fauske10 Skrevet 9. september 2009 Del Skrevet 9. september 2009 Kom hjem idag fra skolen og oppdaga at brannmuren var av. jeg skrudde den skrudde seg av igjen like etterpå automatisk hadde ingenting å si hvor mange ganger jeg gjorde det. Lastet ned Comodo firewall som funket. Men har fortsatt en ting i prosessene mine som heter khwx.exe prøvd å google men det hjalp meg ikkje. Tok å scanna med Hijackthis om det hjelper har ikke. Loggen ser slik ut: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:21, on 09.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir Desktop\sched.exe E:\Program Files\Avira\AntiVir Desktop\avguard.exe E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe E:\Program Files\Bonjour\mDNSResponder.exe E:\Program Files\LogMeIn\x86\RaMaint.exe E:\Program Files\LogMeIn\x86\LogMeIn.exe E:\Program Files\LogMeIn\x86\LMIGuardian.exe E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\PnkBstrA.exe E:\WINDOWS\system32\PnkBstrB.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\TUProgSt.exe E:\WINDOWS\System32\alg.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Windows Live\Contacts\wlcomm.exe E:\Program Files\Opera\opera.exe E:\Program Files\COMODO\COMODO Internet Security\cfp.exe E:\Program Files\Task Killer\taskkiller.exe C:\khwx.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe c:\lsass.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {063f7597-c118-4b26-97bf-8bc5db4f5661} - E:\WINDOWS\system32\hlevjafh.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E7C0D4B2-9592-49AA-A797-6ED31F5060CB} - e:\windows\system32\eeievdw.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [20136] C:\khwx.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://E:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232197657187 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{44845670-3B59-4685-92F2-6BFFA0CE3638}: NameServer = 62.97.193.3,62.97.193.53 O20 - AppInit_DLLs: O20 - Winlogon Notify: pxwuqbkq - E:\WINDOWS\SYSTEM32\eeievdw.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - E:\WINDOWS\ O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - E:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - E:\WINDOWS\System32\TUProgSt.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\ -- End of file - 6071 byte Håper noen kan hjelpe Lenke til kommentar
Atiks Skrevet 9. september 2009 Del Skrevet 9. september 2009 (endret) Hei Oppdater MBAM fult kjør en runde med MBAM og post loggen. Det andre er at du burde poste en ny Hijackthis logg ,men kjør den i sikkerhetsmodus. Endret 9. september 2009 av snippern Lenke til kommentar
fauske10 Skrevet 9. september 2009 Forfatter Del Skrevet 9. september 2009 (endret) Hei Oppdater MBAM fult kjør en runde med MBAM og post loggen. Det andre er at du burde poste en ny Hijackthis logg ,men kjør den i sikkerhetsmodus. Her er MBAM loggen Malwarebytes' Anti-Malware 1.40 Database version: 2766 Windows 5.1.2600 Service Pack 3 09.09.2009 21:07:56 mbam-log-2009-09-09 (21-07-51).txt Scan type: Full Scan (E:\|) Objects scanned: 256126 Time elapsed: 55 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 40 Registry Values Infected: 2 Registry Data Items Infected: 3 Folders Infected: 5 Files Infected: 115 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: E:\WINDOWS\system32\hlevjafh.dll (Trojan.Vundo.H) -> No action taken. E:\WINDOWS\system32\eeievdw.dll (Trojan.Vundo.H) -> No action taken. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7c0d4b2-9592-49aa-a797-6ed31f5060cb} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pxwuqbkq (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{e7c0d4b2-9592-49aa-a797-6ed31f5060cb} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063f7597-c118-4b26-97bf-8bc5db4f5661} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{063f7597-c118-4b26-97bf-8bc5db4f5661} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{063f7597-c118-4b26-97bf-8bc5db4f5661} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken. HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken. HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdrixdas (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rdrixdas (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdrixdas (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7c0d4b2-9592-49aa-a797-6ed31f5060cb} (Trojan.Vundo.H) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken. Folders Infected: E:\Documents and Settings\Ole Martin\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210 (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken. Files Infected: e:\WINDOWS\system32\eeievdw.dll (Trojan.Vundo.H) -> No action taken. E:\WINDOWS\system32\hlevjafh.dll (Trojan.Vundo.H) -> No action taken. E:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090909-194939-9982E190\ARK9.tmp (Trojan.Vundo.H) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temp\144.exe (Trojan.Proxy) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temp\219.exe (Trojan.Dropper) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temp\513.exe (Trojan.Dropper) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temp\387.exe (Trojan.Dropper) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temp\457.exe (Trojan.Dropper) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temporary Internet Files\Content.IE5\AY6NDUNO\pr3xy[1].exe (Trojan.Dropper) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temporary Internet Files\Content.IE5\AY6NDUNO\loaderadv563[1].exe (Trojan.Dropper) -> No action taken. E:\Documents and Settings\Ole Martin\Local Settings\Temporary Internet Files\Content.IE5\ENMZPHNV\lqm2[1].exe (Trojan.Proxy) -> No action taken. E:\Program Files\Trend Micro\HijackThis\backups\backup-20090909-180637-802.dll (Trojan.Vundo.H) -> No action taken. E:\RECYCLER\S-1-5-21-839522115-1993962763-682003330-1003\De5.exe (Trojan.Dropper) -> No action taken. E:\RECYCLER\S-1-5-21-839522115-1993962763-682003330-1003\De7.exe (Trojan.Dropper) -> No action taken. E:\WINDOWS\msa.exe.vir (Trojan.Agent) -> No action taken. E:\WINDOWS\msb.VIR (Trojan.Agent) -> No action taken. E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLA9MNK3\fyzmmn[1].htm (Rootkit.Agent) -> No action taken. E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W9GR6XY1\agddeesftt[1].htm (Trojan.Downloader) -> No action taken. E:\WINDOWS\Temp\a.exe.vir (Trojan.Dropper) -> No action taken. E:\WINDOWS\Temp\c.exe (Trojan.Downloader) -> No action taken. E:\WINDOWS\Resources\Themes\ShiftieBB\setup.exe (Rogue.Installer) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Logs\2009-04-17 14-45-460.log (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\filelist.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-0.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-1.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-10.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-11.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-12.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-13.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-14.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-15.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-16.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-17.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-18.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-19.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-2.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-20.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-21.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-22.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-23.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-24.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-25.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-26.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-27.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-28.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-29.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-3.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-30.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-31.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-32.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-33.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-34.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-35.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-36.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-37.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-38.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-39.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-4.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-40.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-41.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-42.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-43.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-44.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-45.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-46.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-47.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-48.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-49.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-5.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-50.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-51.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-52.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-53.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-54.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-55.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-56.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-57.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-58.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-59.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-6.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-60.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-61.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-62.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-63.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-64.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-65.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-66.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-67.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-68.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-69.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-7.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-8.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-9.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> No action taken. E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> No action taken. E:\Program Files\setup.exe (Rogue.Installer) -> No action taken. E:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken. E:\WINDOWS\system32\rotscxaeexmbcj.dat (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxajlncetk.dat (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxbeaxiqow.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxgqmbkdno.dat (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxisepcblc.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxivrxbese.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxkkllxobv.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxnostinmx.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxohrqrisn.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxplnymibe.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxpqfqmdor.dat (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxqhxwgrft.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxvpfdxbjo.dll (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxvyxturqx.dat (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\rotscxyixpvpwq.dat (Rootkit.TDSS) -> No action taken. E:\WINDOWS\system32\drivers\rotscxpttudeir.sys (Rootkit.TDSS) -> No action taken. skal ta med hijackthis straks Edit: Her er hijackthis loggen i sikkerhetsmodus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:39:31, on 09.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\userinit.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [3444] C:\khwx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O8 - Extra context menu item: Save YouTube Video as MP3 - res://E:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232197657187 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{44845670-3B59-4685-92F2-6BFFA0CE3638}: NameServer = 62.97.193.3,62.97.193.53 O20 - AppInit_DLLs: O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - E:\WINDOWS\ O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\ -- End of file - 4135 bytes Endret 9. september 2009 av fauske10 Lenke til kommentar
Atiks Skrevet 10. september 2009 Del Skrevet 10. september 2009 Det du må gjøre er å slette alle filene som MBAM fant. Lenke til kommentar
snippsat Skrevet 10. september 2009 Del Skrevet 10. september 2009 Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
Bruker-158599 Skrevet 12. september 2009 Del Skrevet 12. september 2009 Som nevnt over så sletter du alle filene mbam fant. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå