the scorpion
New member
some days ago, i had a nasty invasion of trojans. Tried to fix them, but there are remains
i know i`m not supposed to post log files wihtout being asked to do so, but i just want to show the processes that i suspect being malware
O4 - HKLM\..\Run: [cnftips] media64.exe
O4 - HKLM\..\Run: [driver32] startman.exe
O4 - HKLM\..\Run: [dmkff.exe] C:\WINDOWS\system32\dmkff.exe
04 - HKCU\..\Run: [runload32] cmon14.exe
O4 - HKCU\..\Run: [CToolBar] EXE32EXE.exe
O4 - HKCU\..\Run: [WhatsNewBot] InpriseMon.exe
not sure about the last one, but media64, startman and others are part of wareout
then there are these entries
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B824F1-14B2-4A7D-B785-3C4111EED085}: NameServer = 85.255.116.25 85.255.112.196
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
the second one is said to be from msn, but other sources think it is a trojan. o17 probably belongs to the above trojans as well
am i save to fix processes in o4 und o17? particuliarly the dmkff.exe is not explicitly listed as a trojan when i searched the web for it, but i can be a component of a trojan that changes names. (starting with dm****.exe)
i am very thankful for any advice that might help. Also, i have that stupid abcsearch browser highjacker/adware tool. It highjakcs my browser when i do google searches. Is it included in one of these proceses is posted above?
i know i`m not supposed to post log files wihtout being asked to do so, but i just want to show the processes that i suspect being malware
O4 - HKLM\..\Run: [cnftips] media64.exe
O4 - HKLM\..\Run: [driver32] startman.exe
O4 - HKLM\..\Run: [dmkff.exe] C:\WINDOWS\system32\dmkff.exe
04 - HKCU\..\Run: [runload32] cmon14.exe
O4 - HKCU\..\Run: [CToolBar] EXE32EXE.exe
O4 - HKCU\..\Run: [WhatsNewBot] InpriseMon.exe
not sure about the last one, but media64, startman and others are part of wareout
then there are these entries
O17 - HKLM\System\CCS\Services\Tcpip\..\{63B824F1-14B2-4A7D-B785-3C4111EED085}: NameServer = 85.255.116.25 85.255.112.196
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
the second one is said to be from msn, but other sources think it is a trojan. o17 probably belongs to the above trojans as well
am i save to fix processes in o4 und o17? particuliarly the dmkff.exe is not explicitly listed as a trojan when i searched the web for it, but i can be a component of a trojan that changes names. (starting with dm****.exe)
i am very thankful for any advice that might help. Also, i have that stupid abcsearch browser highjacker/adware tool. It highjakcs my browser when i do google searches. Is it included in one of these proceses is posted above?