Hijackthis-logg - litt skeptisk til enkelte prosesser

[Alastor]

Noen som har lyst til å analysere denne?

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:35:08, on 10.09.2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe

C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

F:\Programvare\dBpoweramp\uMediaLibrary.exe

C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

F:\Programvare\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe

F:\Programvare\dBpoweramp\Asset-uPNP.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe

C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe

C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe

C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe

C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

F:\Nedlastinger\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15788&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programvare\Java\bin\jp2ssv.dll

O4 - HKLM\..\Run: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b

O4 - HKLM\..\Run: [VirtualCloneDrive] "F:\Programvare\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - Startup: Asset UPnP uMediaLibrary.lnk = F:\Programvare\dBpoweramp\uMediaLibrary.exe

O4 - Startup: Asset UPnP.lnk = F:\Programvare\dBpoweramp\Asset-uPNP.exe

O4 - Startup: CurseClientStartup.ccip

O4 - Global Startup: Logitech SetPoint.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\OFFICE~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AssetUPnP - Unknown owner - F:\Programvare\dBpoweramp\Asset-UPnPService.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Programvare\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google-oppdatering-tjenesten (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe

O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - F:\Programvare\SiSoftware Sandra\RpcAgentSrv.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 10750 bytes

 

 

I tillegg har jeg denne oppstartsloggen fra ccleaner, er et par linjer her som plutselig er borte når jeg søker på nytt nå, som jeg stusset litt på i sted (jeg som har endret de til NO):

 

Yes HKCU:Run msnmsgr "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

Yes HKCU:Run uTorrent "C:\Program Files (x86)\uTorrent\uTorrent.exe"

Yes HKLM:Run TurboV EVO "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b

No HKLM:Run C:\Windows\SysWOW64\V0530Ext.ax C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0530Ext.ax

Yes HKLM:Run VirtualCloneDrive "F:\Programvare\VirtualCloneDrive\VCDDaemon.exe" /s

Yes HKLM:Run Mobile Connectivity Suite "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions

Yes HKLM:Run StartCCC "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

Yes HKLM:Run SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

Yes HKLM:Run CTxfiHlp CTXFIHLP.EXE

No HKLM:Run C:\Windows\system32\V0530Ext.ax C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0530Ext.ax

Yes HKLM:Run Kernel and Hardware Abstraction Layer KHALMNPR.EXE

Yes HKLM:Run Windows Mobile Device Center %windir%\WindowsMobile\wmdc.exe

Yes HKLM:Run MSC "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

Yes HKLM:Run lxecmon.exe "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"

Yes HKLM:Run EzPrint "C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"

Yes Startup Common Logitech SetPoint.lnk C:\Program Files\Logitech\SetPoint\SetPoint.exe

Yes Startup User Asset UPnP uMediaLibrary.lnk F:\Programvare\dBpoweramp\uMediaLibrary.exe

Yes Startup User Asset UPnP.lnk F:\Programvare\dBpoweramp\Asset-uPNP.exe

[Dr.Geek]

Noen som har lyst til å analysere denne?

 

 

 

Hai!

 

Prossene som du er skeptisk til (autostart) er del av Creative Technology software. Dette er ikke virus/malware.

 

Men du burde update all dine software

> http://secunia.com/vulnerability_scanning/personal/

 

For deg som alle andre her gjelder det, hvis du mistenker infisert PC:

 

> https://www.diskusjon.no/index.php?showtopic=691246 (scan med MB, post log)

[Alastor]

MBAM har jeg alt skannet med, og rapporterte null hull . Bruker PSI ofte, men skal ta en ny runde der igjen .

[cocopara]

Sett over litt av loggen nå og det ser helt greit ut. Er ingen tegn til infisering, og de prossene som var mistenkelige er helt legitime. Siden du har skannet med MBAM styrker dette min mistanke om at du ikke er infisert.

 

Jeg vil anbefale deg og skanne med MBAM en gang i uken, da med Quick Scan, og Full Scan litt sjeldnere (Quick Scan fanger opp det meste som Full scan gjør, Full Scan scanner bare litt dypere i steder som er unøvendig og søke i, dog er det viktig og skanne også med full scan iværtfal annenhver uke.