr.exe
/!\ ... C:\??????.exe
.. OK ... C:\\bot.exe
/!\ ... C:\WINDOWS\service.exe



************************ Rensar registret



Resten av filerna tas bort efter omstart


************************ Tar bort virus filer

.. OK ... C:\WINDOWS\winudpmgr.exe
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\service.exe



************************ Misstankta Filer

/!\ Dem funna filerna maste kontrolleras innan borttagning

[C:\DOCUME~1\Laptop\LOKALA~1\Temp\Autoruns.zip] 8B1AF97EB6DB23E18B2CECF3F27EFE4A
[C:\is154890.exe] 2BB805B681826B5EDB25D884B6F1A96E

[color=#FF0000]==>[/color] Var snall och ladda upp filen C:\DOCUME~1\Laptop\SKRIVB~1\Upload_Me.zip on http://upload.changelog.fr



Filerna och Registernycklarna har sparats i karantan 2008-05-31_15282260.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

------------------------------------------------------------------------
Gjord av : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
Citera
2008-05-31, 21:03
  #7
927
Medlem
927s avatar
scanna den här filen
C:\is154890.exe

här
http://www.virscan.org/

du kan posta en hijackthis logg så ser man om det finns något mer problem.
spara HJTInstall.exe på skrivbordet >klicka på filen >välj install och klicka på: "do a system scan and save logfile".
posta den loggen från txt filen som visas då.
http://www.trendsecure.com/portal/en...HJTInstall.exe
Citera
2008-05-31, 22:38
  #8
qtj
Medlem
Först och främst hjärtligt tack till dig.

Detta får jag på virscan.org

VirSCAN.org Scanned Report :
Scanner results: 8% Scanner(3/36) found malware!
File Name : is154890.exe
File Size : 93184 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : 2bb805b681826b5edb25d884b6f1a96e
SHA1 : bca0da946165e0a1a5b763eee47b72d213175e68
Online report : http://virscan.org/report/d69f765733...aff8bd4e9.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.18 2008.05.31 2008-05-31 25.89 -
AhnLab V3 2008.05.30.01 2008.05.30 2008-05-30 3.12 -
AntiVir 7.8.0.26 7.0.4.118 2008-05-30 0.00 -
Arcavir 1.0.4 200805301750 2008-05-30 15.46 -
AVAST! 1.0.8 080531-1 2008-05-31 10.36 -
AVG 7.5.51.442 269.24.4/1476 2008-05-31 26.51 -
BitDefender 7.60825.1255425 7.19275 2008-06-01 0.00 -
CA (VET) 9.0.0.143 31.4.5837 2008-05-31 16.00 -
ClamAV 0.93 7301 2008-05-31 0.01 -
Comodo 2.11 2.0.0.541 2008-05-31 3.40 -
CP Secure 1.1.0.715 2008.05.31 2008-05-31 62.30 -
Dr.Web 4.44.0.9170 2008.05.31 2008-05-31 49.22 -
ewido 4.0.0.2 2008.05.30 2008-05-30 6.40 -
F-Prot 4.4.1.52 20080530 2008-05-30 47.53 -
F-Secure 5.51.6100 2008.05.31.01 2008-05-31 0.06 -
Fortinet 2.81-3.11 9.149 2008-05-30 4.07 Suspicious
ViRobot 20080530 2008.05.30 2008-05-30 2.45 -
Ikarus T3.1.01.26 2008.05.31.70847 2008-05-31 19.44 -
JiangMin 11.0.706 2008.05.28 2008-05-28 1.44 -
Kaspersky 5.5.10 2008.05.29 2008-05-29 54.41 -
KingSoft 2008.1.14.15 2008.5.31.15 2008-05-31 2.65 -
McAfee 5.2.00 5307 2008-05-30 19.46 -
Microsoft 1.3520 2008.05.31 2008-05-31 9.29 Trojan:Win32/Vundo.gen!H
mks_vir 2.01 2008.05.31 2008-05-31 25.28 -
Norman 5.92.08 5.92.00 2008-05-29 54.54 -
Panda 9.04.03.0001 2008.05.30 2008-05-30 5.04 -
Trend Micro 8.700-1004 5.312.08 2008-05-30 0.00 -
Prevx V2 20080601 2008-06-01 5.73 TROJAN.DOWNLOADER.GEN
Quick Heal 9.00 2008.05.31 2008-05-31 3.07 -
Rising 20.0 20.46.52.00 2008-05-31 3.59 -
Sophos 2.74.1 4.30 2008-06-01 25.91 -
Symantec 1.3.0.24 20080531.002 2008-05-31 0.44 -
nProtect 2008-05-29.00 1528313 2008-05-29 7.56 -
The Hacker 6.2.92 v00328 2008-05-31 3.10 -
VBA32 3.12.6.6 20080531.0026 2008-05-31 14.51 -
VirusBuster 4.3.19:9 9.130.10/11.0 2008-05-31 13.58 -
Citera
2008-05-31, 22:39
  #9
qtj
Medlem
Loggen från hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:48, on 2008-05-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Hp\HP Software Update\HPWuSchd2.exe
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program\DAEMON Tools\daemon.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\service.exe
C:\Program\Logitech\MouseWare\system\em_exec.exe
C:\Program\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program\NetLimiter 2 Pro\nlsvc.exe
C:\Program\PIXELA\ImageMixer3\HDDCameraMonitor.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program\Logitech\SetPoint\SetPoint.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Delade filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\totalcmd\TOTALCMD.EXE
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C383AC73-FC68-456F-AFA3-1813DAA98F63} - C:\WINDOWS\system32\ddccCroN.dll
O2 - BHO: {5879f191-b7c7-82e9-2fc4-23c2636cb46d} - {d64bc636-2c32-4cf2-9e28-7c7b191f9785} - C:\WINDOWS\system32\mkmukpat.dll
O2 - BHO: (no name) - {F0E738CA-4E59-446F-B34A-6BC26FB2C735} - C:\WINDOWS\system32\awtuvWmN.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKLM\..\Run: [18b197e9] rundll32.exe "C:\WINDOWS\system32\bvavvkkx.dll",b
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [BM1b82a475] Rundll32.exe "C:\WINDOWS\system32\jnaufeap.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {E505599B-F37A-4849-A7B0-E0AAB5CB054C} (ScriptPlayerRuntime Class) - https://gfs.nb.se/privat/bank/script...aSmartCard.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtuvWmN - C:\WINDOWS\SYSTEM32\awtuvWmN.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program\Delade filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

