Gå til innhold

2x taskeng.exe, mal/spy/trojan/virus? Hvilke logger..

ssf

Av ssf
i IKT-drift og sikkerhet

Anbefalte innlegg

ssf

ssf

Skrevet
Skrevet (endret)

Vel, lagde en tråd om dette fra før, (den er her) men den sporet over på andre problemer på dataen.. som ble fikset! :)

Så klager ikke på det. Men dette er problemet jeg merker noe til.

 

For når jeg slår av dataen eller starter den på nytt, kommer det alltid en beskjed jeg må svare på før den kan slå seg av: Taskeng.exe vil ikke avsluttes (eller noe i den "dur"), og jeg velger enten avslutt nå eller avbryt, og da slå maskinen seg av.

 

Utrolig plagsomt, får heller ikke slått av dataen når virussøk er ferdig f.eks. siden beskjeden kommer opp.

I oppgavebehandling under prosesser finner jeg to av denne prosessen, en tar snaue 3k, den andre ca 800.

 

Og ja, det er ikke taskmgr.exe, det er en tredje prosess ;)

 

Noen som vet noe om problemet? Har prøvd div tjenester på nettet, men alle finner jo selvsagt mange hundre feil og kan kun fikse 10 av dem gratis eller lignende, finner ingenting om det samme problemet...

 

Si fra hvilke logger dere vil ha om det hjelper dere :)

 

Har kjennskap til HJT, combofix funka ikke sist, men kan gjerne prøve igjen :)

Endret av ssf
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
ssf

ssf

Skrevet
  • Forfatter
Skrevet

Prøver meg i å bumpe.

 

Har vært inne i oppgaveplanlegging, men virket ikke som det var noe unormalt der, slik av planlagte oppgaver med "rare navn" :p

 

Hadde vært utrolig bra om noen kunne ha hjulpet meg med dette...

Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet

synes du kan prøve det snippsat skrev på slutten av den forrige tråden. dersom det stemmer at det er spyware e.l som er problemet, burde du fortsette med dette. Når noen som kan å se gjennom combofix (Deckard dersom du ikke får til combofix), kan bekrefte at det ikke er noe galt her, synes jeg det er på tide å få flyttet denne tråden til "maskinen fungerer ikke"

 

1. Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vinduet mens programmet kjører. Det kan føre til at PC-en fryser.

post logg C:\combofix.txt

Problemer med og få kjørt combofix? Disable antivirus midlertidig mens programmet kjører. Hvis dette ikke hjelper; Boot f8 sikkerhetmodus prøv og kjør derfra.

Dette lages en logg som du kopierer og limer inn i posten

 

2. Hvis du ikke får til combofix:

Hent Deckard legg på skrivebord.

Kjør dss.exe og følge veiledningen.

Når scanningen er ferdig, åpnes det en logg (main.txt). Den kopierer du og poster.

 

 

3. Når du er ferdig med punkt 1 (eller 2) kan du poste en ny hijack this-logg, så ser vi om det fortsatt er noe å hente her.

 

 

 

(du bør editere førsteposten din, og henvise til din forrige tråd: https://www.diskusjon.no/index.php?showtopic=910893 )

Lenke til kommentar
ssf

ssf

Skrevet
  • Forfatter
Skrevet

Først combofix loggen (fikk kjørt den nå :) :

 

ComboFix 08-03-10.1 - Sindre 2008-03-11 19:24:25.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1147 [GMT 1:00]

Running from: C:\Users\Sindre\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-11 18:33 --------- d-----w C:\Users\Sindre\AppData\Roaming\stickies

2008-03-11 18:19 --------- d-----w C:\Users\Sindre\AppData\Roaming\SiteAdvisor

2008-03-11 18:11 --------- d-----w C:\Users\Sindre\AppData\Roaming\Ashampoo

2008-03-11 18:08 --------- d-----w C:\Program Files\Ashampoo

2008-03-11 16:34 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-11 15:53 --------- d-----w C:\Program Files\SyncBack

2008-03-09 16:49 --------- d-----w C:\Users\Sindre\AppData\Roaming\uTorrent

2008-03-09 13:24 --------- d-----w C:\Program Files\Songbird

2008-03-08 20:00 --------- d-----w C:\ProgramData\SongbirdVLC

2008-03-08 19:59 --------- d-----w C:\Users\Sindre\AppData\Roaming\Songbird1

2008-03-08 11:04 27,934 ----a-w C:\Users\Sindre\AppData\Roaming\nvModes.dat

2008-03-08 10:38 --------- d-----w C:\Program Files\ALZip

2008-03-08 00:07 --------- d-----w C:\Users\Sindre\AppData\Roaming\Nokia

2008-03-08 00:04 --------- d-----w C:\ProgramData\Nokia

2008-03-08 00:02 --------- d-----w C:\ProgramData\Installations

2008-03-08 00:02 --------- d-----w C:\Program Files\Nokia

2008-03-08 00:02 --------- d-----w C:\Program Files\Common Files\Nokia

2008-03-07 13:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-07 13:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-03-06 23:45 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-06 17:42 --------- d-----w C:\ProgramData\Avira

2008-03-06 17:42 --------- d-----w C:\Program Files\Avira

2008-03-06 17:27 --------- d-----w C:\ProgramData\avg7

2008-03-06 16:58 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-03-02 20:59 --------- d-----w C:\Users\Sindre\AppData\Roaming\DVD Flick

2008-03-02 17:28 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll

2008-03-02 16:28 --------- d-----w C:\Program Files\DVD Flick

2008-03-02 01:14 --------- d-----w C:\Program Files\Samurize

2008-03-02 00:00 --------- d-----w C:\Program Files\MSN Messenger

2008-03-01 23:58 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-03-01 23:58 --------- d-----w C:\Program Files\Windows Live

2008-03-01 23:57 --------- d-----w C:\ProgramData\WLInstaller

2008-03-01 18:28 --------- d-----w C:\Users\Sindre\AppData\Roaming\ExportTool

2008-02-29 15:38 --------- d-----w C:\Users\Sindre\AppData\Roaming\SUPERAntiSpyware.com

2008-02-29 15:38 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com

2008-02-29 12:19 --------- d-----w C:\Users\Sindre\AppData\Roaming\ImgBurn

2008-02-29 12:04 --------- d-----w C:\Program Files\ImgBurn

2008-02-28 22:54 --------- d-----w C:\ProgramData\DVD Shrink

2008-02-28 13:48 --------- d-----w C:\Program Files\Stardock

2008-02-28 01:25 --------- d-----w C:\Users\Sindre\AppData\Roaming\dvdcss

2008-02-26 17:16 --------- d-----w C:\Program Files\Eidos Interactive

2008-02-26 16:41 --------- d-----w C:\Users\Sindre\AppData\Roaming\AVG7

2008-02-25 21:06 --------- d-----w C:\Program Files\Microsoft Games

2008-02-25 17:23 --------- d-----w C:\Users\Sindre\AppData\Roaming\Roxio

2008-02-25 10:41 --------- d-----w C:\ProgramData\comodo

2008-02-25 00:45 --------- d-----w C:\ProgramData\Age of Empires 3

2008-02-25 00:03 --------- d-----w C:\Program Files\Praetorians

2008-02-24 22:34 83,448 ----a-w C:\Windows\system32\drivers\cmdguard.sys

2008-02-24 22:34 25,080 ----a-w C:\Windows\system32\drivers\cmdhlp.sys

2008-02-24 22:34 139,008 ----a-w C:\Windows\System32\guard32.dll

2008-02-24 22:34 --------- d-----w C:\Users\Sindre\AppData\Roaming\Comodo

2008-02-24 22:34 --------- d-----w C:\Program Files\COMODO

2008-02-21 15:19 --------- d--h--w C:\Program Files\Creative Installation Information

2008-02-21 15:17 --------- d-----w C:\Program Files\Common Files\Creative

2008-02-20 20:42 --------- d-----w C:\ProgramData\Creative

2008-02-20 20:32 --------- d-----w C:\Program Files\Creative

2008-02-20 16:48 --------- d-----w C:\Program Files\CONEXANT

2008-02-18 19:33 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-02-18 19:03 --------- d-----w C:\Program Files\DAEMON Tools

2008-02-17 15:02 --------- d-----w C:\ProgramData\Lavasoft

2008-02-17 14:12 --------- d-----w C:\Users\Sindre\AppData\Roaming\PC Suite

2008-02-17 14:12 --------- d-----w C:\ProgramData\PC Suite

2008-02-17 14:09 --------- d-----w C:\Program Files\DIFX

2008-02-17 14:07 --------- d-----w C:\Program Files\Common Files\PCSuite

2008-02-17 14:05 --------- d-----w C:\Program Files\PC Connectivity Solution

2008-02-17 11:35 --------- d-----w C:\Users\Sindre\AppData\Roaming\Any Video Converter

2008-02-17 11:35 --------- d-----w C:\Program Files\Any Video Converter

2008-02-17 01:33 --------- d-----w C:\ProgramData\Sonic

2008-02-17 00:57 --------- d-----w C:\Program Files\CS 1.6

2008-02-17 00:51 441,760 ----a-w C:\Windows\system32\drivers\timntr.sys

2008-02-17 00:51 44,384 ----a-w C:\Windows\system32\drivers\tifsfilt.sys

2008-02-17 00:51 --------- d-----w C:\ProgramData\Acronis

2008-02-17 00:50 368,544 ----a-w C:\Windows\system32\drivers\tdrpman.sys

2008-02-17 00:50 129,248 ----a-w C:\Windows\system32\drivers\snapman.sys

2008-02-17 00:50 --------- d-----w C:\Program Files\Common Files\Acronis

2008-02-17 00:49 --------- d-----w C:\Program Files\Acronis

2008-02-17 00:44 --------- d-----w C:\Program Files\Common Files\Stardock

2008-02-17 00:37 --------- d-----w C:\Program Files\PDF-XChange Viewer

2008-02-17 00:36 --------- d-----w C:\Program Files\Yawcam

2008-02-17 00:34 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-02-17 00:33 --------- d-----w C:\ProgramData\Microsoft Help

2008-02-17 00:33 --------- d-----w C:\Program Files\DVD Shrink

2008-02-17 00:26 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe

2008-02-17 00:26 --------- d-----w C:\Users\Sindre\AppData\Roaming\TuneUp Software

2008-02-17 00:25 --------- d-----w C:\ProgramData\TuneUp Software

2008-02-17 00:25 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-02-17 00:18 --------- d-----w C:\Program Files\AMD

2008-02-17 00:15 --------- d-----w C:\Program Files\JAlbumWin

2008-02-17 00:11 --------- d-----w C:\Program Files\MSECache

2008-02-16 23:01 --------- d-----w C:\ProgramData\SlySoft

2008-02-16 23:01 --------- d-----w C:\ProgramData\NVIDIA

2008-02-16 22:50 --------- d-----w C:\Program Files\SlySoft

2008-02-16 22:48 --------- d-----w C:\Users\Sindre\AppData\Roaming\MixMeister Technology

2008-02-16 22:48 --------- d-----w C:\Program Files\MixMeister Fusion

2008-02-16 21:59 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-02-16 21:53 --------- d-----w C:\ProgramData\Messenger Plus!

2008-02-16 21:52 --------- d-----w C:\Program Files\Messenger Plus! Live

2008-02-16 21:34 --------- d-----w C:\Program Files\Microsoft.NET

2008-02-16 21:17 --------- d-----w C:\Program Files\PhotoScape

2008-02-16 21:15 --------- d-----w C:\Program Files\Paint.NET

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}]

2008-01-30 16:31 1199104 --a------ C:\Program Files\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2008-03-02 01:10 5724184]

"DisplayFusion"="C:\Program Files\DisplayFusion\DisplayFusion.exe" [2008-02-07 22:37 267264]

"XNeat Windows Manager"="C:\Program Files\XNeat Windows Manager\XNeatWM.exe" [2008-02-07 02:30 77824]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-16 18:58 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-06-22 10:50 77824]

"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 08:05 81920]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-02-24 23:34 1502976]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-06 18:46 249896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

 

C:\Users\Sindre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Client Default.lnk - C:\Program Files\Samurize\Client.exe [2007-04-07 21:02:08 2010624]

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-02-17 01:45:00 3581680]

Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:45 757760]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll C:\Windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D92D1A50-E7D9-4D85-AEAE-748E5D6553A8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play

"{712AB7A2-EEC2-46C6-AE72-0B0882FCD9AD}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program

"{4895A27F-2A06-48B4-9A99-F4DE0FCCEDE6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{5CF73331-0C5D-4981-BC40-71D229ED751B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{119D2136-BD08-4C52-B2D8-CF36061B7F42}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{11E3605C-784A-40BA-ACE7-B49B3BBBE68D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{8B89D5C4-1FA7-4FF7-AA50-9652697FC33A}C:\users\sindre\programmer ++\aoe2\age of empires ii\age2_x1.exe"= UDP:C:\users\sindre\programmer ++\aoe2\age of empires ii\age2_x1.exe:age2_x1.exe|Desc=age2_x1.exe

