Saiyaman Skrevet 29. august 2008 Skrevet 29. august 2008 Hei har fått en trojaner på pcen min kan noen forklare hvordan jeg fjerner den? Sas log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/29/2008 at 05:17 PM Application Version : 4.20.1046 Core Rules Database Version : 3551 Trace Rules Database Version: 1539 Scan type : Quick Scan Total Scan Time : 01:07:57 Memory items scanned : 681 Memory threats detected : 0 Registry items scanned : 451 Registry threats detected : 0 File items scanned : 71990 File threats detected : 2 Adware.Vundo-Variant/J C:\WINDOWS\RQBMVPSO.DLL Trojan.Dropper/Gen C:\WINDOWS\RVOELBXT.EXE HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:04, on 29.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: D - {CDC4043D-A7A8-34B3-A0CF-7D73D1407BEE} - C:\Windows\system32\mmx17409.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral...loader_fika.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.no/ImageUploader4.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: rqbmvpso - {AE8FEE98-30C8-4988-AA9C-AAFAFB81BB5F} - C:\Windows\rqbmvpso.dll O21 - SSODL: pdoskegl - {EF06F63A-F3EA-4A44-A384-E58085FDE8D6} - C:\Windows\pdoskegl.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8089 bytes
snippsat Skrevet 29. august 2008 Skrevet 29. august 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: D - {CDC4043D-A7A8-34B3-A0CF-7D73D1407BEE} - C:\Windows\system32\mmx17409.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O21 - SSODL: rqbmvpso - {AE8FEE98-30C8-4988-AA9C-AAFAFB81BB5F} - C:\Windows\rqbmvpso.dll O21 - SSODL: pdoskegl - {EF06F63A-F3EA-4A44-A384-E58085FDE8D6} - C:\Windows\pdoskegl.dll Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Endret 29. august 2008 av SNIPPSAT
Saiyaman Skrevet 29. august 2008 Forfatter Skrevet 29. august 2008 Da har jeg kjørt combofix Combofix log ComboFix 08-08-28.06 - lasse 2008-08-29 18:00:45.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1217 [GMT 2:00] Running from: C:\Users\lasse\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\mx17409.dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))) . 2008-08-29 13:54 . 2008-08-29 13:54 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-29 13:51 . 2008-08-29 13:51 <DIR> d-------- C:\Program Files\RegCure 2008-08-29 13:40 . 2008-08-29 13:40 0 --ah----- C:\ntuser.dat.LOG2 2008-08-29 13:40 . 2008-08-29 13:40 0 --ah----- C:\ntuser.dat.LOG1 2008-08-29 13:40 . 2008-08-29 13:40 0 --a------ C:\ntuser.dat 2008-08-29 12:10 . 2008-08-29 12:10 69 --a------ C:\Windows\NeroDigital.ini 2008-08-28 17:31 . 2008-08-28 11:17 233,472 --a------ C:\Windows\pdoskegl.dll 2008-08-23 10:42 . 2008-08-23 10:51 <DIR> d-------- C:\Program Files\Deadliest Catch Alaskan Storm 2008-08-22 13:58 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-22 13:58 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-22 13:58 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-22 13:58 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-22 13:58 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-22 13:58 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-22 13:58 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-22 13:58 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-22 13:58 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-17 17:55 . 2008-08-29 16:42 <DIR> d-------- C:\Program Files\Full Tilt Poker 2008-08-15 03:04 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-14 22:40 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-14 22:40 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-14 22:40 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-14 22:40 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-14 22:40 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-14 14:18 . 2008-08-14 14:18 <DIR> d-------- C:\Program Files\SureThing Express Labeler 2008-08-14 14:18 . 2008-08-14 14:18 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate 2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate 2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\Program Files\Common Files\Pinnacle 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Studio 12 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Plus 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Studio 12 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Pinnacle Studio Plus 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Program Files\Pinnacle 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Program Files\Common Files\Yahoo! 2008-08-14 14:05 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Pinnacle 2008-08-14 14:05 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Pinnacle 2008-08-13 23:50 . 2008-08-13 23:50 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-08-13 23:50 . 2008-08-13 23:50 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-08-13 23:50 . 2008-08-29 00:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-11 19:43 . 2008-08-11 20:36 <DIR> d-------- C:\Windows\System32\MediaServerDump 2008-08-11 19:43 . 2008-08-11 20:30 <DIR> d-------- C:\Program Files\D-Link Media Server 2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\Users\All Users\TomTom 2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\ProgramData\TomTom 2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\Program Files\TomTom HOME 2 2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\Program Files\TomTom DesktopSuite 2008-08-08 12:44 . 2008-08-08 12:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-08-07 20:29 . 2008-08-07 20:29 <DIR> d-------- C:\Program Files\Firaxis Games 2008-08-07 19:11 . 2008-08-22 14:21 <DIR> d-------- C:\Users\All Users\TrackMania 2008-08-07 19:11 . 2008-08-22 14:21 <DIR> d-------- C:\ProgramData\TrackMania 2008-08-07 19:01 . 2008-08-07 19:06 <DIR> d-------- C:\Program Files\TmUnitedForever 2008-07-29 01:13 . 2008-08-29 17:59 <DIR> d-------- C:\Program Files\SPAMfighter 2008-07-29 01:13 . 2008-07-29 01:13 <DIR> d-------- C:\Program Files\Common Files\Application 2008-07-29 01:13 . 2008-07-29 01:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 15:56 --------- d-----w C:\ProgramData\avg8 2008-08-29 14:50 --------- d-----w C:\Program Files\TeamViewer3 2008-08-29 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-28 23:07 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-08-28 23:07 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-08-28 23:04 --------- d-----w C:\Program Files\Activision 2008-08-28 23:02 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-18 22:39 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-15 23:36 --------- d-----w C:\Program Files\Common Files\Steam 2008-08-15 01:10 --------- d-----w C:\Program Files\Windows Mail 2008-08-15 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-13 21:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-07 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-21 20:29 --------- d-----w C:\Program Files\Toshiba 2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-07-17 23:03 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-07-17 23:01 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-07-17 22:55 --------- d-----w C:\ProgramData\Nokia 2008-07-15 21:40 --------- d-----w C:\Program Files\Nokia 2008-07-15 21:38 --------- d-----w C:\Program Files\Common Files\Nokia 2008-07-15 21:36 --------- d-----w C:\ProgramData\Installations 2008-07-11 19:53 --------- d-----w C:\ProgramData\FLEXnet 2008-07-02 09:26 --------- d-----w C:\ProgramData\hps 2008-07-02 09:25 --------- d-----w C:\Program Files\CeWe Color 2008-06-27 01:23 174 --sha-w C:\Program Files\desktop.ini
snippsat Skrevet 29. august 2008 Skrevet 29. august 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\Windows\pdoskegl.dll Denne gangen få med hele loggen,nå mangler halvparten. Endret 29. august 2008 av SNIPPSAT
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå