lefrank Skrevet 24. mai 2009 Rapporter Del Skrevet 24. mai 2009 Jeg lurte på om noen kunne sjekke disse loggene for virus, malware, trojaner osv! HJT Logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:31:35, on 24.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXTCS.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HPQ\IAM\bin\asghost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe C:\Programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\Novadigm\ManagementAgent\nvdkit.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe C:\Programfiler\Launchy\Launchy.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programfiler\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe D:\Programfiler\Trend Micro\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=nb-NO R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programfiler\HPQ\IAM\Bin\ItIeAddIN.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\FELLES~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Launchy.lnk = C:\Programfiler\Launchy\Launchy.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.euchannels.net/KooPlayer.ocx O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.euchannels.net/UKooPlayer.ocx O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/softwareupdate/su2...15105/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FELLES~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: OneCard - C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- End of file - 11748 bytes ComboFix Logg: ComboFix 09-05-23.04 - Daniel 24.05.2009 2:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1023.363 [GMT 2:00] Kjører fra: D:\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090523-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\.nvdkit\4cbb1f5137265e7d\737d992b6837ba4c\bin\win32\biosinfo.dll c:\windows\TEMP\.nvdkit\4cbb1f5137265e7d\737d992b6837ba4c\bin\win32\iphelper.dll c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\bin\itcl31.dll c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\nvdtcl\nvdtcl82.dll c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\reg1.0\tclreg82.dll c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\sentcl\sentcl82.dll c:\windows\TEMP\.nvdkit\987239acba334648\d5687f9dd9435984\lib\tclsvc\tclsvc82.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-24 til 2009-05-24 ))))))))))))))))))))))))))))))))) . 2009-05-23 23:33 . 2009-05-23 23:41 -------- d--h--r c:\documents and settings\Daniel\Siste 2009-05-22 19:17 . 2009-05-22 19:17 -------- d-----w c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP 2009-05-14 18:42 . 2009-05-14 18:42 -------- d-----w c:\documents and settings\Daniel\Programdata\Anonymizer 2009-05-14 18:41 . 2008-11-17 20:58 2759408 ------w c:\documents and settings\All Users\Programdata\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}\Anonymizer_Software.exe 2009-05-14 18:41 . 2009-05-14 18:41 -------- d-----w c:\documents and settings\All Users\Programdata\Anonymizer 2009-05-14 18:41 . 2009-05-14 18:48 -------- d--h--w c:\documents and settings\All Users\Programdata\{773E7240-B347-4DFF-A6EF-6E829EDD59DF} 2009-05-14 17:59 . 2009-05-14 18:00 -------- d-----w c:\documents and settings\Daniel\Programdata\JonDo 2009-05-14 15:26 . 2009-05-14 15:26 -------- d-----w c:\programfiler\Opera 2009-05-12 20:25 . 2009-05-12 20:25 -------- d-sh--w c:\documents and settings\Default User\IETldCache 2009-05-12 17:52 . 2009-05-12 18:00 -------- d-----w c:\programfiler\NYNO31 2009-05-11 17:14 . 2009-05-11 17:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-05-11 17:13 . 2009-05-11 17:13 152576 ----a-w c:\documents and settings\Daniel\Programdata\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-11 17:12 . 2009-05-11 17:12 -------- d-----w c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2009-05-11 17:12 . 2009-05-12 14:45 -------- d-----w c:\programfiler\DAEMON Tools Lite 2009-05-11 17:06 . 2009-05-11 17:13 -------- d-----w c:\documents and settings\Daniel\Programdata\DAEMON Tools Lite 2009-05-11 16:59 . 2009-05-11 16:59 -------- d-----w c:\programfiler\filehippo.com 2009-05-08 12:41 . 2009-05-08 12:41 -------- d-----w c:\documents and settings\Daniel\Programdata\Launchy 2009-05-08 12:40 . 2009-05-08 12:40 -------- d-----w c:\programfiler\Launchy . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-23 15:55 . 2008-07-09 20:44 -------- d-----w c:\documents and settings\Daniel\Programdata\uTorrent 2009-05-22 21:25 . 2008-06-01 14:33 -------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-05-22 21:25 . 2008-06-13 15:16 -------- d-----w c:\programfiler\SpywareBlaster 2009-05-22 14:00 . 2008-10-27 13:09 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-05-22 14:00 . 2008-10-27 13:09 189072 ----a-w c:\windows\system32\PnkBstrB.exe 2009-05-20 15:42 . 2009-02-23 20:25 -------- d-----w c:\documents and settings\Daniel\Programdata\Skype 2009-05-20 15:41 . 2008-08-10 12:35 -------- d-----w c:\documents and settings\Daniel\Programdata\skypePM 2009-05-16 11:14 . 2009-02-26 17:09 -------- d-----w c:\documents and settings\Daniel\Programdata\Spotify 2009-05-14 18:42 . 2008-04-20 18:40 74552 ----a-w c:\documents and settings\Daniel\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-13 13:02 . 2008-11-07 18:01 -------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-05-11 17:14 . 2008-04-20 17:56 -------- d-----w c:\programfiler\Java 2009-05-11 17:13 . 2008-08-19 17:00 -------- d-----w c:\documents and settings\Daniel\Programdata\DAEMON Tools 2009-05-11 17:06 . 2008-08-19 12:37 721904 ----a-w c:\windows\system32\drivers\sptd.sys 2009-05-11 17:04 . 2008-09-18 14:51 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-05-11 17:04 . 2008-09-18 14:52 2967799 ----a-w c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-06 19:59 . 2008-09-01 14:09 -------- d-----w c:\documents and settings\Daniel\Programdata\LimeWire 2009-04-18 14:16 . 2006-03-02 12:00 95276 ----a-w c:\windows\system32\perfc014.dat 2009-04-18 14:16 . 2006-03-02 12:00 475508 ----a-w c:\windows\system32\perfh014.dat 2009-04-18 12:40 . 2008-09-17 09:47 -------- d-----w c:\programfiler\Your Uninstaller 2008 2009-04-07 23:39 . 2008-04-20 17:31 -------- d--h--w c:\programfiler\InstallShield Installation Information 2009-04-06 13:32 . 2008-09-18 14:51 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2008-09-18 14:51 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-06 13:09 . 2009-04-06 13:07 -------- d-----w c:\documents and settings\Daniel\Programdata\vlc 2009-03-30 13:35 . 2008-08-15 13:52 -------- d-----w c:\documents and settings\Daniel\Programdata\dvdcss 2009-03-14 22:13 . 2008-10-27 13:09 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-03-08 02:34 . 2006-03-02 12:00 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2006-03-02 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2006-03-02 12:00 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2006-03-02 12:00 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2006-03-02 12:00 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2006-03-02 12:00 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2006-03-02 12:00 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2006-03-02 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2006-03-02 12:00 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2006-03-02 12:00 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:24 . 2006-03-02 12:00 284160 ----a-w c:\windows\system32\pdh.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696] "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248] "PTHOSTTR"="c:\programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948] "ATICCC"="c:\programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928] "IntelZeroConfig"="c:\programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "HP Software Update"="c:\programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-05-11 148888] "Microsoft Pinyin IME Migration"="c:\progra~1\FELLES~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2006-10-26 32560] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-2-27 581693] HP Digital Imaging Monitor.lnk - c:\programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Launchy.lnk - c:\programfiler\Launchy\Launchy.exe [2009-5-8 286720] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 18:41 40960 ----a-w c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli AsWlnPkg [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^HP Photosmart Premier Hurtigstart.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\HP Photosmart Premier Hurtigstart.lnk backup=c:\windows\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Creative\\Creative Live! Cam\\Live! Cam Center\\LiveCam.exe"= "c:\\Programfiler\\Creative\\Creative Live! Cam\\Live! Cam Manager\\CTLCMgr.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Programfiler\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programfiler\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Programfiler\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "d:\\Programfiler\\VALVe\\Counter-Strike Source\\hl2.exe"= "g:\\Programmer\\Left 4 Dead\\left4dead.exe"= "g:\\Programmer\\Garena\\Garena.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:2\\Programmer\\Spotify\\spotify.exe"= "g:\\Games\\Team Fortress 2\\hl2.exe"= "d:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "g:\\Games\\Steam\\steamapps\\targinor\\team fortress 2\\hl2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "24654:UDP"= 24654:UDP:Enfocus Port R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [25.04.2008 18:46 114768] R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [25.10.2005 20:10 35488] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [02.03.2006 14:00 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.04.2008 18:46 20560] R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [19.09.2005 09:02 1968446] R2 SWIHPWMI;SWIHPWMI;c:\programfiler\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [22.09.2006 11:28 280096] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [20.04.2008 19:48 87936] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.06.2005 15:26 35968] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [18.09.2008 16:51 38496] S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [09.08.2008 16:27 146112] S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [09.08.2008 16:27 6272] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1844823847-839522115-1003.job - c:\documents and settings\Daniel\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-13 13:10] 2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{2B670EE9-EBFF-4019-99D1-2908F0A2F7A7}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . - - - - TOMME PEKERE FJERNET - - - - SafeBoot-procexp90.Sys . ------- Tilleggsskanning ------- . uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1239204394&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1044&id=64855&mkt=nb-NO IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} - hxxp://www.euchannels.net/KooPlayer.ocx FF - ProfilePath - c:\documents and settings\Daniel\Programdata\Mozilla\Firefox\Profiles\qo2xkejz.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: network.proxy.type - 2 FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\Daniel\Lokale innstillinger\Programdata\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-24 02:21 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@??????`??????(?@???????@ skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma] "ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma] "ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\Ati2evxx.dll c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll - - - - - - - > 'lsass.exe'(1056) c:\programfiler\HPQ\IAM\bin\AsWlnPkg.dll - - - - - - - > 'explorer.exe'(944) c:\programfiler\HPQ\IAM\Bin\SFSShell.dll c:\programfiler\HPQ\IAM\bin\ItMsg.dll c:\programfiler\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\programfiler\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\programfiler\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\programfiler\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_nor.nlr c:\programfiler\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\IFXTCS.exe c:\windows\system32\dllhost.exe c:\windows\system32\ati2evxx.exe c:\programfiler\HPQ\IAM\Bin\asghost.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\programfiler\Alwil Software\Avast4\aswUpdSv.exe c:\programfiler\Alwil Software\Avast4\ashServ.exe c:\windows\system32\scardsvr.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe c:\windows\system32\IFXSPMGT.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe c:\programfiler\Fellesfiler\Nero\Nero BackItUp 4\NBService.exe c:\programfiler\ProtectTools\Embedded Security Software\PSDsrvc.EXE c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\programfiler\Hewlett-Packard\Shared\hpqwmiex.exe c:\programfiler\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\progra~1\HPQ\Shared\HPQTOA~1.EXE c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\wscntfy.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\programfiler\Hp\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Tidspunkt ferdig: 2009-05-24 2:27 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-05-24 00:27 Pre-Run: 14 931 329 024 byte ledig Post-Run: 14 920 736 768 byte ledig 272 --- E O F --- 2009-05-13 13:02 MBAM Logg: Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2171 Windows 5.1.2600 Service Pack 3 24.05.2009 03:08:29 mbam-log-2009-05-24 (03-08-29).txt Skanntype: Rask Skann Objekter skannet: 89305 Tid tilbakelagt: 2 minute(s), 50 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Jeg lurer også på om lsass.exe (LSASS.EXE) er et virus eller ikke, jeg har søkt på nettet, og noen steder står det at det er et virus og andre steder står det at Windows trenger det for å kjøre. Lenke til kommentar
norbat Skrevet 24. mai 2009 Rapporter Del Skrevet 24. mai 2009 Loggene ser greie ut. Du kan godt fix følgende to linjer vha. hjt: (Start hjt, velg "Do a system scan only", sett merke framfor linjene og klikk Fix checked) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) Malware kan kalle seg hva den vil og lsass.exe kan i visse tilfeller være malware. I ditt tilfelle ligger fila på riktig plass og er ikke malware. Lsass.exe eller 'Local Security Authority Subsystem Service' er en windowsprosess som skal kjøre på pc'n. Lenke til kommentar
lefrank Skrevet 24. mai 2009 Forfatter Rapporter Del Skrevet 24. mai 2009 Takk for hjelpen Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå