hjelp med hijackthis log

[diabloz]

Hei lurer på om det er no unormalt her

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:32:16, on 14.09.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files (x86)\AVG\AVG8\avgtray.exe

C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\Internet Explorer\ieuser.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8568 bytes

[Svenni212000]

Unormale hos deg, er at du har to antivirusprogrammer som starter med Windows.

Norton 360 og AVG8.

[diabloz]

C:\Windows\system32>netstat -ab

 

Aktive tilkoblinger

 

Prot. Lokal adresse Ekstern adresse Tilstand

TCP 0.0.0.0:135 DiabloGaming:0 LISTENING

RpcSs

[svchost.exe]

TCP 0.0.0.0:49152 DiabloGaming:0 LISTENING

[wininit.exe]

TCP 0.0.0.0:49153 DiabloGaming:0 LISTENING

Eventlog

[svchost.exe]

TCP 0.0.0.0:49154 DiabloGaming:0 LISTENING

nsi

[svchost.exe]

TCP 0.0.0.0:49155 DiabloGaming:0 LISTENING

Schedule

[svchost.exe]

TCP 0.0.0.0:49156 DiabloGaming:0 LISTENING

[lsass.exe]

TCP 0.0.0.0:49157 DiabloGaming:0 LISTENING

[services.exe]

TCP 127.0.0.1:49158 DiabloGaming:0 LISTENING

[ccSvcHst.exe]

TCP 192.168.0.180:139 DiabloGaming:0 LISTENING

 

Kan ikke hente eierinformasjon

 

x: Kan ikke initialisere Windows-socketer: 5

TCP [::]:135 DiabloGaming:0 LISTENING

RpcSs

[svchost.exe]

TCP [::]:445 DiabloGaming:0 LISTENING

 

Kan ikke hente eierinformasjon

 

x: Kan ikke initialisere Windows-socketer: 5

TCP [::]:5357 DiabloGaming:0 LISTENING

 

Kan ikke hente eierinformasjon

 

x: Kan ikke initialisere Windows-socketer: 5

TCP [::]:49152 DiabloGaming:0 LISTENING

[wininit.exe]

TCP [::]:49153 DiabloGaming:0 LISTENING

Eventlog

[svchost.exe]

TCP [::]:49154 DiabloGaming:0 LISTENING

nsi

[svchost.exe]

TCP [::]:49155 DiabloGaming:0 LISTENING

Schedule

[svchost.exe]

TCP [::]:49156 DiabloGaming:0 LISTENING

[lsass.exe]

TCP [::]:49157 DiabloGaming:0 LISTENING

[services.exe]

TCP [::1]:49159 DiabloGaming:0 LISTENING

[ccSvcHst.exe]

UDP 0.0.0.0:123 *:*

W32Time

[svchost.exe]

UDP 0.0.0.0:500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:3702 *:*

FDResPub

[svchost.exe]

UDP 0.0.0.0:4500 *:*

IKEEXT

[svchost.exe]

UDP 0.0.0.0:5355 *:*

Dnscache

[svchost.exe]

UDP 0.0.0.0:57566 *:*

FDResPub

[svchost.exe]

UDP 127.0.0.1:1900 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:49339 *:*

[ccSvcHst.exe]

UDP 127.0.0.1:52555 *:*

SSDPSRV

[svchost.exe]

UDP 127.0.0.1:55342 *:*

[iexplore.exe]

UDP 192.168.0.180:137 *:*

 

Kan ikke hente eierinformasjon

 

x: Kan ikke initialisere Windows-socketer: 5

UDP 192.168.0.180:138 *:*

 

Kan ikke hente eierinformasjon

 

x: Kan ikke initialisere Windows-socketer: 5

UDP 192.168.0.180:1900 *:*

SSDPSRV

[svchost.exe]

UDP 192.168.0.180:52554 *:*

SSDPSRV

[svchost.exe]

UDP [::]:123 *:*

W32Time

[svchost.exe]

UDP [::]:500 *:*

IKEEXT

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:3702 *:*

FDResPub

[svchost.exe]

UDP [::]:5355 *:*

Dnscache

[svchost.exe]

UDP [::]:57567 *:*

FDResPub

[svchost.exe]

UDP [::1]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [::1]:52552 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::80e:ab95:3109:2593%8]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::80e:ab95:3109:2593%8]:52551 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::884:2dd8:3f57:ff4b%9]:1900 *:*

SSDPSRV

[svchost.exe]

UDP [fe80::884:2dd8:3f57:ff4b%9]:52553 *:*

SSDPSRV

[svchost.exe]

 

 

er virkelig dette riktig???

[snippsat]

er virkelig dette riktig???

Ja det vil alltid være gode prosesser som har kontakt med nettet.

Det som er viktig er at ikke prosesser som trojaner,keyloggere sender info ut.

 

Du har DiabloGaming som ligger og lytter etter spillservere.

Resten av prosessene er stor sett prosesser som tilhører vista.

 

Alt dette blir kjørt under svchost som er en host for meste av nettverktilkobling.

 

Fjern 1 antivirus som nevnt.

Endret 14. september 2008 av SNIPPSAT