--
End of file - 7107 bytes
Citera
2008-05-31, 22:53
  #10
927
Medlem
927s avatar
ja det är ju en del skit kvar, kör det här programmet så får vi se hur det blir

http://www.besttechie.net/tools/mbam-setup.exe
installera programmet och klicka på scanna när du ser den knappen.
klicka på ok >show results >remove selected, starta om.
gör en ny scan med MBAM, posta den loggen och en HJT logg
(det vore bra om du även kunde posta logg även efter du gjort den första scanningen med MBAM, så man ser vad som tas bort)
Citera
2008-06-02, 20:47
  #11
qtj
Medlem
första scannen mbam:

Malwarebytes' Anti-Malware 1.14
Databasversion: 815

20:46:11 2008-06-02
mbam-log-6-2-2008 (20-46-04).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 36591
Förfluten tid: 3 minute(s), 33 second(s)

Infekterade minnesprocesser: 1
Infekterade minnesmoduler: 4
Infekterade registernycklar: 13
Infekterade registervärden: 5
Infekterade registerdataposter: 1
Infekterade mappar: 0
Infekterade filer: 36

Infekterade minnesprocesser:
C:\WINDOWS\service.exe (Backdoor.Bot) -> No action taken.

Infekterade minnesmoduler:
C:\WINDOWS\system32\usudiitk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqnlLCR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtuvWmN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnmNdee.dll (Trojan.Vundo) -> No action taken.

Infekterade registernycklar:
HKEY_CLASSES_ROOT\CLSID\{6b697e22-66ac-45c5-88dc-d0c74f472d4c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6b697e22-66ac-45c5-88dc-d0c74f472d4c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f0e738ca-4e59-446f-b34a-6bc26fb2c735} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f0e738ca-4e59-446f-b34a-6bc26fb2c735} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtuvwmn (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\18b197e9 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{f0e738ca-4e59-446f-b34a-6bc26fb2c735} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Windows UDP Control (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\Windows svchost (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BM1b82a475 (Trojan.Agent) -> No action taken.

Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqnllcr -> No action taken.

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\system32\usudiitk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urqnlLCR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\service.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\awtuvWmN.dll (Trojan.Vundo) -> No action taken.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\mkmukpat.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ubbdetme.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\service.MSNFix (Backdoor.Bot) -> No action taken.
C:\WINDOWS\winudpmgr.MSNFix (Backdoor.Bot) -> No action taken.
C:\WINDOWS\winudspm.exe (Backdoor.Bot) -> No action taken.
C:\bot.MSNFix (Backdoor.Bot) -> No action taken.
C:\dci.MSNFix (Backdoor.Bot) -> No action taken.
C:\img.MSNFix (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_00378.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_18263.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_25321.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_34028.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_43541.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_47601.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_57160.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_72162.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\Lokala inställningar\Temp\eraseme_87047.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Laptop\setup1.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\ehxpumqh.dll (Trojan.Agent) -> No action taken.
C:\bot.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\qoMcaxUk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkIATli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnmNdee.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRKAQIy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pmnnnKef.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byXOfeEw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifGWMDV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqNFUND.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqPHYSJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccaAqpo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fcccdDsq.dll (Trojan.Vundo) -> No action taken.
Citera
2008-06-02, 20:56
  #12
qtj
Medlem
Andra scannen med mbam:

Malwarebytes' Anti-Malware 1.14
Databasversion: 815

20:56:15 2008-06-02
mbam-log-6-2-2008 (20-56-11).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 36244
Förfluten tid: 3 minute(s), 8 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 1
Infekterade registernycklar: 3
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 5

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
C:\WINDOWS\system32\yayyXnkh.dll (Trojan.Vundo) -> No action taken.

Infekterade registernycklar:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyxnkh (Trojan.Vundo) -> No action taken.

Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.Vundo) -> No action taken.

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
C:\WINDOWS\system32\urqnlLCR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\usudiitk.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnmNdee.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtuvWmN.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayyXnkh.dll (Trojan.Vundo) -> No action taken.
Citera
Svara
  • 1
  • 2

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Det är enkelt att registrera ett nytt konto

Bli medlem

Logga in

Har du redan ett konto? Logga in här

Logga in