"UDP Query User{EDC929C1-EED5-4683-817C-3FBFC90AEB4D}C:\users\sindre\programmer ++\aoe2\age of empires ii\age2_x1.exe"= TCP:C:\users\sindre\programmer ++\aoe2\age of empires ii\age2_x1.exe:age2_x1.exe|Desc=age2_x1.exe

"TCP Query User{501FC20B-9769-4580-841B-1A6DDCB12F87}C:\users\sindre\programmer ++\aoe2\age of empires ii\empires2.exe"= UDP:C:\users\sindre\programmer ++\aoe2\age of empires ii\empires2.exe:empires2.exe|Desc=empires2.exe

"UDP Query User{CFBE2483-ED62-40FF-8C12-85705639FC59}C:\users\sindre\programmer ++\aoe2\age of empires ii\empires2.exe"= TCP:C:\users\sindre\programmer ++\aoe2\age of empires ii\empires2.exe:empires2.exe|Desc=empires2.exe

"{B9AD2CDB-64CD-4541-9882-410FC8E43948}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{66B8A8D3-E4A0-4F9A-A17D-63DE2070BE02}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{5DBFC039-F0CB-4264-B104-E42004904429}C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe"= UDP:C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe:SAgent4|Desc=SAgent4

"UDP Query User{3ECB0656-2B67-4737-9FA8-866558C39C96}C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe"= TCP:C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe:SAgent4|Desc=SAgent4

"TCP Query User{A9433CED-AD89-4E48-8EC3-C1D9CAA3133E}C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe"= UDP:C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe:SAgent4|Desc=SAgent4

"UDP Query User{624916BD-32C1-4341-9C39-ECC2A515A98C}C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe"= TCP:C:\windows\system32\spool\drivers\w32x86\3\sagent4.exe:SAgent4|Desc=SAgent4

"TCP Query User{0A039C1C-49E8-427A-A262-EA9CAC25ECD1}C:\program files\praetorians\praetorians.exe"= UDP:C:\program files\praetorians\praetorians.exe:praetorians|Desc=praetorians

"UDP Query User{E5FFFAE1-578E-4691-8942-566AE7500347}C:\program files\praetorians\praetorians.exe"= TCP:C:\program files\praetorians\praetorians.exe:praetorians|Desc=praetorians

"TCP Query User{0917545A-4DC0-4CED-97EF-BE5CD3A9BEBD}C:\windows\system32\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java Platform SE binary|Desc=Java Platform SE binary

"UDP Query User{4EDECF87-D449-4A41-BE2C-FBB056AFB746}C:\windows\system32\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java Platform SE binary|Desc=Java Platform SE binary

"{D4A95812-5482-4119-BFCD-2C060757401C}"= UDP:F:\Installasjoner\Age of Empires 3\age3x.exe:Age of Empires III - The WarChiefs

"{B3EED589-3774-4067-8FDC-5897F3973DBC}"= TCP:F:\Installasjoner\Age of Empires 3\age3x.exe:Age of Empires III - The WarChiefs

"TCP Query User{660714B6-A165-4301-A34E-70CDA16FC399}C:\program files\cs 1.6\hl.exe"= UDP:C:\program files\cs 1.6\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher

"UDP Query User{ADCDC628-AE45-4B9D-8D80-64CD7F2B02FC}C:\program files\cs 1.6\hl.exe"= TCP:C:\program files\cs 1.6\hl.exe:Half-Life Launcher|Desc=Half-Life Launcher

"TCP Query User{D1B31206-F0CB-4562-BF9E-A890EFA7F480}C:\users\sindre\programmer\aoe2\age of empires ii\empires2.exe"= UDP:C:\users\sindre\programmer\aoe2\age of empires ii\empires2.exe:empires2.exe|Desc=empires2.exe

"UDP Query User{A6CBD031-A788-4871-A55D-4E0531523A1E}C:\users\sindre\programmer\aoe2\age of empires ii\empires2.exe"= TCP:C:\users\sindre\programmer\aoe2\age of empires ii\empires2.exe:empires2.exe|Desc=empires2.exe

"TCP Query User{ED7BFF05-7583-439F-A793-EC105D71697C}C:\users\sindre\programmer\aoe2\age of empires ii\age2_x1.exe"= UDP:C:\users\sindre\programmer\aoe2\age of empires ii\age2_x1.exe:age2_x1.exe|Desc=age2_x1.exe

"UDP Query User{2142C588-9BAA-4556-95F0-8323922C0A65}C:\users\sindre\programmer\aoe2\age of empires ii\age2_x1.exe"= TCP:C:\users\sindre\programmer\aoe2\age of empires ii\age2_x1.exe:age2_x1.exe|Desc=age2_x1.exe

"TCP Query User{74C5BFB4-D817-432E-A448-58B10401584A}C:\windows\system32\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper|Desc=Microsoft DirectPlay Helper

"UDP Query User{53C6ED46-969C-4D25-9CC9-AE0D44637190}C:\windows\system32\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper|Desc=Microsoft DirectPlay Helper

"TCP Query User{4FE67EDE-3D17-4DF7-ADE6-EEB746A62105}F:\installasjoner\praetorians\praetorians.exe"= UDP:F:\installasjoner\praetorians\praetorians.exe:praetorians|Desc=praetorians

"UDP Query User{C6C82FAD-F65D-4D11-9B8A-94A13EDF7B2C}F:\installasjoner\praetorians\praetorians.exe"= TCP:F:\installasjoner\praetorians\praetorians.exe:praetorians|Desc=praetorians

"{D3C22EA4-B8D4-42AA-8FEF-187D13DC11E1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"TCP Query User{99870603-4CBE-4384-B7D5-4492B27C5412}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater

"UDP Query User{8238A80B-C144-4CA9-B630-29A86DB59212}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater

"TCP Query User{143D9402-9D93-4CB4-9329-DC9DC8F31C31}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process

"UDP Query User{320D9267-0106-4B0E-9A45-320D59D40D67}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\Windows\system32\DRIVERS\tdrpman.sys [2008-02-17 01:50]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-02-24 23:34]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-02-24 23:34]

R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 gearsec;gearsec;C:\Windows\system32\gearsec.exe [2005-11-30 11:43]

R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-30 20:51]

R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 10:45]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 09:51]

R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 09:51]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 09:51]

R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50]

R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 22:25]

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-02-17 01:26]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

Cognizance REG_MULTI_SZ ASBroker ASChannel

GPSvcGroup REG_MULTI_SZ GPSvc

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-11 19:32:48

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\system32\winlogon.exe [6.00.6000.16386]

-> C:\Windows\system32\guard32.dll

 

PROCESS: C:\Windows\system32\lsass.exe [6.00.6000.16386]

-> C:\Windows\system32\guard32.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Windows\system32\conime.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2008-03-11 19:37:12 - machine was rebooted

.

2008-03-07 13:06:07 --- E O F ---

 

 

Så kommer HJT logg:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:56:45, on 11.03.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\DisplayFusion\DisplayFusion.exe

C:\Program Files\XNeat Windows Manager\XNeatWM.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Stickies\stickies.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\explorer.exe

C:\Users\Sindre\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\XNeatWM.exe /h

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O20 - AppInit_DLLs: APSHook.dll C:\Windows\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: gearsec - GEAR Software - C:\Windows\system32\gearsec.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9575 bytes

 

 

 

 

 

 

 

Tusen takk for at du/dere tar dere tid til dette!!! :D

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet (endret)

Combofix-loggen ser også grei ut.

 

Du bør vurder om Messenger Plus! er noe du må ha. Programmet støtter adware.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør/søk-feltet

Hjt avinstallerer du fra legg til/fjern programmer (kontrollpanelet)

Endret av norbat
Lenke til kommentar
ssf

ssf

Skrevet
  • Forfatter
Skrevet (endret)

Okei, takker for all hjelp :) Da avinstallerer jeg combo og hjt, skal også vurdere å fjerne plus!, men den fungerer veldig fint sammen med wlm og a-patch nå! hehe

 

Skal vurdere å skaffe meg annen klient, f.eks a-msn... Men det blir en annen sak. (Den saken innebærer også at messengern min nå bruker lite minne, mens jeg tror amsn er litt buggy enda, pg ble ikke helt fornøyd med pidgin osv (A) Litt kresen, vet det..)

 

 

Som sagt, takk for hjelp likevel, selv om problemet i og for seg ikke ble fikset! (da vet jeg at det ikke er noe galt med loggene i alle fall!)

 

 

 

 

 

Når jeg skriver inn combofix /u i kjør, kommer denne beskjeden opp:

post-114258-1205270597_thumb.jpg

 

Men ligger jo en del mapper/filer på c: ...

Endret av ssf
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...