Gå til innhold

[Løst]Virus, malware osv sjekk


Anbefalte innlegg

Jeg lurte på om noen kunne sjekke disse loggene for virus, malware, trojaner osv!

 

HJT Logg:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:31:35, on 24.05.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\HPQ\IAM\bin\asghost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\Programfiler\Java\jre6\bin\jqs.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe

C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\Novadigm\ManagementAgent\nvdkit.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Programfiler\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe

C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

C:\Programfiler\Java\jre6\bin\jusched.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Programfiler\Launchy\Launchy.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe

D:\Programfiler\Trend Micro\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=nb-NO

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\FELLES~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

 

--

End of file - 11748 bytes

 

 

 

 

ComboFix Logg:

ComboFix 09-05-23.04 - Daniel 24.05.2009 2:14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1023.363 [GMT 2:00]

Kjører fra: D:\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090523-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\TEMP\.nvdkit\4cbb1f5137265e7d\737d992b6837ba4c\bin\win32\biosinfo.dll

c:\windows\TEMP\.nvdkit\4cbb1f5137265e7d\737d992b6837ba4c\bin\win32\iphelper.dll

c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\bin\itcl31.dll

c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\nvdtcl\nvdtcl82.dll

c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\reg1.0\tclreg82.dll

c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\sentcl\sentcl82.dll

c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\tclsvc\tclsvc82.dll

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-24 til 2009-05-24 )))))))))))))))))))))))))))))))))

.

 

2009-05-23 23:33 . 2009-05-23 23:41 -------- d--h--r c:\documents and settings\Daniel\Siste

2009-05-22 19:17 . 2009-05-22 19:17 -------- d-----w c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP

2009-05-14 18:42 . 2009-05-14 18:42 -------- d-----w c:\documents and settings\Daniel\Programdata\Anonymizer

2009-05-14 18:41 . 2008-11-17 20:58 2759408 ------w c:\documents and settings\All Users\Programdata\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}\Anonymizer_Software.exe

2009-05-14 18:41 . 2009-05-14 18:41 -------- d-----w c:\documents and settings\All Users\Programdata\Anonymizer

2009-05-14 18:41 . 2009-05-14 18:48 -------- d--h--w c:\documents and settings\All Users\Programdata\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}

2009-05-14 17:59 . 2009-05-14 18:00 -------- d-----w c:\documents and settings\Daniel\Programdata\JonDo

2009-05-14 15:26 . 2009-05-14 15:26 -------- d-----w c:\programfiler\Opera

2009-05-12 20:25 . 2009-05-12 20:25 -------- d-sh--w c:\documents and settings\Default User\IETldCache

2009-05-12 17:52 . 2009-05-12 18:00 -------- d-----w c:\programfiler\NYNO31

2009-05-11 17:14 . 2009-05-11 17:14 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-11 17:13 . 2009-05-11 17:13 152576 ----a-w c:\documents and settings\Daniel\Programdata\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-11 17:12 . 2009-05-11 17:12 -------- d-----w c:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2009-05-11 17:12 . 2009-05-12 14:45 -------- d-----w c:\programfiler\DAEMON Tools Lite

2009-05-11 17:06 . 2009-05-11 17:13 -------- d-----w c:\documents and settings\Daniel\Programdata\DAEMON Tools Lite

2009-05-11 16:59 . 2009-05-11 16:59 -------- d-----w c:\programfiler\filehippo.com

2009-05-08 12:41 . 2009-05-08 12:41 -------- d-----w c:\documents and settings\Daniel\Programdata\Launchy

2009-05-08 12:40 . 2009-05-08 12:40 -------- d-----w c:\programfiler\Launchy

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-23 15:55 . 2008-07-09 20:44 -------- d-----w c:\documents and settings\Daniel\Programdata\uTorrent

2009-05-22 21:25 . 2008-06-01 14:33 -------- d---a-w c:\documents and settings\All Users\Programdata\TEMP

2009-05-22 21:25 . 2008-06-13 15:16 -------- d-----w c:\programfiler\SpywareBlaster

2009-05-22 14:00 . 2008-10-27 13:09 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-05-22 14:00 . 2008-10-27 13:09 189072 ----a-w c:\windows\system32\PnkBstrB.exe

2009-05-20 15:42 . 2009-02-23 20:25 -------- d-----w c:\documents and settings\Daniel\Programdata\Skype

2009-05-20 15:41 . 2008-08-10 12:35 -------- d-----w c:\documents and settings\Daniel\Programdata\skypePM

2009-05-16 11:14 . 2009-02-26 17:09 -------- d-----w c:\documents and settings\Daniel\Programdata\Spotify

2009-05-14 18:42 . 2008-04-20 18:40 74552 ----a-w c:\documents and settings\Daniel\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-05-13 13:02 . 2008-11-07 18:01 -------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2009-05-11 17:14 . 2008-04-20 17:56 -------- d-----w c:\programfiler\Java

2009-05-11 17:13 . 2008-08-19 17:00 -------- d-----w c:\documents and settings\Daniel\Programdata\DAEMON Tools

2009-05-11 17:06 . 2008-08-19 12:37 721904 ----a-w c:\windows\system32\drivers\sptd.sys

2009-05-11 17:04 . 2008-09-18 14:51 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware

2009-05-11 17:04 . 2008-09-18 14:52 2967799 ----a-w c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-05-06 19:59 . 2008-09-01 14:09 -------- d-----w c:\documents and settings\Daniel\Programdata\LimeWire

2009-04-18 14:16 . 2006-03-02 12:00 95276 ----a-w c:\windows\system32\perfc014.dat

2009-04-18 14:16 . 2006-03-02 12:00 475508 ----a-w c:\windows\system32\perfh014.dat

2009-04-18 12:40 . 2008-09-17 09:47 -------- d-----w c:\programfiler\Your Uninstaller 2008

2009-04-07 23:39 . 2008-04-20 17:31 -------- d--h--w c:\programfiler\InstallShield Installation Information

2009-04-06 13:32 . 2008-09-18 14:51 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-06 13:32 . 2008-09-18 14:51 15504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-04-06 13:09 . 2009-04-06 13:07 -------- d-----w c:\documents and settings\Daniel\Programdata\vlc

2009-03-30 13:35 . 2008-08-15 13:52 -------- d-----w c:\documents and settings\Daniel\Programdata\dvdcss

2009-03-14 22:13 . 2008-10-27 13:09 75064 ----a-w c:\windows\system32\PnkBstrA.exe

2009-03-08 02:34 . 2006-03-02 12:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 02:34 . 2006-03-02 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 02:33 . 2006-03-02 12:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 02:33 . 2006-03-02 12:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 02:32 . 2006-03-02 12:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 02:32 . 2006-03-02 12:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 02:31 . 2006-03-02 12:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 02:31 . 2006-03-02 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 02:31 . 2006-03-02 12:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 02:22 . 2006-03-02 12:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:24 . 2006-03-02 12:00 284160 ----a-w c:\windows\system32\pdh.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]

"PTHOSTTR"="c:\programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]

"ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]

"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]

"Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928]

"IntelZeroConfig"="c:\programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]

"IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]

"QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-05-11 148888]

"Microsoft Pinyin IME Migration"="c:\progra~1\FELLES~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-2-27 581693]

HP Digital Imaging Monitor.lnk - c:\programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Launchy.lnk - c:\programfiler\Launchy\Launchy.exe [2009-5-8 286720]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2005-07-25 18:41 40960 ----a-w c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli AsWlnPkg

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Photosmart Premier Hurtigstart.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\HP Photosmart Premier Hurtigstart.lnk

backup=c:\windows\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Creative\\Creative Live! Cam\\Live! Cam Center\\LiveCam.exe"=

"c:\\Programfiler\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Programfiler\\NetMeeting\\conf.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Programfiler\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

"d:\\Programfiler\\VALVe\\Counter-Strike Source\\hl2.exe"=

"g:\\Programmer\\Left 4 Dead\\left4dead.exe"=

"g:\\Programmer\\Garena\\Garena.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:2\\Programmer\\Spotify\\spotify.exe"=

"g:\\Games\\Team Fortress 2\\hl2.exe"=

"d:\\Programfiler\\Spotify\\spotify.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

"g:\\Games\\Steam\\steamapps\\targinor\\team fortress 2\\hl2.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24654:UDP"= 24654:UDP:Enfocus Port

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.04.2008 18:46 114768]

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [25.10.2005 20:10 35488]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [02.03.2006 14:00 14336]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.04.2008 18:46 20560]

R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [19.09.2005 09:02 1968446]

R2 SWIHPWMI;SWIHPWMI;c:\programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [22.09.2006 11:28 280096]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [20.04.2008 19:48 87936]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.06.2005 15:26 35968]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.09.2008 16:51 38496]

S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [09.08.2008 16:27 146112]

S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [09.08.2008 16:27 6272]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASChannel

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1844823847-839522115-1003.job

- c:\documents and settings\Daniel\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-13 13:10]

 

2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{2B670EE9-EBFF-4019-99D1-2908F0A2F7A7}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

- - - - TOMME PEKERE FJERNET - - - -

 

SafeBoot-procexp90.Sys

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1239204394&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1044&id=64855&mkt=nb-NO

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.euchannels.net/KooPlayer.ocx

FF - ProfilePath - c:\documents and settings\Daniel\Programdata\Mozilla\Firefox\Profiles\qo2xkejz.default\

FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul

FF - prefs.js: network.proxy.type - 2

FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\documents and settings\Daniel\Lokale innstillinger\Programdata\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-24 02:21

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@??????`??????(?@???????@

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]

"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]

"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1000)

c:\windows\system32\Ati2evxx.dll

c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll

 

- - - - - - - > 'lsass.exe'(1056)

c:\programfiler\HPQ\IAM\bin\AsWlnPkg.dll

 

- - - - - - - > 'explorer.exe'(944)

c:\programfiler\HPQ\IAM\Bin\SFSShell.dll

c:\programfiler\HPQ\IAM\bin\ItMsg.dll

c:\programfiler\Windows Media Player\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\programfiler\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\programfiler\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\programfiler\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_nor.nlr

c:\programfiler\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\IFXTCS.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\ati2evxx.exe

c:\programfiler\HPQ\IAM\Bin\asghost.exe

c:\programfiler\Intel\Wireless\Bin\EvtEng.exe

c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe

c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe

c:\programfiler\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\scardsvr.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe

c:\windows\system32\IFXSPMGT.exe

c:\programfiler\Java\jre6\bin\jqs.exe

c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe

c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

c:\programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe

c:\programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe

c:\programfiler\Hewlett-Packard\Shared\hpqwmiex.exe

c:\programfiler\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\rundll32.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

c:\programfiler\Hp\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-05-24 2:27 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2009-05-24 00:27

 

Pre-Run: 14 931 329 024 byte ledig

Post-Run: 14 920 736 768 byte ledig

 

272 --- E O F --- 2009-05-13 13:02

 

 

 

 

MBAM Logg:

 

Malwarebytes' Anti-Malware 1.36

Databaseversjon: 2171

Windows 5.1.2600 Service Pack 3

 

24.05.2009 03:08:29

mbam-log-2009-05-24 (03-08-29).txt

 

Skanntype: Rask Skann

Objekter skannet: 89305

Tid tilbakelagt: 2 minute(s), 50 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

 

Jeg lurer også på om lsass.exe (LSASS.EXE) er et virus eller ikke, jeg har søkt på nettet, og noen steder står det at det er et virus og andre steder står det at Windows trenger det for å kjøre.

Lenke til kommentar
Videoannonse
Annonse

Loggene ser greie ut.

 

Du kan godt fix følgende to linjer vha. hjt:

(Start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked)

 

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

Malware kan kalle seg hva den vil og lsass.exe kan i visse tilfeller være malware. I ditt tilfelle ligger fila på riktig plass og er ikke malware. Lsass.exe eller 'Local Security Authority Subsystem Service' er en windowsprosess som skal kjøre på pc'n.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...