En liten sjekk

[Li19]

Hei

 

fikk meg ny pc for 2 måneder siden, og det er første gang jeg bruker 64 bits vista.

 

Oppdaget nettopp etter en windows oppdatering at det er flere prosesser med nøyaktig samme navn som kjøres.

 

Er dette normalt?

 

prosessene det er snakk om er:

svchost.exe

taskeng.exe

rundll32.exe

 

edit: så nettopp at det kun er når en administrator-konto er logget på at jeg får opp alle de. Når jeg er logget på som en begrenset bruker er det kun rundll32.exe det er flere av på listen over prosesser

 

Kjørte en skann med avira og mbam, og fant ikke noe gale.

 

Håper noen kan hjelpe meg

[PHP_Yoghurt]

svchost.exe

taskeng.exe

rundll32.exe

 

Ja, disse er normale. Ikke noe virus!

[r2d290]

Merker du ellers noe galt med pc-en?

[Li19]

Merker du ellers noe galt med pc-en?

 

Nei, egentlig ikke.

Ble bare litt overasket over at det var 10-12 prosesser med navn svchost.exe og 2 av hver av de andre jeg nevnte...

[Li19]

Merker du ellers noe galt med pc-en?

 

Nei, egentlig ikke.

Ble bare litt overasket over at det var 10-12 prosesser med navn svchost.exe og 2 av hver av de andre jeg nevnte...

Edit: får ikke opp knappene for edit her, så lager en ny post i steden.

 

Måtte nettopp sette nytt passord for å få logget meg på msn... er det mulig jeg har blitt utsatt for phising eller har fått spyware? (har ikke fulgt noen linker for å logge på msn)

 

Hjt logg:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:09:42, on 19.10.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Telenor\Telenorhjelpen\Telenor.exe

C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\program files (x86)\avira\antivir personaledition classic\avcenter.exe

C:\Program Files (x86)\CCleaner\CCleaner.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\test.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files (x86)\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files (x86)\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files (x86)\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files (x86)\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"

O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"

O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-21-3410042072-4032685867-3294661466-1008\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'generell nettbruker')

O4 - HKUS\S-1-5-18\..\Run: [Telenorhjelpen] "C:\Program Files (x86)\Telenor\Telenorhjelpen\Telenor.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Telenorhjelpen] "C:\Program Files (x86)\Telenor\Telenorhjelpen\Telenor.exe" (User 'Default user')

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll C:\Windows\SysWOW64\cssdll32.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Statustjeneste for ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 7476 bytes

 

 

 

Noen som vet hva jeg bruker i steden for combofix til 64 bits os?

Endret 19. oktober 2008 av Li19

[r2d290]

Istedefor combofix bruker du Decard. Eneste ulempen er at du har vært nede i ganske lang tid nå

 

http://deckard.geekstogo.com/dss.exe

 

 

Edit: du kan avinstallere AskToolbar hvis du ikke ønsker den. Eller ser det bra ut

Endret 19. oktober 2008 av r2d290

[Li19]

Istedefor combofix bruker du Decard. Eneste ulempen er at du har vært nede i ganske lang tid nå

 

http://deckard.geekstogo.com/dss.exe

 

 

Edit: du kan avinstallere AskToolbar hvis du ikke ønsker den. Eller ser det bra ut

 

får ikke lastet ned deckard....

 

får denne meldingen:

 

Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites.

 

08/17/2008

 

[r2d290]

Skrev feil, skulle skrive "eneste ulempen er at DE har vært nede i ganske lang tid.

 

Satser på at norbat/snippsat har et forslag?