Fått ett virus som heter khwx.exe trur eg?

[fauske10]

Kom hjem idag fra skolen og oppdaga at brannmuren var av. jeg skrudde den skrudde seg av igjen like etterpå automatisk hadde ingenting å si hvor mange ganger jeg gjorde det. Lastet ned Comodo firewall som funket.

Men har fortsatt en ting i prosessene mine som heter khwx.exe

 

prøvd å google men det hjalp meg ikkje.

 

Tok å scanna med Hijackthis om det hjelper har ikke.

 

Loggen ser slik ut:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:21, on 09.09.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\csrss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Avira\AntiVir Desktop\sched.exe

E:\Program Files\Avira\AntiVir Desktop\avguard.exe

E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

E:\Program Files\Bonjour\mDNSResponder.exe

E:\Program Files\LogMeIn\x86\RaMaint.exe

E:\Program Files\LogMeIn\x86\LogMeIn.exe

E:\Program Files\LogMeIn\x86\LMIGuardian.exe

E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

E:\WINDOWS\system32\nvsvc32.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\WINDOWS\system32\PnkBstrB.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\TUProgSt.exe

E:\WINDOWS\System32\alg.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Windows Live\Messenger\msnmsgr.exe

E:\WINDOWS\system32\ctfmon.exe

E:\Program Files\Windows Live\Contacts\wlcomm.exe

E:\Program Files\Opera\opera.exe

E:\Program Files\COMODO\COMODO Internet Security\cfp.exe

E:\Program Files\Task Killer\taskkiller.exe

C:\khwx.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

c:\lsass.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {063f7597-c118-4b26-97bf-8bc5db4f5661} - E:\WINDOWS\system32\hlevjafh.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E7C0D4B2-9592-49AA-A797-6ED31F5060CB} - e:\windows\system32\eeievdw.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [20136] C:\khwx.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000

O8 - Extra context menu item: Save YouTube Video as MP3 - res://E:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232197657187

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44845670-3B59-4685-92F2-6BFFA0CE3638}: NameServer = 62.97.193.3,62.97.193.53

O20 - AppInit_DLLs:

O20 - Winlogon Notify: pxwuqbkq - E:\WINDOWS\SYSTEM32\eeievdw.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - E:\WINDOWS\

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - E:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - E:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\

 

--

End of file - 6071 byte

 

 

Håper noen kan hjelpe

[Atiks]

Hei

 

Oppdater MBAM fult kjør en runde med MBAM og post loggen. Det andre er at du burde poste en ny Hijackthis logg ,men kjør den i sikkerhetsmodus.

Endret 9. september 2009 av snippern

[fauske10]

Hei

 

Oppdater MBAM fult kjør en runde med MBAM og post loggen. Det andre er at du burde poste en ny Hijackthis logg ,men kjør den i sikkerhetsmodus.

Her er MBAM loggen

 

Malwarebytes' Anti-Malware 1.40

Database version: 2766

Windows 5.1.2600 Service Pack 3

 

09.09.2009 21:07:56

mbam-log-2009-09-09 (21-07-51).txt

 

Scan type: Full Scan (E:\|)

Objects scanned: 256126

Time elapsed: 55 minute(s), 48 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 40

Registry Values Infected: 2

Registry Data Items Infected: 3

Folders Infected: 5

Files Infected: 115

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

E:\WINDOWS\system32\hlevjafh.dll (Trojan.Vundo.H) -> No action taken.

E:\WINDOWS\system32\eeievdw.dll (Trojan.Vundo.H) -> No action taken.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7c0d4b2-9592-49aa-a797-6ed31f5060cb} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pxwuqbkq (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{e7c0d4b2-9592-49aa-a797-6ed31f5060cb} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063f7597-c118-4b26-97bf-8bc5db4f5661} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{063f7597-c118-4b26-97bf-8bc5db4f5661} (Trojan.Vundo.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{063f7597-c118-4b26-97bf-8bc5db4f5661} (Trojan.Vundo.H) -> No action taken.

HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.

HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdrixdas (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rdrixdas (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdrixdas (Trojan.Vundo.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7c0d4b2-9592-49aa-a797-6ed31f5060cb} (Trojan.Vundo.H) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\ErrorFix (Rogue.ErrorFix) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> No action taken.

 

Folders Infected:

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Logs (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210 (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results (Rogue.ErrorFix) -> No action taken.

 

Files Infected:

e:\WINDOWS\system32\eeievdw.dll (Trojan.Vundo.H) -> No action taken.

E:\WINDOWS\system32\hlevjafh.dll (Trojan.Vundo.H) -> No action taken.

E:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090909-194939-9982E190\ARK9.tmp (Trojan.Vundo.H) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temp\144.exe (Trojan.Proxy) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temp\219.exe (Trojan.Dropper) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temp\513.exe (Trojan.Dropper) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temp\387.exe (Trojan.Dropper) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temp\457.exe (Trojan.Dropper) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temporary Internet Files\Content.IE5\AY6NDUNO\pr3xy[1].exe (Trojan.Dropper) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temporary Internet Files\Content.IE5\AY6NDUNO\loaderadv563[1].exe (Trojan.Dropper) -> No action taken.

E:\Documents and Settings\Ole Martin\Local Settings\Temporary Internet Files\Content.IE5\ENMZPHNV\lqm2[1].exe (Trojan.Proxy) -> No action taken.

E:\Program Files\Trend Micro\HijackThis\backups\backup-20090909-180637-802.dll (Trojan.Vundo.H) -> No action taken.

E:\RECYCLER\S-1-5-21-839522115-1993962763-682003330-1003\De5.exe (Trojan.Dropper) -> No action taken.

E:\RECYCLER\S-1-5-21-839522115-1993962763-682003330-1003\De7.exe (Trojan.Dropper) -> No action taken.

E:\WINDOWS\msa.exe.vir (Trojan.Agent) -> No action taken.

E:\WINDOWS\msb.VIR (Trojan.Agent) -> No action taken.

E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLA9MNK3\fyzmmn[1].htm (Rootkit.Agent) -> No action taken.

E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W9GR6XY1\agddeesftt[1].htm (Trojan.Downloader) -> No action taken.

E:\WINDOWS\Temp\a.exe.vir (Trojan.Dropper) -> No action taken.

E:\WINDOWS\Temp\c.exe (Trojan.Downloader) -> No action taken.

E:\WINDOWS\Resources\Themes\ShiftieBB\setup.exe (Rogue.Installer) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Logs\2009-04-17 14-45-460.log (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\filelist.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-0.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-1.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-10.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-11.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-12.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-13.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-14.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-15.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-16.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-17.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-18.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-19.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-2.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-20.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-21.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-22.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-23.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-24.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-25.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-26.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-27.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-28.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-29.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-3.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-30.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-31.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-32.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-33.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-34.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-35.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-36.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-37.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-38.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-39.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-4.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-40.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-41.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-42.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-43.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-44.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-45.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-46.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-47.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-48.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-49.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-5.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-50.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-51.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-52.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-53.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-54.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-55.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-56.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-57.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-58.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-59.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-6.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-60.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-61.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-62.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-63.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-64.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-65.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-66.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-67.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-68.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-69.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-7.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-8.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\QuarantineW\2009-04-17 14-50-210\regb-9.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Evidence.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Junk.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Registry.db (Rogue.ErrorFix) -> No action taken.

E:\Documents and Settings\Ole Martin\Application Data\ErrorFix\Results\Update.db (Rogue.ErrorFix) -> No action taken.

E:\Program Files\setup.exe (Rogue.Installer) -> No action taken.

E:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.

E:\WINDOWS\system32\rotscxaeexmbcj.dat (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxajlncetk.dat (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxbeaxiqow.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxgqmbkdno.dat (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxisepcblc.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxivrxbese.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxkkllxobv.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxnostinmx.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxohrqrisn.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxplnymibe.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxpqfqmdor.dat (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxqhxwgrft.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxvpfdxbjo.dll (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxvyxturqx.dat (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\rotscxyixpvpwq.dat (Rootkit.TDSS) -> No action taken.

E:\WINDOWS\system32\drivers\rotscxpttudeir.sys (Rootkit.TDSS) -> No action taken.

 

 

skal ta med hijackthis straks

 

 

Edit:

Her er hijackthis loggen i sikkerhetsmodus

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:39:31, on 09.09.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\userinit.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [3444] C:\khwx.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: Save YouTube Video as MP3 - res://E:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1232197657187

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{44845670-3B59-4685-92F2-6BFFA0CE3638}: NameServer = 62.97.193.3,62.97.193.53

O20 - AppInit_DLLs:

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - E:\WINDOWS\

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - E:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - E:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - E:\WINDOWS\

 

--

End of file - 4135 bytes

Endret 9. september 2009 av fauske10

[Atiks]

Det du må gjøre er å slette alle filene som MBAM fant.

[snippsat]

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

[Bruker-158599]

Som nevnt over så sletter du alle filene mbam fant.