Turkmen4ever Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 (endret) Hei !! Jeg trenger litt hjelp med å fjerne, Trojan.Fotomoto , Trojan.Virturmonde og Trojan.Vundo som jeg får etter hver formatering. Jeg vet ikke hvorfor jeg får det, men tipper at eksterne Harddisken innholder disse som sprer seg igjen til Pcen etter formateringen... Jeg har Win xp pro inkl. sp2, og bruker explorer 7 med bitdefender 10 som jeg installerer fra den eksterne harddisken. Etter 2 timer fra formateringen, så dukker det opp meldinger fra Bitdefender om at pcen har blitt infektet med de over nevnte virusene, og at de er blokkert og at pcen ble ikke videre infektet...men disse meldingene kommer ofte og jeg vil bli kvitt av dem Hva kan være grunnen og hva må gjøres Norbat? Ser at norbat fisker alle problemene her...Setter stor pris på den viljen til å hjelpe folk og om du ikke får tid, så det er ikke noe problem. Tusen takk påforhånd. Endret 24. desember 2007 av Turkmen4ever Lenke til kommentar
norbat Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Det positive er at de infiserte filene blir stoppet. Du kan kjøre gjennom langversjonen i følgende post: https://www.diskusjon.no/index.php?showtopic=691246. Når du kjører SAS, sørg for at den også skanner den eksterne hdd. Lenke til kommentar
Turkmen4ever Skrevet 22. desember 2007 Forfatter Del Skrevet 22. desember 2007 Hei Norbat !! Jeg har gjort alle de punktene som det står i Veiledninga, og valgte Langversjonen da. CClean, SAS, Combofix og så hijackthis. SAS: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/22/2007 at 10:36 PM Application Version : 3.9.1008 Core Rules Database Version : 3366 Trace Rules Database Version: 1365 Scan type : Complete Scan Total Scan Time : 01:49:10 Memory items scanned : 426 Memory threats detected : 1 Registry items scanned : 4836 Registry threats detected : 5 File items scanned : 39026 File threats detected : 2 Unclassified.Unknown Origin/System C:\WINDOWS\SYSTEM32\GEEBX.DLL C:\WINDOWS\SYSTEM32\GEEBX.DLL Adware.Vundo Variant HKLM\Software\Classes\CLSID\{5BC30720-E8F9-449C-80A7-EB147757817E} HKCR\CLSID\{5BC30720-E8F9-449C-80A7-EB147757817E} HKCR\CLSID\{5BC30720-E8F9-449C-80A7-EB147757817E}\InprocServer32 HKCR\CLSID\{5BC30720-E8F9-449C-80A7-EB147757817E}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BC30720-E8F9-449C-80A7-EB147757817E} Trojan.Downloader-Gen/Suspicious H:\HASAN\F DELEN - HARDDISK\BITTORRENT\CUTEFTP PRO 8.2_INCL_KEYGEN\CUTEFTP PRO 8.2_INCL_KEYGEN\CUTEFTP.8.PROFESSIONAL.V8.0.2.08.22.2006.5-PATCH\CUTEFTP.8.PROFESSIONAL.V8.0.2.08.22.2006.5-PATCH.EXE Combofix: ComboFix 07-12-21.4 - Administrator 2007-12-22 22:52:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.821 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point . The following files were disabled during the run: C:\WINDOWS\system32\sockspy.dll ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 22:57 . 2007-12-22 22:57 31,254 --a------ C:\WINDOWS\system32\rqrsqpm.dll.vir 2007-12-22 20:45 . 2007-12-22 22:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-22 20:45 . 2007-12-22 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-22 20:45 . 2007-12-22 20:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-12-22 20:40 . 2007-12-22 20:40 <DIR> d-------- C:\Program Files\CCleaner 2007-12-22 20:10 . 2007-12-22 20:11 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2007-12-22 19:54 . 2007-12-22 19:54 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-22 19:45 . 2007-12-22 19:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-12-22 19:23 . 2007-12-22 19:23 <DIR> d-------- C:\Program Files\Common Files\Nikon 2007-12-22 16:53 . 2007-12-22 16:53 <DIR> d-------- C:\Program Files\MSBuild 2007-12-22 16:40 . 2007-12-22 16:40 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-12-22 16:38 . 2007-12-22 16:38 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-12-22 16:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-12-22 15:41 . 2007-12-22 15:41 <DIR> d-------- C:\Program Files\Microsoft Works 2007-12-22 15:41 . 2007-12-22 15:41 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-12-22 15:22 . 2007-12-22 19:23 <DIR> d-------- C:\Program Files\Microsoft Expression 2007-12-22 15:21 . 2007-12-22 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-22 14:59 . 2007-12-22 14:59 <DIR> dr-h----- C:\MSOCache 2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d-------- C:\Program Files\TechSmith 2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2007-12-22 14:54 . 2007-12-22 19:26 <DIR> d-------- C:\Temp 2007-12-22 14:32 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-22 14:32 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-22 14:32 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-22 14:29 . 2007-12-22 14:29 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-12-22 14:27 . 2007-12-22 14:27 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks 2007-12-22 14:27 . 2007-12-22 14:27 <DIR> d-------- C:\Program Files\Cisco Systems 2007-12-22 14:27 . 2005-08-18 19:22 110,080 --a------ C:\WINDOWS\system32\drivers\dne2000.sys 2007-12-22 14:27 . 2005-08-18 19:22 94,720 --a------ C:\WINDOWS\system32\dneinobj.dll 2007-12-22 14:25 . 2007-12-22 14:28 1,594 --a------ C:\WINDOWS\VPNInstall.MIF 2007-12-22 04:35 . 2007-12-22 04:35 <DIR> d-------- C:\Program Files\Windows Defender 2007-12-22 03:32 . 2007-12-22 03:34 <DIR> d-------- C:\Program Files\Safari 2007-12-22 03:31 . 2007-12-22 03:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-22 03:22 . 2007-12-22 03:37 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts 2007-12-22 03:21 . 2007-12-22 03:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-22 03:16 . 2007-12-22 03:20 <DIR> d-------- C:\Program Files\Windows Live 2007-12-22 03:16 . 2007-12-22 03:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-22 03:15 . 2007-12-22 03:15 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-22 03:15 . 2007-12-22 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-22 03:15 . 2007-12-22 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-22 03:00 . 2007-12-22 03:03 <DIR> d-------- C:\Program Files\Winamp 2007-12-22 03:00 . 2007-12-22 03:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp 2007-12-22 02:49 . 2007-12-22 02:49 <DIR> d-------- C:\Program Files\LowRateVoip 2007-12-22 02:49 . 2007-12-22 02:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LowRateVoip 2007-12-22 01:30 . 2007-12-22 01:30 <DIR> d-------- C:\Program Files\Opera 2007-12-22 01:11 . 2007-12-22 02:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2007-12-22 01:05 . 2007-12-22 01:05 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-12-22 01:04 . 2007-12-22 01:04 <DIR> d-------- C:\Program Files\Real 2007-12-22 01:04 . 2007-12-22 01:04 <DIR> d-------- C:\Program Files\Common Files\Real 2007-12-22 00:45 . 2007-12-22 00:45 <DIR> d-------- C:\Program Files\Google 2007-12-22 00:43 . 2007-12-22 00:43 <DIR> d-------- C:\Program Files\Skype 2007-12-22 00:43 . 2007-12-22 00:43 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-12-22 00:43 . 2007-12-22 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2007-12-22 00:04 . 2007-12-22 00:05 1,995 --a------ C:\WINDOWS\AccMling.ini 2007-12-22 00:03 . 2007-12-22 00:03 <DIR> d-------- C:\Program Files\Common Files\GuruNet Shared 2007-12-22 00:03 . 2007-12-22 00:03 <DIR> d-------- C:\Program Files\Common Files\Accent Shared 2007-12-22 00:02 . 2007-12-22 00:05 <DIR> d-------- C:\Program Files\QuickWiz 2007-12-21 23:28 . 1997-08-11 21:39 298,496 --a------ C:\WINDOWS\uninst.exe 2007-12-21 23:28 . 2007-12-22 00:42 2,327 --a------ C:\WINDOWS\EasyLingo.MIF 2007-12-21 23:27 . 2007-12-21 23:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2007-12-21 23:14 . 2007-12-21 23:14 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-12-21 23:14 . 2007-12-21 23:18 <DIR> d-------- C:\Program Files\Ahead 2007-12-21 23:14 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-21 23:11 . 2007-12-21 23:11 <DIR> d-------- C:\Program Files\Audio Recorder for FREE 2007-12-21 23:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-21 23:10 . 2007-12-22 20:09 <DIR> d-------- C:\Program Files\Java 2007-12-21 23:10 . 2007-12-21 23:10 <DIR> d-------- C:\Program Files\Common Files\Java 2007-12-21 23:08 . 2007-12-21 23:08 <DIR> d-------- C:\Program Files\Foxit Software 2007-12-21 23:07 . 2007-12-21 23:07 <DIR> d-------- C:\Program Files\DivX 2007-12-21 23:05 . 2007-12-21 23:05 <DIR> d-------- C:\Program Files\Blender Foundation 2007-12-21 23:02 . 2007-12-21 23:04 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2007-12-21 23:02 . 2007-12-21 23:02 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-12-21 23:02 . 2007-12-21 23:03 <DIR> d-------- C:\Program Files\BitTorrent 2007-12-21 23:02 . 2007-12-21 23:03 <DIR> d-------- C:\Program Files\AVSMedia 2007-12-21 23:02 . 2007-12-21 23:02 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode) 2007-12-21 23:02 . 2007-12-22 23:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent DNA 2007-12-21 23:02 . 2003-05-22 00:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-12-21 22:58 . 2007-12-21 22:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-12-21 22:58 . 2007-12-21 23:00 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-21 22:57 . 2007-12-21 22:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-12-21 22:57 . 2007-12-21 22:57 <DIR> d-------- C:\Program Files\AbiSuite2 2007-12-21 19:48 . 2007-12-22 03:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-12-21 19:48 . 2007-12-21 19:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-21 19:48 . 2007-12-21 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-21 19:47 . 2007-12-22 20:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-21 19:45 . 2007-12-21 19:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-12-21 19:41 . 2007-12-21 19:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-12-21 19:41 . 2007-12-21 19:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-21 19:41 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-21 19:32 . 2007-12-21 19:32 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2007-12-21 19:31 . 2007-12-21 19:31 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2007-12-21 19:29 . 2007-12-22 22:45 108,121 --ahs---- C:\WINDOWS\system32\xbeeg.ini2 2007-12-21 19:29 . 2007-12-22 22:46 108,121 --ahs---- C:\WINDOWS\system32\xbeeg.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-21 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender 2007-12-21 06:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bitdefender 2007-12-21 05:47 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-12-21 23:02] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-22 00:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:\WINDOWS\SOUNDMAN.EXE] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-12-21 19:30] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 01:04] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-21 23:00:42] VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-12-22 14:28:30] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll *Newly Created Service* - HTTPFILTER . Contents of the 'Scheduled Tasks' folder "2007-12-22 02:15:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-22 22:05:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 23:02:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\sockspy.dll . Completion time: 2007-12-22 23:06:32 - machine was rebooted . 2007-12-22 02:57:02 --- E O F --- Hijackthis ( Jeg forandret navne på .exe filen) : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:56 PM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\upgrepl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\program files\softwin\bitdefender10\vsserv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 6447 bytes Kan kjøre prosedyren flere ganger om du vil. Og lurer på om du kan lage en tutorial der du viser hvordan man fjerner farlige filer fra loggene og hvordan du finner dem. Så vi kan være med å hjelpe andre her sammen med deg. Tusen Takk for hjelpen. Lenke til kommentar
Turkmen4ever Skrevet 22. desember 2007 Forfatter Del Skrevet 22. desember 2007 Rootlogen ********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh Sat 12/22/2007 23:30:03.17 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 23:30:04 Windows 5.1.2600 Service Pack 2 scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... hidden processes: 0 hidden services: 0 hidden files: 0 Lenke til kommentar
norbat Skrevet 22. desember 2007 Del Skrevet 22. desember 2007 Last ned Vundofix, start programmet og klikk "Scan for Vundo"-knappen. Når programmet er kjørt ferdig, klikker du på knappen "Remove vundo". Loggen fra Vundofix finnes vanligvis på C:\vundofix.txt, den kan du poste senere. Bruk utforsker til å finne og slett følgende fil (i fet): C:\WINDOWS\system32\rqrsqpm.dll.vir Kjør ny runde med Combofix, så ser vi om det ligger noe mer igjen. Lenke til kommentar
Turkmen4ever Skrevet 23. desember 2007 Forfatter Del Skrevet 23. desember 2007 Det er meg igjen Jeg har kjørt VundoFix og fikk ikke noe der, men gikk til den mappen du skrev adressen til og slettet filen, det gikk ikke med en gang, jeg måtte bruke bitdefender til det...først fjerne den fra Quarantine og så slette den...og kjørte deretter Combofix igjen. Vundofix: VundoFix V6.7.7 Checking Java version... Scan started at 1:05:57 AM 12/23/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Combofiz: ComboFix 07-12-21.4 - Administrator 2007-12-22 22:52:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.821 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point . The following files were disabled during the run: C:\WINDOWS\system32\sockspy.dll ((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 ))))))))))))))))))))))))))))))) . 2007-12-22 22:57 . 2007-12-22 22:57 31,254 --a------ C:\WINDOWS\system32\rqrsqpm.dll.vir 2007-12-22 20:45 . 2007-12-22 22:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-12-22 20:45 . 2007-12-22 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-22 20:45 . 2007-12-22 20:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-12-22 20:40 . 2007-12-22 20:40 <DIR> d-------- C:\Program Files\CCleaner 2007-12-22 20:10 . 2007-12-22 20:11 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2007-12-22 19:54 . 2007-12-22 19:54 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-22 19:45 . 2007-12-22 19:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2007-12-22 19:23 . 2007-12-22 19:23 <DIR> d-------- C:\Program Files\Common Files\Nikon 2007-12-22 16:53 . 2007-12-22 16:53 <DIR> d-------- C:\Program Files\MSBuild 2007-12-22 16:40 . 2007-12-22 16:40 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-12-22 16:38 . 2007-12-22 16:38 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-12-22 16:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-12-22 15:41 . 2007-12-22 15:41 <DIR> d-------- C:\Program Files\Microsoft Works 2007-12-22 15:41 . 2007-12-22 15:41 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-12-22 15:22 . 2007-12-22 19:23 <DIR> d-------- C:\Program Files\Microsoft Expression 2007-12-22 15:21 . 2007-12-22 15:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-22 14:59 . 2007-12-22 14:59 <DIR> dr-h----- C:\MSOCache 2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d-------- C:\Program Files\TechSmith 2007-12-22 14:56 . 2007-12-22 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith 2007-12-22 14:54 . 2007-12-22 19:26 <DIR> d-------- C:\Temp 2007-12-22 14:32 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-22 14:32 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-22 14:32 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-22 14:29 . 2007-12-22 14:29 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-12-22 14:27 . 2007-12-22 14:27 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks 2007-12-22 14:27 . 2007-12-22 14:27 <DIR> d-------- C:\Program Files\Cisco Systems 2007-12-22 14:27 . 2005-08-18 19:22 110,080 --a------ C:\WINDOWS\system32\drivers\dne2000.sys 2007-12-22 14:27 . 2005-08-18 19:22 94,720 --a------ C:\WINDOWS\system32\dneinobj.dll 2007-12-22 14:25 . 2007-12-22 14:28 1,594 --a------ C:\WINDOWS\VPNInstall.MIF 2007-12-22 04:35 . 2007-12-22 04:35 <DIR> d-------- C:\Program Files\Windows Defender 2007-12-22 03:32 . 2007-12-22 03:34 <DIR> d-------- C:\Program Files\Safari 2007-12-22 03:31 . 2007-12-22 03:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-22 03:22 . 2007-12-22 03:37 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts 2007-12-22 03:21 . 2007-12-22 03:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-22 03:16 . 2007-12-22 03:20 <DIR> d-------- C:\Program Files\Windows Live 2007-12-22 03:16 . 2007-12-22 03:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-22 03:15 . 2007-12-22 03:15 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-22 03:15 . 2007-12-22 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-22 03:15 . 2007-12-22 03:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-22 03:00 . 2007-12-22 03:03 <DIR> d-------- C:\Program Files\Winamp 2007-12-22 03:00 . 2007-12-22 03:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp 2007-12-22 02:49 . 2007-12-22 02:49 <DIR> d-------- C:\Program Files\LowRateVoip 2007-12-22 02:49 . 2007-12-22 02:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LowRateVoip 2007-12-22 01:30 . 2007-12-22 01:30 <DIR> d-------- C:\Program Files\Opera 2007-12-22 01:11 . 2007-12-22 02:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype 2007-12-22 01:05 . 2007-12-22 01:05 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-12-22 01:04 . 2007-12-22 01:04 <DIR> d-------- C:\Program Files\Real 2007-12-22 01:04 . 2007-12-22 01:04 <DIR> d-------- C:\Program Files\Common Files\Real 2007-12-22 00:45 . 2007-12-22 00:45 <DIR> d-------- C:\Program Files\Google 2007-12-22 00:43 . 2007-12-22 00:43 <DIR> d-------- C:\Program Files\Skype 2007-12-22 00:43 . 