Har fått en trojaner hvordan fjerner jeg den?

[Saiyaman]

Hei har fått en trojaner på pcen min kan noen forklare hvordan jeg fjerner den?

 

Sas log

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/29/2008 at 05:17 PM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3551

Trace Rules Database Version: 1539

 

Scan type : Quick Scan

Total Scan Time : 01:07:57

 

Memory items scanned : 681

Memory threats detected : 0

Registry items scanned : 451

Registry threats detected : 0

File items scanned : 71990

File threats detected : 2

 

Adware.Vundo-Variant/J

C:\WINDOWS\RQBMVPSO.DLL

 

Trojan.Dropper/Gen

C:\WINDOWS\RVOELBXT.EXE

 

 

HijackThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:07:04, on 29.08.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\DllHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: D - {CDC4043D-A7A8-34B3-A0CF-7D73D1407BEE} - C:\Windows\system32\mmx17409.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://fika-web.ifolor.net/OrderingGeneral...loader_fika.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.no/ImageUploader4.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O21 - SSODL: rqbmvpso - {AE8FEE98-30C8-4988-AA9C-AAFAFB81BB5F} - C:\Windows\rqbmvpso.dll

O21 - SSODL: pdoskegl - {EF06F63A-F3EA-4A44-A384-E58085FDE8D6} - C:\Windows\pdoskegl.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

 

--

End of file - 8089 bytes

 

 

[snippsat]

Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked.

O2 - BHO: D - {CDC4043D-A7A8-34B3-A0CF-7D73D1407BEE} - C:\Windows\system32\mmx17409.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O21 - SSODL: rqbmvpso - {AE8FEE98-30C8-4988-AA9C-AAFAFB81BB5F} - C:\Windows\rqbmvpso.dll

O21 - SSODL: pdoskegl - {EF06F63A-F3EA-4A44-A384-E58085FDE8D6} - C:\Windows\pdoskegl.dll

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

Endret 29. august 2008 av SNIPPSAT

[Saiyaman]

Da har jeg kjørt combofix

 

Combofix log

 

 

ComboFix 08-08-28.06 - lasse 2008-08-29 18:00:45.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1217 [GMT 2:00]

Running from: C:\Users\lasse\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\system32\mx17409.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))

.

 

2008-08-29 13:54 . 2008-08-29 13:54 <DIR> d-------- C:\Program Files\Trend Micro

2008-08-29 13:51 . 2008-08-29 13:51 <DIR> d-------- C:\Program Files\RegCure

2008-08-29 13:40 . 2008-08-29 13:40 0 --ah----- C:\ntuser.dat.LOG2

2008-08-29 13:40 . 2008-08-29 13:40 0 --ah----- C:\ntuser.dat.LOG1

2008-08-29 13:40 . 2008-08-29 13:40 0 --a------ C:\ntuser.dat

2008-08-29 12:10 . 2008-08-29 12:10 69 --a------ C:\Windows\NeroDigital.ini

2008-08-28 17:31 . 2008-08-28 11:17 233,472 --a------ C:\Windows\pdoskegl.dll

2008-08-23 10:42 . 2008-08-23 10:51 <DIR> d-------- C:\Program Files\Deadliest Catch Alaskan Storm

2008-08-22 13:58 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-08-22 13:58 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-08-22 13:58 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-08-22 13:58 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-08-22 13:58 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-08-22 13:58 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-08-22 13:58 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-08-22 13:58 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-08-22 13:58 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-08-17 17:55 . 2008-08-29 16:42 <DIR> d-------- C:\Program Files\Full Tilt Poker

2008-08-15 03:04 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-14 22:40 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-08-14 22:40 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll

2008-08-14 22:40 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll

2008-08-14 22:40 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL

2008-08-14 22:40 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll

2008-08-14 14:18 . 2008-08-14 14:18 <DIR> d-------- C:\Program Files\SureThing Express Labeler

2008-08-14 14:18 . 2008-08-14 14:18 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared

2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate

2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate

2008-08-14 14:15 . 2008-08-14 14:15 <DIR> d-------- C:\Program Files\Common Files\Pinnacle

2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Studio 12

2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Plus

2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Studio 12

2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Pinnacle Studio Plus

2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Program Files\Pinnacle

2008-08-14 14:09 . 2008-08-14 14:09 <DIR> d-------- C:\Program Files\Common Files\Yahoo!

2008-08-14 14:05 . 2008-08-14 14:09 <DIR> d-------- C:\Users\All Users\Pinnacle

2008-08-14 14:05 . 2008-08-14 14:09 <DIR> d-------- C:\ProgramData\Pinnacle

2008-08-13 23:50 . 2008-08-13 23:50 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-13 23:50 . 2008-08-13 23:50 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-08-13 23:50 . 2008-08-29 00:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-11 19:43 . 2008-08-11 20:36 <DIR> d-------- C:\Windows\System32\MediaServerDump

2008-08-11 19:43 . 2008-08-11 20:30 <DIR> d-------- C:\Program Files\D-Link Media Server

2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\Users\All Users\TomTom

2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\ProgramData\TomTom

2008-08-08 12:45 . 2008-08-08 12:45 <DIR> d-------- C:\Program Files\TomTom HOME 2

2008-08-08 12:44 . 2008-08-08 12:44 <DIR> d-------- C:\Program Files\TomTom DesktopSuite

2008-08-08 12:44 . 2008-08-08 12:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-08-07 20:29 . 2008-08-07 20:29 <DIR> d-------- C:\Program Files\Firaxis Games

2008-08-07 19:11 . 2008-08-22 14:21 <DIR> d-------- C:\Users\All Users\TrackMania

2008-08-07 19:11 . 2008-08-22 14:21 <DIR> d-------- C:\ProgramData\TrackMania

2008-08-07 19:01 . 2008-08-07 19:06 <DIR> d-------- C:\Program Files\TmUnitedForever

2008-07-29 01:13 . 2008-08-29 17:59 <DIR> d-------- C:\Program Files\SPAMfighter

2008-07-29 01:13 . 2008-07-29 01:13 <DIR> d-------- C:\Program Files\Common Files\Application

2008-07-29 01:13 . 2008-07-29 01:13 <DIR> d-------- C:\Program Files\Common Files\Ankiro

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-29 15:56 --------- d-----w C:\ProgramData\avg8

2008-08-29 14:50 --------- d-----w C:\Program Files\TeamViewer3

2008-08-29 14:42 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-28 23:07 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-08-28 23:07 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-08-28 23:04 --------- d-----w C:\Program Files\Activision

2008-08-28 23:02 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-18 22:39 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-15 23:36 --------- d-----w C:\Program Files\Common Files\Steam

2008-08-15 01:10 --------- d-----w C:\Program Files\Windows Mail

2008-08-15 01:04 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-13 21:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-07 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-07-21 20:29 --------- d-----w C:\Program Files\Toshiba

2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR

2008-07-17 23:03 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-07-17 23:01 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-07-17 22:55 --------- d-----w C:\ProgramData\Nokia

2008-07-15 21:40 --------- d-----w C:\Program Files\Nokia

2008-07-15 21:38 --------- d-----w C:\Program Files\Common Files\Nokia

2008-07-15 21:36 --------- d-----w C:\ProgramData\Installations

2008-07-11 19:53 --------- d-----w C:\ProgramData\FLEXnet

2008-07-02 09:26 --------- d-----w C:\ProgramData\hps

2008-07-02 09:25 --------- d-----w C:\Program Files\CeWe Color

2008-06-27 01:23 174 --sha-w C:\Program Files\desktop.ini

 

[snippsat]

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

 

File::

C:\Windows\pdoskegl.dll

 

Denne gangen få med hele loggen,nå mangler halvparten.

Endret 29. august 2008 av SNIPPSAT