CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede kvadrat Nybegynder
25. september 2009 - 14:07 Der er 8 kommentarer

keylogger og hijackthis log

Hej. min vendinde har fået hacket sin wow account et par gange nu , så hun har selvfølgelig en keylogger. men jeg kan sku ikke rigtig finde den.

har kørt virus scan, active scan, ad-aware. har IKKE kørt en spybot da på besynderlig vis ikke kan connecte til deres server.

men her er en hijack log, har fjernet det mest tydelige snavs,men i kan sikkert finde mere...
på forhånd tak for hjælpen.

Logfile of HijackThis v1.99.1
Scan saved at 14:00:27, on 25-09-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Lexmark 3500-4500 Series\lxdimon.exe
C:\Programmer\Lexmark 3500-4500 Series\lxdiamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmer\Curse\CurseClient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Nina Larsen\Dokumenter\Hentede filer\spybotsd162.exe
C:\DOCUME~1\NINALA~1\LOKALE~1\Temp\is-M3IHC.tmp\spybotsd162.tmp
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\AVG\AVG8\avgui.exe
C:\Programmer\AVG\AVG8\avgscanx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Nina Larsen\Skrivebord\hijack\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Programmer\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Programmer\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Programmer\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmer\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programmer\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [EA Core] "C:\Programmer\Electronic Arts\EADM\Core.exe" -silent
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2528B677-F3FA-4C2B-A94B-5A3EA61637C4}: NameServer = 85.255.115.21,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{485A2336-FA56-428C-AC88-9F66245B5D0D}: NameServer = 85.255.115.21,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{65FF7932-DE2A-4726-98D0-0D81EFC78510}: NameServer = 85.255.115.21,85.255.112.137
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 
O17 - HKLM\System\CS1\Services\Tcpip\..\{2528B677-F3FA-4C2B-A94B-5A3EA61637C4}: NameServer = 85.255.115.21,85.255.112.137
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 
O17 - HKLM\System\CS2\Services\Tcpip\..\{2528B677-F3FA-4C2B-A94B-5A3EA61637C4}: NameServer = 85.255.115.21,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: explxx - explxx.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device -  - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Remote Procedure Call (HGM) (RPCHGM) - Unknown owner - C:\Programmer\NetMeeting\secedit.exe
Avatar billede f-arn Guru
25. september 2009 - 14:20 #1
Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds


Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

NB Når du opdaterer Malwarebytes, så klik på "opdater" til den skriver at der ikke er flere opdateringer.
Avatar billede kvadrat Nybegynder
25. september 2009 - 15:01 #2
DDS log

DDS (Ver_09-09-24.01) - NTFSx86 
Run by Nina Larsen at 14:59:02,37 on 25-09-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.2.1252.45.1030.18.1023.467 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)  {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled*  {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
"C:\WINDOWS\system32\svchost.exe" 40706
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Lexmark 3500-4500 Series\lxdimon.exe
C:\Programmer\Lexmark 3500-4500 Series\lxdiamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\Curse\CurseClient.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nina Larsen\Dokumenter\Hentede filer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmer\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark Værktøjslinje: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\programmer\lexmark toolbar\toolband.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmer\avg\avg8\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
TB: Lexmark Værktøjslinje: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\programmer\lexmark toolbar\toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programmer\avg\avg8\toolbar\IEToolbar.dll
TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\programmer\daemon tools toolbar\DTToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Creative WebCam Tray] "c:\programmer\creative\shared files\CamTray.exe"
uRun: [updateMgr] "c:\programmer\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [MSMSGS] "c:\programmer\messenger\msmsgs.exe" /background
uRun: [CurseClient] c:\programmer\curse\CurseClient.exe -silent
uRun: [EA Core] "c:\programmer\electronic arts\eadm\Core.exe" -silent
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [lxdimon.exe] "c:\programmer\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\programmer\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\programmer\\lexmark fax solutions\fm3032.exe" /s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ATICCC] "c:\programmer\ati technologies\ati.ace\CLIStart.exe"
mRun: [ZoneAlarm Client] "c:\programmer\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe
IE: &Windows Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\programmer\java\jre1.6.0_03\bin\ssv.dll
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer = 
TCP: {2528B677-F3FA-4C2B-A94B-5A3EA61637C4} = 85.255.115.21,85.255.112.137
TCP: {485A2336-FA56-428C-AC88-9F66245B5D0D} = 85.255.115.21,85.255.112.137
TCP: {65FF7932-DE2A-4726-98D0-0D81EFC78510} = 85.255.115.21,85.255.112.137
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: explxx - explxx.dll
Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ninala~1\applic~1\mozilla\firefox\profiles\yllwk2at.default\

---- FIREFOX POLICIES ----
c:\programmer\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-25 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-9-25 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-18 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-9-25 353672]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-18 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-6-16 99248]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-27 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 RPCHGM;Remote Procedure Call (HGM);c:\programmer\netmeeting\secedit.exe [2009-8-11 22863560]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\ninala~1\lokale~1\temp\WST5.tmp [2009-8-13 17864]
S4 DomainService;DomainService;c:\windows\system32\qwerty12.exe /service --> c:\windows\system32\qwerty12.exe  [?]