2007-12-22 00:43 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-12-22 00:43 . 2007-12-22 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2007-12-22 00:04 . 2007-12-22 00:05 1,995 --a------ C:\WINDOWS\AccMling.ini 2007-12-22 00:03 . 2007-12-22 00:03 <DIR> d-------- C:\Program Files\Common Files\GuruNet Shared 2007-12-22 00:03 . 2007-12-22 00:03 <DIR> d-------- C:\Program Files\Common Files\Accent Shared 2007-12-22 00:02 . 2007-12-22 00:05 <DIR> d-------- C:\Program Files\QuickWiz 2007-12-21 23:28 . 1997-08-11 21:39 298,496 --a------ C:\WINDOWS\uninst.exe 2007-12-21 23:28 . 2007-12-22 00:42 2,327 --a------ C:\WINDOWS\EasyLingo.MIF 2007-12-21 23:27 . 2007-12-21 23:27 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2007-12-21 23:14 . 2007-12-21 23:14 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-12-21 23:14 . 2007-12-21 23:18 <DIR> d-------- C:\Program Files\Ahead 2007-12-21 23:14 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-12-21 23:11 . 2007-12-21 23:11 <DIR> d-------- C:\Program Files\Audio Recorder for FREE 2007-12-21 23:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-21 23:10 . 2007-12-22 20:09 <DIR> d-------- C:\Program Files\Java 2007-12-21 23:10 . 2007-12-21 23:10 <DIR> d-------- C:\Program Files\Common Files\Java 2007-12-21 23:08 . 2007-12-21 23:08 <DIR> d-------- C:\Program Files\Foxit Software 2007-12-21 23:07 . 2007-12-21 23:07 <DIR> d-------- C:\Program Files\DivX 2007-12-21 23:05 . 2007-12-21 23:05 <DIR> d-------- C:\Program Files\Blender Foundation 2007-12-21 23:02 . 2007-12-21 23:04 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2007-12-21 23:02 . 2007-12-21 23:02 <DIR> d-------- C:\Program Files\BitTorrent_DNA 2007-12-21 23:02 . 2007-12-21 23:03 <DIR> d-------- C:\Program Files\BitTorrent 2007-12-21 23:02 . 2007-12-21 23:03 <DIR> d-------- C:\Program Files\AVSMedia 2007-12-21 23:02 . 2007-12-21 23:02 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode) 2007-12-21 23:02 . 2007-12-22 23:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent DNA 2007-12-21 23:02 . 2003-05-22 00:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-12-21 22:58 . 2007-12-21 22:58 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-12-21 22:58 . 2007-12-21 23:00 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-12-21 22:57 . 2007-12-21 22:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-12-21 22:57 . 2007-12-21 22:57 <DIR> d-------- C:\Program Files\AbiSuite2 2007-12-21 19:48 . 2007-12-22 03:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-12-21 19:48 . 2007-12-21 19:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-21 19:48 . 2007-12-21 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-21 19:47 . 2007-12-22 20:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-21 19:45 . 2007-12-21 19:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-12-21 19:41 . 2007-12-21 19:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-12-21 19:41 . 2007-12-21 19:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-21 19:41 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-21 19:32 . 2007-12-21 19:32 13,646 --a------ C:\WINDOWS\system32\wpa.bak 2007-12-21 19:31 . 2007-12-21 19:31 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData 2007-12-21 19:29 . 2007-12-22 22:45 108,121 --ahs---- C:\WINDOWS\system32\xbeeg.ini2 2007-12-21 19:29 . 2007-12-22 22:46 108,121 --ahs---- C:\WINDOWS\system32\xbeeg.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-21 06:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender 2007-12-21 06:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bitdefender 2007-12-21 05:47 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-12-21 23:02] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-22 00:45] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:\WINDOWS\SOUNDMAN.EXE] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-12-21 19:30] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 01:04] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-21 23:00:42] VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-12-22 14:28:30] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll *Newly Created Service* - HTTPFILTER . Contents of the 'Scheduled Tasks' folder "2007-12-22 02:15:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-12-22 22:05:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-22 23:02:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\sockspy.dll . Completion time: 2007-12-22 23:06:32 - machine was rebooted . 2007-12-22 02:57:02 --- E O F --- NB: Bitdefender kom med de samme meldingene og har lagt følgende filer til Quarantine nå: eawtgxxj.dll - Trojan.Vundo.DRT faiytgbd.exe - Trojan.Fotomoto.H ngkyxfih.dll - Trojan.Vundo.DSJ patch.exe - Trojan.Generic.74864 rqrsqpm.dll.vir - Trojan.Virtumonde.XW For et problem....vil formatere på nytt....og vil finne ut hvilket program det er som fører til dette....jeg blir irritert...hva skal jeg gjøre Norbat Lenke til kommentar
norbat Skrevet 23. desember 2007 Del Skrevet 23. desember 2007 (endret) Gjør følgende: 1. Slett filene som Bitdefender har i karantene 2. Hent Avenger og pakk det ut. Start programmet, sett prikk i "Input Script Manually" og klikk på lupen. I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under: Files to delete: C:\WINDOWS\system32\xbeeg.ini2 C:\WINDOWS\system32\xbeeg.ini C:\WINDOWS\system32\rqrsqpm.dll.vir Klikk på Trafikklyset. Restart PC-en. Etter restart vil det komme en loggfil som forteller hva som har skjedd. Du trenger ikke å poste den. Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. 3. Kjør en full scan med Bitdefender 4. Gi tilbakemelding på om det fortsatt sitter noe i systemet og hvor disse filene befinner seg. Endret 23. desember 2007 av norbat Lenke til kommentar
Turkmen4ever Skrevet 23. desember 2007 Forfatter Del Skrevet 23. desember 2007 Hei ! Jeg har: 1- Slettet filene fra Quarantine 2- Skrevet inn de linjene med fet skrift inn i Avenger og kjørte programmet og pcen restartet. 3- Lastet ned CCleaner og kjørte en scann med denne loggen(for sikkerhets skyld): Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\hyfixccl ******************* Script file located at: \??\C:\Documents and Settings\aaeoxutc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\xbeeg.ini2 deleted successfully. File C:\WINDOWS\system32\xbeeg.ini deleted successfully. File C:\WINDOWS\system32\rqrsqpm.dll.vir not found! Deletion of file C:\WINDOWS\system32\rqrsqpm.dll.vir failed! Could not process line: C:\WINDOWS\system32\rqrsqpm.dll.vir Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. 4- Kjørte en Deep Scann med Bitdefender og den fant 3 infiserte filer (gå til linken under, bildet av bitdefender vinduet med stien til filene): http://upload.anamasry.com/files/1t70w3t8726ctekiqlxg.jpg Stien: C:\Documents and Settings\Administrator\Local Settings .... resten ser du på bildet. 5- Kjørte Hijackthis på nytt med her er loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:07:30 PM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\BitTorrent_DNA\dna.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 6294 bytes 6- Hva må gjøres mer? har du en bra måte å formatere PCen på slik at jeg ikke får disse virusene igjen, det er 8. gangen jeg får disse problemene....det blir siste gang så blir det overgang til Ubuntu..hehe.. 7- Tusen Takk for hjelpen (F) Lenke til kommentar
norbat Skrevet 23. desember 2007 Del Skrevet 23. desember 2007 Det burde ikke være nødvendig å formatere PC-en for dette. Det blir overkill. Filene ligger i 'Midlertidige internett filer', noe som kan fjernes enten vha. ccleaner eller fra Kontrollpanel ->Alternativer for internett. Lukk nettleseren når du gjør dette. Prøv dette og igjen, kjør en scan med Bitdefender og se om de da ikke er fjernet. Lenke til kommentar
Turkmen4ever Skrevet 24. desember 2007 Forfatter Del Skrevet 24. desember 2007 Hei !! Det er meg igjen, jeg slettet filene og det gikk bra og det kommer ikke opp Bitdefender meldinger lenger. Jeg scannet med bitdefender et par ganger og med SAS og CCleaner, alt gikk bra og ingenting ble funnet. Jeg analyserte loggene mine, og fant nesten hvordan man gjør det, men vil helst at du lager en liten tutorial eller en liten video tutorial og legger det ut slik vi kan fikse ting for naboer og venner uten å bruke din tid. Tusen Takk for hjelpen Norbat !! Lenke til kommentar
norbat Skrevet 25. desember 2007 Del Skrevet 25. desember 2007 (endret) Bare hyggelig å være til hjelp. Ønsker du å bli spywarejeger, så er en grei start å lese hjt-logger som ligger her på forumet og på andre forum. Se hva som fjernes og hva som brukes som verktøy for å fjerne de ulike infeksjonene (Vundo, smitfraud.....). Videre er det greit å vite hva en hjt-logg viser, hva man kan fjerne vha hjt og hva som ikke man klarer å fjerne med hjt. Tviler på at det kommer en videotutorial fra denne kanten GOD JUL Endret 25. desember 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå