"Go Google"? wtf

2008-09-07, 12:56 #13

Medlem

Reg: Mar 2007

Inlägg: 12 238

vundo.
uppdatera, scanna med malwarebytes antimalware, starta om, scanna igen. posta scanlogg och hjt logg
http://projects.securitywonks.net/pr...158&mirror=285

Citera

2008-09-07, 13:00 #14

Medlem

Reg: Jul 2007

Inlägg: 1 285

börja med att markera och fixa dessa

O2 - BHO: (no name) - {280EE6F9-E414-4D35-8FEF-8180BB5AC916} - D:\WINDOWS\system32\hgGxUoLf.dll (file missing)

O2 - BHO: (no name) - {28719B38-9551-4D5A-8801-13FD2E282EF0} - (no file)

O2 - BHO: (no name) - {3D2C18B9-8DB5-48F0-A2A1-E3C4B11CF941} - D:\WINDOWS\system32\hgGvsqnn.dll (file missing)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
D:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {67F383D5-95C3-4F91-9545-E0D09B9446BB} - (no file)

O2 - BHO: (no name) - {77EA7D6A-1683-4613-B0C3-158BAA8F33D1} - (no file)

O2 - BHO: (no name) - {7fc261dd-91d8-4447-9a80-c41799e49492} - (no file)

O2 - BHO: (no name) - {9A22B328-6B84-4FC6-8196-E61F0A61DBCB} - (no file)

O2 - BHO: (no name) - {B9303084-A454-4AF8-B557-B1BE8F746193} - D:\WINDOWS\system32\nnnlmMeD.dll (file missing)

O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)

O4 - HKLM\..\Run: [BM2f59bae4] Rundll32.exe "D:\WINDOWS\system32\xxcfngom.dll",s

O4 - HKLM\..\Run: [9c52c462] rundll32.exe "D:\WINDOWS\system32\kwvqrqgs.dll",b

O20 - Winlogon Notify: hgGxUoLf - hgGxUoLf.dll (file missing)

gå sedan till hijackthis menun och välj "open misc tools section" sedan "delete a file on reboot" där klistrar du in följande:

tryck på ok, starta inte om datorn

D:\WINDOWS\system32\xxcfngom.dll

tryck på ok, starta inte om datorn

gör samma med denna

D:\WINDOWS\system32\kwvqrqgs.dll

tryck på ok och starta om datorn, posta en ny hijackthis logg.

ladda ner, uppdatera och scanna med malwarebytes

http://www.download.com/3001-8022_4-...a4259bd358c435

gå in i http://www.virustotal.com/ och välj "bläddra" klistra in:

D:\WINDOWS\system32\OBroker.exe

och sedan send file

gör samma med denna

D:\WINDOWS\system32\dla\tfswctrl.exe

berätta vad resultaten ger

lycka till

__________________
Senast redigerad av w580i 2008-09-07 kl. 13:08.

Citera

2008-09-08, 17:40 #15

Medlem

Reg: Aug 2008

Inlägg: 304

Tjabba

Fil OBroker.exe mottagen 2008.09.07 11:23:05 (CET)
Närvarande status: genomförd
Resultat: 0/36 (0.00%)

Fil tfswctrl.exe mottagen 2008.08.28 13:11:15 (CET)
Närvarande status: genomförd
Resultat: 0/33 (0.00%)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:22, on 2008-09-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program\ekort\ekort.exe
D:\Program\Delade filer\InstallShield\UpdateService\issch.exe
D:\Program\Winamp\winampa.exe
D:\WINDOWS\RTHDCPL.EXE
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\system32\dla\tfswctrl.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
D:\Program\DAEMON Tools Lite\daemon.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\OBroker.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\Program\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\svchost.exe
C:\Program\Mozilla Firefox\firefox.exe
D:\Program\Winamp\winamp.exe
C:\Program\Trend Micro\HijackThis\Hjt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - D:\Program\ekort\Bhoekort.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - c:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O4 - HKLM\..\Run: [e-kort] D:\Program\ekort\ekort.exe /dontopenmycards
O4 - HKLM\..\Run: [ISUSPM Startup] D:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] D:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dla] D:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Simp] D:\Program\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "c:\Program\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] c:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - D:\Program\ekort\ekort.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'd:\program\bonjour\mdnsnsp.dll' missing
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - c:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - D:\WINDOWS\system32\pr2ah4nc.exe

--
End of file - 5368 bytes

Citera

2008-09-08, 17:58 #16

Medlem

Reg: Mar 2007

Inlägg: 12 238

det är rent

Citera

2008-09-08, 21:05 #17

Medlem

Reg: Aug 2008

Inlägg: 304

Citat:

Ursprungligen postat av 927

det är rent

Underbart

Tack så mycket för eran expertis!

Citera

"Go Google"? wtf

Skapa ett konto eller logga in för att kommentera

Skapa ett konto

Logga in