=============== Created Last 30 ================

2009-09-25 14:10    4,212    a---h---    c:\windows\system32\zllictbl.dat
2009-09-25 14:09    <DIR>    --d-----    c:\programmer\Zone Labs
2009-09-25 14:08    <DIR>    --d-----    c:\windows\Internet Logs
2009-09-25 13:56    15,688    a-------    c:\windows\system32\lsdelete.exe
2009-09-25 13:21    64,160    a-------    c:\windows\system32\drivers\Lbd.sys
2009-09-25 13:18    <DIR>    -cd-h---    c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-25 13:15    28,544    a-------    c:\windows\system32\drivers\pavboot.sys
2009-09-25 13:15    <DIR>    --d-----    c:\programmer\Panda Security
2009-09-19 01:49    520,192    --------    c:\windows\system32\ati2sgag.exe
2009-09-18 22:09    <DIR>    --d-h---    C:\$AVG8.VAULT$
2009-09-18 22:00    108,552    a-------    c:\windows\system32\drivers\avgtdix.sys
2009-09-18 22:00    11,952    a-------    c:\windows\system32\avgrsstx.dll
2009-09-18 22:00    335,240    a-------    c:\windows\system32\drivers\avgldx86.sys
2009-09-18 22:00    <DIR>    --d-----    c:\windows\system32\drivers\Avg
2009-09-18 22:00    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-18 22:00    <DIR>    --d-----    c:\programmer\AVG
2009-09-18 22:00    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\avg8
2009-09-18 21:56    <DIR>    --d-----    c:\docume~1\ninala~1\applic~1\AVG8

==================== Find3M  ====================

2009-08-31 18:24    956    a-------    c:\docume~1\ninala~1\applic~1\wklnhst.dat
2009-08-27 14:24    96,334    a-------    c:\windows\War3Unin.dat
2009-08-12 00:24    139,264    a-------    c:\windows\War3Unin.exe
2009-08-12 00:24    2,829    a-------    c:\windows\War3Unin.pif
2009-08-11 23:34    4,224    a-------    c:\windows\system32\drivers\beep.sys

============= FINISH: 15:00:28,75 ===============
Avatar billede kvadrat Nybegynder
25. september 2009 - 15:12 #3
hendes computerhar også svært ved at få kontakt til forskellige severe som opdaterings serverne fra spybot og adaware, jeg har disabled windows egen, og instaleret zonealarm istedet, men kan stadig ikke få kontakt? nogen der har en ide?
Avatar billede johnstigers Seniormester
25. september 2009 - 15:19 #4
Hvor er loggen fra Malwarebytes?
Avatar billede Computer Hjælp (Gratis) Mester
25. september 2009 - 15:24 #5
Hvad med nævnte [Malwarebytes] procedure + tilhørende Log ?

DEREFTER en frisk log fra nævnte [DDS] ...

---

Kan godt se problemet ->
http://whois.domaintools.com/85.255.115.21
(Har denne PC noget med Ukraine at gøre ???)
[Malwarebytes] plejer at nappe den 'fejl' ...
Avatar billede kvadrat Nybegynder
25. september 2009 - 15:27 #6
malware fant 88 malware og key loggers. og det var den keylogger jeg havde regnet med det var.,.. s jeg har fjernet det hele. og kørt en frisk scan med ren log :)


frisk dds log:

DDS (Ver_09-09-24.01) - NTFSx86 
Run by Nina Larsen at 15:25:18,93 on 25-09-2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.2.1252.45.1030.18.1023.424 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)  {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled*  {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Lexmark 3500-4500 Series\lxdimon.exe
C:\Programmer\Lexmark 3500-4500 Series\lxdiamon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\Curse\CurseClient.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nina Larsen\Dokumenter\Hentede filer\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmer\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=4 (0x4)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Lexmark Værktøjslinje: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\programmer\lexmark toolbar\toolband.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\programmer\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\programmer\avg\avg8\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\programmer\yahoo!\companion\installs\cpn\yt.dll
TB: Lexmark Værktøjslinje: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\programmer\lexmark toolbar\toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\programmer\avg\avg8\toolbar\IEToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\programmer\daemon tools toolbar\DTToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Creative WebCam Tray] "c:\programmer\creative\shared files\CamTray.exe"
uRun: [updateMgr] "c:\programmer\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
uRun: [MSMSGS] "c:\programmer\messenger\msmsgs.exe" /background
uRun: [CurseClient] c:\programmer\curse\CurseClient.exe -silent
uRun: [EA Core] "c:\programmer\electronic arts\eadm\Core.exe" -silent
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [lxdimon.exe] "c:\programmer\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\programmer\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\programmer\\lexmark fax solutions\fm3032.exe" /s
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ATICCC] "c:\programmer\ati technologies\ati.ace\CLIStart.exe"
mRun: [ZoneAlarm Client] "c:\programmer\zone labs\zonealarm\zlclient.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programmer\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\adober~1.lnk - c:\programmer\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\logite~1.lnk - c:\programmer\logitech\setpoint\SetPoint.exe
IE: &Windows Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\programmer\java\jre1.6.0_03\bin\ssv.dll
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
TCP: NameServer = 
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\programmer\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: explxx - explxx.dll
Notify: LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ninala~1\applic~1\mozilla\firefox\profiles\yllwk2at.default\

---- FIREFOX POLICIES ----
c:\programmer\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-25 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-9-25 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-18 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-9-25 353672]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-18 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmer\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-6-16 99248]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-27 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\ninala~1\lokale~1\temp\WST5.tmp [2009-8-13 17864]

=============== Created Last 30 ================

2009-09-25 15:03    <DIR>    --d-----    c:\docume~1\ninala~1\applic~1\Malwarebytes
2009-09-25 15:03    38,224    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 15:03    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-25 15:03    19,160    a-------    c:\windows\system32\drivers\mbam.sys
2009-09-25 15:03    <DIR>    --d-----    c:\programmer\Malwarebytes' Anti-Malware
2009-09-25 14:10    4,212    a---h---    c:\windows\system32\zllictbl.dat
2009-09-25 14:09    <DIR>    --d-----    c:\programmer\Zone Labs
2009-09-25 14:08    <DIR>    --d-----    c:\windows\Internet Logs
2009-09-25 13:56    15,688    a-------    c:\windows\system32\lsdelete.exe
2009-09-25 13:21    64,160    a-------    c:\windows\system32\drivers\Lbd.sys
2009-09-25 13:18    <DIR>    -cd-h---    c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-25 13:15    28,544    a-------    c:\windows\system32\drivers\pavboot.sys
2009-09-25 13:15    <DIR>    --d-----    c:\programmer\Panda Security
2009-09-19 01:49    520,192    --------    c:\windows\system32\ati2sgag.exe
2009-09-18 22:09    <DIR>    --d-h---    C:\$AVG8.VAULT$
2009-09-18 22:00    108,552    a-------    c:\windows\system32\drivers\avgtdix.sys
2009-09-18 22:00    11,952    a-------    c:\windows\system32\avgrsstx.dll
2009-09-18 22:00    335,240    a-------    c:\windows\system32\drivers\avgldx86.sys
2009-09-18 22:00    <DIR>    --d-----    c:\windows\system32\drivers\Avg
2009-09-18 22:00    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-18 22:00    <DIR>    --d-----    c:\programmer\AVG
2009-09-18 22:00    <DIR>    --d-----    c:\docume~1\alluse~1\applic~1\avg8
2009-09-18 21:56    <DIR>    --d-----    c:\docume~1\ninala~1\applic~1\AVG8

==================== Find3M  ====================

2009-08-31 18:24    956    a-------    c:\docume~1\ninala~1\applic~1\wklnhst.dat
2009-08-27 14:24    96,334    a-------    c:\windows\War3Unin.dat
2009-08-12 00:24    139,264    a-------    c:\windows\War3Unin.exe
2009-08-12 00:24    2,829    a-------    c:\windows\War3Unin.pif
2009-08-11 23:34    4,224    a-------    c:\windows\system32\drivers\beep.sys

============= FINISH: 15:25:46,06 ===============
Avatar billede johnstigers Seniormester
25. september 2009 - 15:38 #7
Vent på f-arn - han er i gang :)

Men tror du har ret karise.....
Avatar billede f-arn Guru
25. september 2009 - 16:12 #8
Kommer der en log fra Malwarebytes?


Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier  indholdet mellem  linierne ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


--------------

Killall::
Snapshot::
File::
c:\docume~1\ninala~1\lokale~1\temp\WST5.tmp
Driver::
GarenaPEngine
DDS::
uURLSearchHooks: H - No File
mWinlogon: SFCDisable=4 (0x4)
BHO: 1 (0x1) - No File

--------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her
C:\Combofix txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Bilkøb Af arnepedersen i Andet sikkerhed 7 15/11/202415:55 18/11/202412:57
ONVIF??? Af johnnylassen i Andet sikkerhed 9 22/10/202412:50 24/10/202410:00
Synology surveillance bogmærker. Af johnnylassen i Andet sikkerhed 2 30/09/202408:37 30/09/202409:48
Kode på USB nøgle Af Peter Olsen i Andet sikkerhed 13 29/09/202409:55 01/10/202418:15
Hjælp til wifi Af Kim1998 i Andet sikkerhed 2 07/09/202412:25 09/09/202409:37
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
I går 16:49 Identificér og hent del af tekststreng Af TheLibrarian i Excel
I går 16:30 Smart vægt til fitness tracking Af Henrik i Fitness & Smartwatches
I går 08:08 touchpad virker ikke Af Malm i PC
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Tre Norlys-topchefer fratræder med omgående virkning: Internet-forretningen er udfordret - vil have mere fart i integrationen af Telia Danmark
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Se alle »
White paper
Teaser billede
Er din cybersikkerhed klar til AI-revolutionen?
Læs mere »
Vær proaktiv og prioritér IT-sikkerheden – før det er for sent
MDR: Transparent sikkerhed og overvågning i realtid
SMB og cybertrusler: Brug sikkerhedsressourcerne optimalt
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »