Saiyaman Skrevet 29. august 2008 Del Skrevet 29. august 2008 Hei har fått en trojaner på pcen min kan noen forklare hvordan jeg fjerner den? Sas log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/29/2008 at 05:17 PM Application Version : 4.20.1046 Core Rules Database Version : 3551 Trace Rules Database Version: 1539 Scan type : Quick Scan Total Scan Time : 01:07:57 Memory items scanned : 681 Memory threats detected : 0 Registry items scanned : 451 Registry threats detected : 0 File items scanned : 71990 File threats detected : 2 Adware.Vundo-Variant/J C:\WINDOWS\RQBMVPSO.DLL Trojan.Dropper/Gen C:\WINDOWS\RVOELBXT.EXE HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:07:04, on 29.08.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: D - {CDC4043D-A7A8-34B3-A0CF-7D73D1407BEE} - C:\Windows\system32\mmx17409.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral...loader_fika.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.no/ImageUploader4.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: rqbmvpso - {AE8FEE98-30C8-4988-AA9C-AAFAFB81BB5F} - C:\Windows\rqbmvpso.dll O21 - SSODL: pdoskegl - {EF06F63A-F3EA-4A44-A384-E58085FDE8D6} - C:\Windows\pdoskegl.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 8089 bytes Lenke til kommentar
snippsat Skrevet 29. august 2008 Del Skrevet 29. august 2008 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O2 - BHO: D - {CDC4043D-A7A8-34B3-A0CF-7D73D1407BEE} - C:\Windows\system32\mmx17409.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O21 - SSODL: rqbmvpso - {AE8FEE98-30C8-4988-AA9C-AAFAFB81BB5F} - C:\Windows\rqbmvpso.dll O21 - SSODL: pdoskegl - {EF06F63A-F3EA-4A44-A384-E58085FDE8D6} - C:\Windows\pdoskegl.dll Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Endret 29. august 2008 av SNIPPSAT Lenke til kommentar
Saiyaman Skrevet 29. august 2008 Forfatter Del Skrevet 29. august 2008 Da har jeg kjørt combofix Combofix log ComboFix 08-08-28.06 - lasse 2008-08-29 18:00:45.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1217 [GMT 2:00] Running from: C:\Users\lasse\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\mx17409.dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))) . 2008-08-29 13:54 . 2008-08-29 13:54 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-29 13:51 . 2008-08-29 13:51 <DIR> d-------- C:\Program Files\RegCure 2008-08-29 13:40 . 2008-08-29 13:40 0 --ah----- C:\ntuser.dat.LOG2 2008-08-29 13:40 . 2008-08-29 13:40 0 --ah----- C:\ntuser.dat.LOG1 2008-08-29 13:40 . 2008-08-29 13:40 0 --a------ C:\ntuser.dat 2008-08-29 12:10 . 2008-08-29 12:10 69 --a------ C:\Windows\NeroDigital.ini 2008-08-28 17:31 . 2008-08-28 11:17 233,472 --a------ C:\Windows\pdoskegl.dll 2008-08-23 10:42 . 2008-08-23 10:51 <DIR> d-------- C:\Program Files\Deadliest Catch Alaskan Storm 2008-08-22 13:58 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-08-22 13:58 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-08-22 13:58 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-08-22 13:58 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-08-22 13:58 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-08-22 13:58 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-08-22 13:58 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-08-22 13:58 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-08-22 13:58 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-17 17:55 . 2008-08-29 16:42 <DIR> d-------- C:\Program Files\Full Tilt Poker 2008-08-15 03:04 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-14 22:40 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-14 22:40 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-14 22:40 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-14 22:40 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-14 22:40 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-14 14:18 . 2008-08-14 14:18 <DIR> d-------- C:\Program Files\SureThing Express Labeler 2008-08-14 14:18 . 2008-08-14 14:18 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate 2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate 2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\Program Files\Common Files\Pinnacle 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Studio 12 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Plus 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Studio 12 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Pinnacle Studio Plus 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Program Files\Pinnacle 2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Program Files\Common Files\Yahoo! 2008-08-14 14:05 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Pinnacle 2008-08-14 14:05 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Pinnacle 2008-08-13 23:50 . 2008-08-13 23:50 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-08-13 23:50 . 2008-08-13 23:50 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-08-13 23:50 . 2008-08-29 00:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-11 19:43 . 2008-08-11 20:36 <DIR> d-------- C:\Windows\System32\MediaServerDump 2008-08-11 19:43 . 2008-08-11 20:30 <DIR> d-------- C:\Program Files\D-Link Media Server 2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\Users\All Users\TomTom 2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\ProgramData\TomTom 2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\Program Files\TomTom HOME 2 2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\Program Files\TomTom DesktopSuite 2008-08-08 12:44 . 2008-08-08 12:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-08-07 20:29 . 2008-08-07 20:29 <DIR> d-------- C:\Program Files\Firaxis Games 2008-08-07 19:11 . 2008-08-22 14:21 <DIR> d-------- C:\Users\All Users\TrackMania 2008-08-07 19:11 . 2008-08-22 14:21 <DIR> d-------- C:\ProgramData\TrackMania 2008-08-07 19:01 . 2008-08-07 19:06 <DIR> d-------- C:\Program Files\TmUnitedForever 2008-07-29 01:13 . 2008-08-29 17:59 <DIR> d-------- C:\Program Files\SPAMfighter 2008-07-29 01:13 . 2008-07-29 01:13 <DIR> d-------- C:\Program Files\Common Files\Application 2008-07-29 01:13 . 2008-07-29 01:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 15:56 --------- d-----w C:\ProgramData\avg8 2008-08-29 14:50 --------- d-----w C:\Program Files\TeamViewer3 2008-08-29 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-28 23:07 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-08-28 23:07 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-08-28 23:04 --------- d-----w C:\Program Files\Activision 2008-08-28 23:02 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-18 22:39 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-15 23:36 --------- d-----w C:\Program Files\Common Files\Steam 2008-08-15 01:10 --------- d-----w C:\Program Files\Windows Mail 2008-08-15 01:04 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-13 21:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-07 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-21 20:29 --------- d-----w C:\Program Files\Toshiba 2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-07-17 23:03 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-07-17 23:01 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-07-17 22:55 --------- d-----w C:\ProgramData\Nokia 2008-07-15 21:40 --------- d-----w C:\Program Files\Nokia 2008-07-15 21:38 --------- d-----w C:\Program Files\Common Files\Nokia 2008-07-15 21:36 --------- d-----w C:\ProgramData\Installations 2008-07-11 19:53 --------- d-----w C:\ProgramData\FLEXnet 2008-07-02 09:26 --------- d-----w C:\ProgramData\hps 2008-07-02 09:25 --------- d-----w C:\Program Files\CeWe Color 2008-06-27 01:23 174 --sha-w C:\Program Files\desktop.ini Lenke til kommentar
snippsat Skrevet 29. august 2008 Del Skrevet 29. august 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\Windows\pdoskegl.dll Denne gangen få med hele loggen,nå mangler halvparten. Endret 29. august 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå