2008-04-19, 00:46
#121
Vinnaren i pepparkakshustävlingen!
skannade just med avg, hittade inte ett skit, sen är avg kanske ine det bästa men jag pallar inte med det där jäkla nod32, visst det är ett kanonfint program om man köper det, att ladda ner skiten och få det funka med crackar o grejer kan ta en halv dag, ren lättja alltså
2008-04-19, 00:53
#122
Har du ett virusprogram? Du kanske har fått något virus eller liknande?
2008-04-19, 00:55
#123
Citat:
Ursprungligen postat av rajtantajtan87
Har du ett virusprogram? Du kanske har fått något virus eller liknande?
skannade just med avg, hittade inte ett skit, sen är avg kanske ine det bästa men jag pallar inte med det där jäkla nod32, visst det är ett kanonfint program om man köper det, att ladda ner skiten och få det funka med crackar o grejer kan ta en halv dag, ren lättja alltså
2008-04-19, 00:58
#124
Medlem
Reg: Mar 2007
Inlägg: 12 238
det borde inte gå segt men det går ju att rensa lite i autostarten, nvidia, itunes, quicktime, adobe reader, vad groovemonitor.exe gör vet jag inte
2008-04-19, 00:59
#125
Åhå, ja då är det nog knappast inte ett virus. Jag gissar på att det är hårdiskarna men eftersom det är gratis att byta operativsystem (om du har skivan eller piratkopia^^) så skulle jag själv pröva på det först. Funkar inte det då skulle jag ta mig en extra titt på hårdiskarna.
2008-04-27, 16:11
#126
Virus attack- Trojan Vundo mm. + Hijackthis logg
Fick viruset Trojan Vundo ett tag sen, förmodligen via msn. Har Norton Antivirus 2007, som upptäckte viruset och sammanfattningsvis har datorn sedan dess blivit attackerad av:
Trojan Vundo
Trojan Vundo B
Trojan KillAV
Trojan Metajuan
Trojan Adclicker
Just nu tror jag att det bara är Trojan Vundo och Trojan Vundo B som spökar. Norton har inte kunnat ta bort Vundo och Vundo B utan den "resolvar" virusen hela tiden och jag får starta om datorn. Efter att jag startat om den kommer Norton-rutan att den upptäckt viruset på nytt osv.
Har prövat med detta program från denna hemsida (http://www.atribune.org/ccount/click.php?id=4 ) som en användare här rekommenderade. Programmet tog bort några av de infekterade filerna men kunde inte ta bort alla.
Har även prövat med Nortons Vundo Fix, utan lyckat resultat.
Andra anmärkningar:
*Vissa hemsidor går inte att gi in på bla Hotmail och facebook.
* Pop ups förekommer hela tiden, antagligen pga Trojan Vundo.
Alla tips välkomnas
Trojan Vundo
Trojan Vundo B
Trojan KillAV
Trojan Metajuan
Trojan Adclicker
Just nu tror jag att det bara är Trojan Vundo och Trojan Vundo B som spökar. Norton har inte kunnat ta bort Vundo och Vundo B utan den "resolvar" virusen hela tiden och jag får starta om datorn. Efter att jag startat om den kommer Norton-rutan att den upptäckt viruset på nytt osv.
Har prövat med detta program från denna hemsida (http://www.atribune.org/ccount/click.php?id=4 ) som en användare här rekommenderade. Programmet tog bort några av de infekterade filerna men kunde inte ta bort alla.
Har även prövat med Nortons Vundo Fix, utan lyckat resultat.
Andra anmärkningar:
*Vissa hemsidor går inte att gi in på bla Hotmail och facebook.
* Pop ups förekommer hela tiden, antagligen pga Trojan Vundo.
Alla tips välkomnas
__________________
Senast redigerad av Peruculas 2008-04-27 kl. 16:25.
Senast redigerad av Peruculas 2008-04-27 kl. 16:25.
2008-04-27, 16:25
#127
Hijackthis Logg:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:21, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Delade filer\Symantec Shared\SecurityHistory\mcui32.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfirefox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {b1aa07ce-6f4a-95e8-6e74-6fbb70a80b93} - {39b08a07-bbf6-47e6-8e59-a4f6ec70aa1b} - C:\WINDOWS\system32\mhatnbnx.dll
O2 - BHO: (no name) - {4E0C2F02-3C96-477D-92EB-844F2201313A} - C:\WINDOWS\system32\fccYOEUK.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BM53295cc0] Rundll32.exe "C:\WINDOWS\system32\rmcfcdfb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7267 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:21, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Delade filer\Symantec Shared\SecurityHistory\mcui32.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfirefox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {b1aa07ce-6f4a-95e8-6e74-6fbb70a80b93} - {39b08a07-bbf6-47e6-8e59-a4f6ec70aa1b} - C:\WINDOWS\system32\mhatnbnx.dll
O2 - BHO: (no name) - {4E0C2F02-3C96-477D-92EB-844F2201313A} - C:\WINDOWS\system32\fccYOEUK.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BM53295cc0] Rundll32.exe "C:\WINDOWS\system32\rmcfcdfb.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7267 bytes
2008-04-27, 19:12
#128
Medlem
Reg: Mar 2007
Inlägg: 12 238
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
installera programmet och klicka på scanna när du ser den knappen.
klicka på visa resultat >ta bort markerade,starta om.
gör en ny scan och nu borde datorn va ok men posta en ny HJT logg
installera programmet och klicka på scanna när du ser den knappen.
klicka på visa resultat >ta bort markerade,starta om.
gör en ny scan och nu borde datorn va ok men posta en ny HJT logg
2008-04-27, 22:11
#129
Första Sökningen med Malware:
Malwarebytes' Anti-Malware 1.11
Databasversion: 690
Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 113711
Förfluten tid: 1 hour(s), 12 minute(s), 32 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 2
Infekterade registernycklar: 6
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 1
Infekterade filer: 50
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
C:\WINDOWS\system32\rmcfcdfb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mhatnbnx.dll (Trojan.Vundo) -> Unloaded module successfully.
Infekterade registernycklar:
HKEY_CLASSES_ROOT\CLSID\{39b08a07-bbf6-47e6-8e59-a4f6ec70aa1b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{39b08a07-bbf6-47e6-8e59-a4f6ec70aa1b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BM53295cc0 (Trojan.Vundo) -> Quarantined and deleted successfully.
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
Infekterade filer:
C:\WINDOWS\system32\rmcfcdfb.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\5deni0fm.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\t193paam.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\t7ll7d1k.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\yangs45r.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP313\A0029288.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP313\A0029291.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035635.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035636.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035637.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035638.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035639.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035640.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP397\A0035786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP399\A0035817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035883.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035892.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035894.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP404\A0035994.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036026.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036027.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP409\A0037102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP409\A0037104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP409\A0037106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP410\A0037137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP412\A0038127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP414\A0038180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP414\A0038190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP416\A0038327.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhatnbnx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\gos3F.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\cd12D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
Databasversion: 690
Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 113711
Förfluten tid: 1 hour(s), 12 minute(s), 32 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 2
Infekterade registernycklar: 6
Infekterade registervärden: 1
Infekterade registerdataposter: 0
Infekterade mappar: 1
Infekterade filer: 50
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
C:\WINDOWS\system32\rmcfcdfb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mhatnbnx.dll (Trojan.Vundo) -> Unloaded module successfully.
Infekterade registernycklar:
HKEY_CLASSES_ROOT\CLSID\{39b08a07-bbf6-47e6-8e59-a4f6ec70aa1b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{39b08a07-bbf6-47e6-8e59-a4f6ec70aa1b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Infekterade registervärden:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\BM53295cc0 (Trojan.Vundo) -> Quarantined and deleted successfully.
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
Infekterade filer:
C:\WINDOWS\system32\rmcfcdfb.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\5deni0fm.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\t193paam.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\t7ll7d1k.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\yangs45r.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP313\A0029288.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP313\A0029291.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035635.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035636.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035637.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035638.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035639.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP391\A0035640.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP397\A0035786.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP399\A0035817.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035883.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035892.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP401\A0035894.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP404\A0035994.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036026.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036027.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP405\A0036029.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP409\A0037102.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP409\A0037104.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP409\A0037106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP410\A0037137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP412\A0038127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP414\A0038180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP414\A0038190.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038291.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038297.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038301.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP415\A0038310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP416\A0038327.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mhatnbnx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\gos3F.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\cd12D.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
2008-04-27, 22:13
#130
Andra sökningen med Malware:
Databasversion: 690
Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 114101
Förfluten tid: 1 hour(s), 6 minute(s), 12 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 2
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP416\A0038330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP416\A0038331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 114101
Förfluten tid: 1 hour(s), 6 minute(s), 12 second(s)
Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 2
Infekterade minnesprocesser:
(Inga illasinnade poster hittades)
Infekterade minnesmoduler:
(Inga illasinnade poster hittades)
Infekterade registernycklar:
(Inga illasinnade poster hittades)
Infekterade registervärden:
(Inga illasinnade poster hittades)
Infekterade registerdataposter:
(Inga illasinnade poster hittades)
Infekterade mappar:
(Inga illasinnade poster hittades)
Infekterade filer:
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP416\A0038330.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{75E36082-3783-43F8-A0C7-2993329BC756}\RP416\A0038331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
2008-04-27, 22:14
#131
Senaste Hijackthis Loggen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:28, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfirefox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4E0C2F02-3C96-477D-92EB-844F2201313A} - C:\WINDOWS\system32\fccYOEUK.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6967 bytes
Scan saved at 22:06:28, on 2008-04-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.getfirefox.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4E0C2F02-3C96-477D-92EB-844F2201313A} - C:\WINDOWS\system32\fccYOEUK.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 6967 bytes
2008-04-27, 22:39
#132
Medlem
Reg: Mar 2007
Inlägg: 12 238
bocka för och fixa den här raden i HJT
O2 - BHO: (no name) - {4E0C2F02-3C96-477D-92EB-844F2201313A} - C:\WINDOWS\system32\fccYOEUK.dll (file missing)
annars ser allt ut att va ok
O2 - BHO: (no name) - {4E0C2F02-3C96-477D-92EB-844F2201313A} - C:\WINDOWS\system32\fccYOEUK.dll (file missing)
annars ser allt ut att va ok
Skapa ett konto eller logga in för att kommentera
Du måste vara medlem för att kunna kommentera
