Lexiboij Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 Hei, jeg har da klart å pådra meg virus etter å ha blitt lurt til å oppdatere flashplayeren. (fra youtube av alle ting) Når jeg slår på PCen kommer en feilmelding at SSHNAS.dll ikke fungerer elns. Jeg googlet litt, og fant denne siden http://www.myantispyware.com/2009/12/02/how-to-remove-sshnas-dll-trojan-remove-trojan-fakealert/ (link fungerer ikke...) All processes killed ========== SERVICES/DRIVERS ========== Error: No service named SSHNAS was found to stop! Service\Driver key SSHNAS not found. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Videohost not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SSHNAS not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LosAlamos not found. ========== FILES ========== File/Folder C:\Windows\msa.exe not found. File/Folder C:\Windows\system32\sshnas.dll not found. File/Folder C:\Windows\system32\sshnas21.dll not found. File/Folder C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found. File/Folder C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found. ========== COMMANDS ========== [EMPTYTEMP] User: Aleksander ->Temp folder emptied: 41504809 bytes ->Temporary Internet Files folder emptied: 16013082 bytes ->Java cache emptied: 19256792 bytes ->Google Chrome cache emptied: 372647259 bytes ->Flash cache emptied: 74112 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 79238 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67704 bytes RecycleBin emptied: 20480 bytes Total Files Cleaned = 429,00 mb OTM by OldTimer - Version 3.1.10.1 log created on 03282010_130741 Files moved on Reboot... C:\Users\Aleksander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Etter reboot kom fortsatt feilmelding opp. Scanner systemet med Anti Malware. Legger til loggen når den er ferdig om det ikke er mulig å finne noe ut av denne loggen. Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 Det programmet du kjørte fjernet ikke noe. Malwarebytes skal ta dette,kjør RSIT så ser vi om det ligger noe grums igjen. Last ned RSIT (Random's System Information Tool) til skrivebordet Start programmet ved å dobbeltklikke på RSIT.exe Klikk Continue Etter få strakser vil det lages en logg (log.txt). Den poster du. Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 Får følgende feilmelding: Line -1: Error Variable used without being declared. Malwarebytes fant ingeting. Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 Last ned DDS.scr Post loggen den lager. Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 DDS (Ver_10-03-17.01) - NTFSX64 Run by Aleksander at 18:38:22,76 on 28.03.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.4095.1831 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\ANIWConnService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Windows\runservice.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Users\Aleksander\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Aleksander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe C:\Program Files (x86)\Steam\GameOverlayUI.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Aleksander\Documents\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll uRun: [Google Update] "c:\users\aleksander\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background uRun: [AdobeBridge] uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [sEADS] c:\program files (x86)\seads\source engine automatic demo saver\SEADS.exe uRun: [Canaveral] rundll32.exe c:\users\aleksa~1\appdata\local\temp\sshnas21.dll,BackupReadW uRun: [YVIBBBHA8C] c:\users\aleksa~1\appdata\local\temp\Vb0.exe uRun: [Fraps] c:\fraps\FRAPS.EXE mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe" mRun: [autodetect] c:\windows\syswow64\supportappxl\AutoDect.exe mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min mRun: [NPSStartup] mRun: [ANIWZCS2Service] c:\program files (x86)\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [D-Link D-Link Wireless N DWA-140] c:\program files (x86)\d-link\dwa-140 revb\AirNCFG.exe mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW StartupFolder: c:\users\aleksa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\aleksander\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\aleksa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe StartupFolder: c:\users\aleksa~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - d:\register\RegistrationReminder.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\wegame.lnk - c:\program files (x86)\wegame\wegame.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: ACA Capture: Capture all Flash... - c:\program files (x86)\acasystems\acacapturepro\add-ons\ie-flash-all.htm IE: ACA Capture: Capture all images... - c:\program files (x86)\acasystems\acacapturepro\add-ons\ie-image-all.htm IE: ACA Capture: Capture current image... - c:\program files (x86)\acasystems\acacapturepro\add-ons\ie-image.htm IE: ACA Capture: Capture webpage contents to image... - c:\program files (x86)\acasystems\acacapturepro\add-ons\ie-webpage-to-image.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe" mRun-x64: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE ============= SERVICES / DRIVERS =============== R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752] R2 ANIWConnService;ANIWConn Service;c:\windows\system32\aniwconnservice.exe --> c:\windows\system32\ANIWConnService.exe [?] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2009-12-5 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2009-12-5 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-5 74880] R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2010-2-11 16384] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 6228480] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 160256] R3 bbcap;bb_capture_driver;c:\windows\system32\drivers\bbcap.sys [2010-1-31 4608] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136] R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-1-3 941056] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-2 25832] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-26 1038088] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-12-5 9216] S3 TFsExDisk;TFsExDisk;c:\windows\system32\drivers\TFsExDisk.sys [2009-12-25 16392] =============== Created Last 30 ================ 2010-03-28 15:32:03 0 dc----w- c:\program files (x86)\trend micro 2010-03-28 11:07:41 0 dc----w- C:\_OTM 2010-03-25 18:50:51 188704 -c--a-w- c:\windows\syswow64\PnkBstrB.xtr 2010-03-25 18:11:13 0 dc----w- c:\program files (x86)\WeGame 2010-03-25 17:07:44 0 dc----w- C:\Tmp 2010-03-25 17:06:52 0 dc----w- c:\program files (x86)\Taksi 2010-03-25 17:01:31 0 dc----w- c:\programdata\ACASystems 2010-03-25 17:01:30 0 dc----w- c:\users\aleksa~1\appdata\roaming\ACASystems 2010-03-25 17:01:12 0 dc----w- c:\program files (x86)\ACASystems 2010-03-25 16:37:00 81920 -c--a-w- c:\windows\syswow64\bsrgvas.dll 2010-03-25 16:37:00 692224 -c--a-w- c:\windows\syswow64\bsrmgcv.dll 2010-03-25 16:37:00 192512 -c--a-w- c:\windows\syswow64\bsrmgps.dll 2010-03-25 16:36:44 585728 -c--a-w- c:\windows\syswow64\bsratswf.dll 2010-03-25 16:36:44 147456 -c--a-w- c:\windows\syswow64\bsratwmv.dll 2010-03-25 16:36:43 0 dc----w- c:\program files\BSR Screen Recorder 4 2010-03-25 13:53:41 0 dc----w- c:\program files (x86)\Savage 2 - A Tortured Soul 2010-03-24 17:03:01 0 dc----w- c:\users\aleksa~1\appdata\roaming\PhotoFiltre 2010-03-23 19:24:40 0 dc----w- c:\program files (x86)\Realtime Worlds 2010-03-23 14:04:36 0 dc----w- C:\My Recordings 2010-03-23 14:02:14 140288 -c--a-w- c:\windows\syswow64\comdlg32.ocx 2010-03-23 14:02:14 1355776 -c--a-w- c:\windows\syswow64\msvbvm50.dll 2010-03-23 14:02:13 0 dc----w- c:\program files (x86)\FREE Hi-Q Recorder 2010-03-21 14:32:53 0 dc----w- c:\program files (x86)\common files\PX Storage Engine 2010-03-21 14:32:39 0 dc----w- c:\program files (x86)\common files\DivX Shared 2010-03-21 14:32:09 0 dc----w- c:\program files (x86)\DivX 2010-03-21 14:31:56 0 dc----w- c:\programdata\DivX 2010-03-20 05:04:53 0 dc----w- c:\users\aleksa~1\appdata\roaming\avidemux 2010-03-20 05:04:47 0 dc----w- c:\program files (x86)\Avidemux 2.5 2010-03-18 21:08:55 0 dc----w- c:\users\aleksa~1\appdata\roaming\GeoVid 2010-03-18 21:08:03 77824 -c--a-w- c:\windows\syswow64\xvid.ax 2010-03-18 21:08:03 0 dc----w- c:\program files (x86)\common files\GeoVid 2010-03-18 21:08:02 89088 -c--a-w- c:\windows\syswow64\atl71.dll 2010-03-18 21:08:02 60416 -c--a-w- c:\windows\syswow64\dsetup.dll 2010-03-18 21:08:02 1047552 -c--a-w- c:\windows\syswow64\mfc71u.dll 2010-03-18 18:00:22 0 dc----w- c:\programdata\EA Core 2010-03-18 17:57:01 0 dc----w- c:\programdata\Electronic Arts 2010-03-18 16:46:30 0 dc----w- c:\users\aleksa~1\appdata\roaming\Sytexis Software 2010-03-18 16:46:30 0 dc----w- c:\program files (x86)\Sytexis Software 2010-03-18 00:11:58 294912 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-17 19:31:44 0 dc----w- c:\program files (x86)\common files\Solveig Multimedia 2010-03-17 16:30:12 65536 --sha-w- c:\users\aleksander\ntuser.dat{965cc1dd-31e1-11df-bf4c-00265a742f9e}.TM.blf 2010-03-17 16:30:12 524288 --sha-w- c:\users\aleksander\ntuser.dat{965cc1dd-31e1-11df-bf4c-00265a742f9e}.TMContainer00000000000000000002.regtrans-ms 2010-03-17 16:30:12 524288 --sha-w- c:\users\aleksander\ntuser.dat{965cc1dd-31e1-11df-bf4c-00265a742f9e}.TMContainer00000000000000000001.regtrans-ms 2010-03-16 12:17:28 231424 -c--a-w- c:\windows\syswow64\tambvcm.dll 2010-03-15 15:47:06 0 dc----w- c:\program files (x86)\SEADS 2010-03-15 13:34:03 0 dc----w- c:\users\aleksa~1\appdata\roaming\OpenOffice.org 2010-03-15 13:32:08 0 dc----w- c:\program files (x86)\JRE 2010-03-15 13:32:06 0 dc----w- c:\program files (x86)\OpenOffice.org 3 2010-03-10 15:59:40 0 dc----w- c:\program files (x86)\VideoLAN 2010-03-06 17:10:11 0 dc----w- c:\program files (x86)\Mass Effect 2 2010-03-06 13:01:57 0 dc----w- c:\windows\pss 2010-03-02 18:16:04 353592 -c--a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl 2010-03-01 13:47:13 65536 -csha-w- c:\users\aleksander\ntuser.dat{e46039f3-2538-11df-ab3f-00265a742f9e}.TM.blf 2010-03-01 13:47:13 524288 -csha-w- c:\users\aleksander\ntuser.dat{e46039f3-2538-11df-ab3f-00265a742f9e}.TMContainer00000000000000000002.regtrans-ms 2010-03-01 13:47:13 524288 -csha-w- c:\users\aleksander\ntuser.dat{e46039f3-2538-11df-ab3f-00265a742f9e}.TMContainer00000000000000000001.regtrans-ms 2010-02-27 01:02:20 0 dc----w- c:\programdata\Sun 2010-02-27 01:02:03 153376 -c--a-w- c:\windows\syswow64\javaws.exe 2010-02-27 01:02:03 145184 -c--a-w- c:\windows\syswow64\javaw.exe 2010-02-27 01:02:03 145184 -c--a-w- c:\windows\syswow64\java.exe 2010-02-27 00:39:38 0 dc----w- C:\robocode 2010-02-26 21:10:26 0 dc----w- c:\users\aleksa~1\appdata\roaming\Reallusion 2010-02-26 21:09:56 0 dc----w- c:\programdata\Reallusion 2010-02-26 21:09:25 0 dc----w- c:\program files (x86)\common files\Reallusion 2010-02-26 21:09:21 0 dc----w- c:\program files (x86)\Reallusion 2010-02-26 21:05:14 0 dc----w- c:\program files (x86)\ZD Soft 2010-02-26 18:34:40 0 dc----w- c:\programdata\Divinity 2 2010-02-26 18:22:35 0 dc----w- c:\program files (x86)\Divinity II - Ego Draconis ==================== Find3M ==================== 2010-03-28 15:45:33 78238 -c--a-w- c:\windows\system32\perfc014.dat 2010-03-28 15:45:33 456264 -c--a-w- c:\windows\system32\perfh014.dat 2010-03-25 20:03:24 188704 -c--a-w- c:\windows\syswow64\PnkBstrB.exe 2010-03-24 14:08:49 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe 2010-02-27 01:01:44 411368 -c--a-w- c:\windows\syswow64\deploytk.dll 2010-02-24 09:16:06 212864 -c----w- c:\windows\system32\MpSigStub.exe 2010-02-16 16:08:38 178800 -c--a-w- c:\windows\syswow64\CmdLineExt_x64.dll 2010-02-12 11:08:45 669184 -c--a-w- c:\windows\syswow64\pbsvc.exe 2010-02-11 17:02:51 48640 ----a-w- c:\windows\mmfs.dll 2010-02-11 17:02:51 16384 ----a-w- c:\windows\runservice.exe 2010-02-11 17:02:50 348160 -c--a-w- c:\windows\msvcr71.dll 2010-02-11 10:42:56 86016 -c--a-w- c:\windows\syswow64\frapsvid.dll 2010-02-11 10:42:50 84992 -c--a-w- c:\windows\system32\frapsv64.dll 2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-01-30 23:17:21 5632 -c--a-w- c:\windows\system32\bbchlp.dll 2010-01-30 23:17:21 4608 -c--a-w- c:\windows\system32\drivers\bbcap.sys 2010-01-30 23:17:21 37376 -c--a-w- c:\windows\system32\bbcap.dll 2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll 2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll 2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll 2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll 2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll 2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe 2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe 2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe 2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe 2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-02 22:31:41 466456 -c--a-w- c:\windows\system32\wrap_oal.dll 2010-01-02 22:31:41 444952 -c--a-w- c:\windows\syswow64\wrap_oal.dll 2010-01-02 22:31:41 122904 -c--a-w- c:\windows\system32\OpenAL32.dll 2010-01-02 22:31:41 109080 -c--a-w- c:\windows\syswow64\OpenAL32.dll 2009-07-14 09:15:51 36156 -c--a-w- c:\windows\inf\perflib\0414\perfd.dat 2009-07-14 09:15:51 36156 -c--a-w- c:\windows\inf\perflib\0414\perfc.dat 2009-07-14 09:15:51 298300 -c--a-w- c:\windows\inf\perflib\0414\perfi.dat 2009-07-14 09:15:51 298300 -c--a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 -c--a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 -c--a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 -c--a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 -c--a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 18:38:50,08 =============== Attach.txt Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 Du har en par registeroppføringer som må fjernes,kan ta det med hijacktis. --- uRun: [Canaveral] rundll32.exe c:\users\aleksa~1\appdata\local\temp\sshnas21.dll,BackupReadW uRun: [YVIBBBHA8C] c:\users\aleksa~1\appdata\local\temp\Vb0.exe --- Last ned HijackThis Scan se om du finner de linjer,vil være under 04(merk den og trykk fix checked) Restart og post en hjt-logg(problemer med og finne de linjer poster du bare loggen) Slett alt viss det ligger noe i denne temp mappen. c:\users\aleksa~1\appdata\local\temp\ Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 Last ned HijackThis Scan se om du finner de linjer,vil være under 04(merk den og trykk fix checked) Forstår ikke helt hva du vil fram til i den setningen, skal jeg merke alle? Det er 24 av O4. Så jeg gjør som programmet sier og lar det være til jeg er sikker på hva som skal gjøres. Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 (endret) Forstår ikke helt hva du vil fram til i den setningen, skal jeg merke alle? Nei,overhode ikke det ville ødlegge en del. Bare post hjt loggen så viser jeg deg de 2 linjene. Det er kun 2 linjer som har det innholdet som postet i innlegg #6. De 2 linjene vil være under gruppe oppstart programmer som starter med 04. Endret 28. mars 2010 av SNIPPSAT Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:38, on 28.03.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Users\Aleksander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Steam\Steam.exe c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe C:\Program Files (x86)\Steam\GameOverlayUI.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [Google Update] "C:\Users\Aleksander\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sEADS] C:\Program Files (x86)\SEADS\Source Engine Automatic Demo Saver\SEADS.exe O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\ALEKSA~1\AppData\Local\Temp\sshnas21.dll,BackupReadW O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\ALEKSA~1\AppData\Local\Temp\Vb0.exe O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O4 - Startup: Dropbox.lnk = Aleksander\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Registration .LNK = D:\Register\RegistrationReminder.exe O4 - Global Startup: WeGame.lnk = C:\Program Files (x86)\WeGame\wegame.exe O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-image-all.htm O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-image.htm O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm O13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Statustjeneste for ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10030 bytes Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\ALEKSA~1\AppData\Local\Temp\sshnas21.dll,BackupReadW O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\ALEKSA~1\AppData\Local\Temp\Vb0.exe Ask toolbar er i grenselandet til spyware,gå til legg til og fjern programmer. Finn den og avinstallere. Restart og en ny hjt-logg. Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:38, on 28.03.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Users\Aleksander\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Steam\Steam.exe c:\program files (x86)\steam\steamapps\common\just cause 2\JustCause2.exe C:\Program Files (x86)\Steam\GameOverlayUI.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exea C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Aleksander\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [Google Update] "C:\Users\Aleksander\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [sEADS] C:\Program Files (x86)\SEADS\Source Engine Automatic Demo Saver\SEADS.exe O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\ALEKSA~1\AppData\Local\Temp\sshnas21.dll,BackupReadW O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\ALEKSA~1\AppData\Local\Temp\Vb0.exe O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETTVERKSTJENESTE') O4 - Startup: Dropbox.lnk = Aleksander\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Registration .LNK = D:\Register\RegistrationReminder.exe O4 - Global Startup: WeGame.lnk = C:\Program Files (x86)\WeGame\wegame.exe O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-image-all.htm O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-image.htm O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files (x86)\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm O13 - Gopher Prefix: O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Statustjeneste for ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10030 bytes SSHNAS.dll startet ikke denne gangen. Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 Scan saved at 19:31:38, Du har postet akkurat samme logg som i innlegg #9 Viss SSHNAS.dll ikke starter nå sier vi det er greit. Sjekk mappe som jeg postet i inlegg #6. Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 Får ikke slettet FXSAPIDebugLogFile. Det er ikke noe skrift i dokumentet. Anti Malware og Avira finner ikke noe skummelt på fila heller. Slo av alle programmene (bortsett fra Avira) Hva kan det være? Lenke til kommentar
snippsat Skrevet 28. mars 2010 Del Skrevet 28. mars 2010 FXSAPIDebugLogFile er ikke farlig er en debugg logg for Fax/Print. Det at du ikke får slettet er at den er tilknyttet en prosess eller tjeneste som kjører. Viss du har filer du lurer på kan du scanne dem på virustotal Lenke til kommentar
Lexiboij Skrevet 28. mars 2010 Forfatter Del Skrevet 28. mars 2010 Da takker jeg for hjelpen du har gitt meg i dag for å fjerne viruset. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå