Zero- Skrevet 19. februar 2010 Del Skrevet 19. februar 2010 Hei, i MSconfig får jeg opp to rare elementer. Noen som vet hva det er? Øverste og nederste. Lenke til kommentar
norbat Skrevet 19. februar 2010 Del Skrevet 19. februar 2010 Mest sannsynlig malware. Kjør gjennom veiledningen. Lenke til kommentar
Zero- Skrevet 19. februar 2010 Forfatter Del Skrevet 19. februar 2010 (endret) Ingen virus program jeg hadde fant den(MSE, Malwarebytes Anti-malware eller spybot) men startet i sikkerhetsmodus og slettet X:\Users\******\appdata\roaming\Install\Microsoft.exe. Da forsvant begge to. Edit: Løst knappen virker ikke :S Endret 19. februar 2010 av Zero- Lenke til kommentar
norbat Skrevet 19. februar 2010 Del Skrevet 19. februar 2010 Kjør gjerne combofix og post loggen. Lenke til kommentar
Zero- Skrevet 20. februar 2010 Forfatter Del Skrevet 20. februar 2010 Kjør gjerne combofix og post loggen. Hva er combofix? Lenke til kommentar
raWrz Skrevet 20. februar 2010 Del Skrevet 20. februar 2010 Hei. Gjør det Norbat sa i post 1 Lenke til kommentar
Zero- Skrevet 20. februar 2010 Forfatter Del Skrevet 20. februar 2010 dds.scr: DDS.txt Attach.txt Lenke til kommentar
norbat Skrevet 20. februar 2010 Del Skrevet 20. februar 2010 Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Lenke til kommentar
Zero- Skrevet 20. februar 2010 Forfatter Del Skrevet 20. februar 2010 (endret) Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 15:59:15, on 20.02.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Fraps\fraps.exe X:\Program Files (x86)\Skype\Phone\Skype.exe X:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe X:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe X:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe X:\Program Files (x86)\SpeedFan\speedfan.exe X:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe X:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe X:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe C:\Spill\Steam\Steam.exe X:\Users\Niklas\Desktop\Programmer\Realtemp\RealTemp.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Users\Niklas\AppData\Local\Google\Chrome\Application\chrome.exe X:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe X:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe X:\Program Files (x86)\Spotify\spotify.exe X:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe X:\Users\Niklas\Desktop\Ny mappe\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - X:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - X:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - X:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - X:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - X:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSIAfterburner] "X:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "X:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "X:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "X:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "X:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTSS] "X:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSWrapper.exe" /s O4 - HKLM\..\Run: [startCCC] "X:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [skype] "X:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [sidebar] X:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "X:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [steam] "c:\spill\steam\steam.exe" -silent O4 - HKCU\..\Run: [DisplayFusion] "X:\Program Files (x86)\DisplayFusion\DisplayFusion.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] X:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] X:\Users\Niklas\AppData\Roaming\install\Microsoft.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] X:\Users\Niklas\AppData\Roaming\install\Microsoft.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] X:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] X:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O4 - Global Startup: LogMeIn Hamachi.lnk = X:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe O4 - Global Startup: SetPointII.lnk = ? O4 - Global Startup: SpeedFan.lnk = X:\Program Files (x86)\SpeedFan\speedfan.exe O8 - Extra context menu item: &D&ownload alle med BitComet - res://X:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &L&ast Ned &med BitComet - res://X:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &L&ast Ned all video med BitComet - res://X:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://X:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - X:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - X:\PROGRA~2\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - X:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - X:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - X:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - X:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - X:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - X:\Windows\system32\fxssvc.exe (file missing) O23 - Service: USB over Network (Server) service (ftusbsrv) - Unknown owner - X:\Windows\system32\ftusbsrv.exe (file missing) O23 - Service: USB over Network (Client) service (ftusbsrvc) - Unknown owner - X:\Windows\system32\ftusbsrvc.exe (file missing) O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - X:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - X:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - X:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - X:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - X:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - X:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - X:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - X:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - X:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - X:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - X:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - X:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - X:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - X:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - X:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - X:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - X:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - X:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - X:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - X:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - X:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - X:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - X:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9892 bytes Endret 20. februar 2010 av Zero- Lenke til kommentar
norbat Skrevet 20. februar 2010 Del Skrevet 20. februar 2010 Start HJT igjen, velg "Do a system scan only". Sett merke framfor følgende to linjer og klikk Fix checked: O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKLM\..\Policies\Explorer\Run: [Policies] X:\Users\Niklas\AppData\Roaming\install\Microsoft.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] X:\Users\Niklas\AppData\Roaming\install\Microsoft.exe Ut over dette ser hjt-loggen ok ut. Surf trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå