diabloz Skrevet 14. september 2008 Del Skrevet 14. september 2008 Hei lurer på om det er no unormalt her Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:16, on 14.09.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8568 bytes Lenke til kommentar
Svenni212000 Skrevet 14. september 2008 Del Skrevet 14. september 2008 Unormale hos deg, er at du har to antivirusprogrammer som starter med Windows. Norton 360 og AVG8. Lenke til kommentar
diabloz Skrevet 14. september 2008 Forfatter Del Skrevet 14. september 2008 C:\Windows\system32>netstat -ab Aktive tilkoblinger Prot. Lokal adresse Ekstern adresse Tilstand TCP 0.0.0.0:135 DiabloGaming:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:49152 DiabloGaming:0 LISTENING [wininit.exe] TCP 0.0.0.0:49153 DiabloGaming:0 LISTENING Eventlog [svchost.exe] TCP 0.0.0.0:49154 DiabloGaming:0 LISTENING nsi [svchost.exe] TCP 0.0.0.0:49155 DiabloGaming:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:49156 DiabloGaming:0 LISTENING [lsass.exe] TCP 0.0.0.0:49157 DiabloGaming:0 LISTENING [services.exe] TCP 127.0.0.1:49158 DiabloGaming:0 LISTENING [ccSvcHst.exe] TCP 192.168.0.180:139 DiabloGaming:0 LISTENING Kan ikke hente eierinformasjon x: Kan ikke initialisere Windows-socketer: 5 TCP [::]:135 DiabloGaming:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 DiabloGaming:0 LISTENING Kan ikke hente eierinformasjon x: Kan ikke initialisere Windows-socketer: 5 TCP [::]:5357 DiabloGaming:0 LISTENING Kan ikke hente eierinformasjon x: Kan ikke initialisere Windows-socketer: 5 TCP [::]:49152 DiabloGaming:0 LISTENING [wininit.exe] TCP [::]:49153 DiabloGaming:0 LISTENING Eventlog [svchost.exe] TCP [::]:49154 DiabloGaming:0 LISTENING nsi [svchost.exe] TCP [::]:49155 DiabloGaming:0 LISTENING Schedule [svchost.exe] TCP [::]:49156 DiabloGaming:0 LISTENING [lsass.exe] TCP [::]:49157 DiabloGaming:0 LISTENING [services.exe] TCP [::1]:49159 DiabloGaming:0 LISTENING [ccSvcHst.exe] UDP 0.0.0.0:123 *:* W32Time [svchost.exe] UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:3702 *:* FDResPub [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:57566 *:* FDResPub [svchost.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:49339 *:* [ccSvcHst.exe] UDP 127.0.0.1:52555 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:55342 *:* [iexplore.exe] UDP 192.168.0.180:137 *:* Kan ikke hente eierinformasjon x: Kan ikke initialisere Windows-socketer: 5 UDP 192.168.0.180:138 *:* Kan ikke hente eierinformasjon x: Kan ikke initialisere Windows-socketer: 5 UDP 192.168.0.180:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.0.180:52554 *:* SSDPSRV [svchost.exe] UDP [::]:123 *:* W32Time [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:3702 *:* FDResPub [svchost.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::]:57567 *:* FDResPub [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:52552 *:* SSDPSRV [svchost.exe] UDP [fe80::80e:ab95:3109:2593%8]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::80e:ab95:3109:2593%8]:52551 *:* SSDPSRV [svchost.exe] UDP [fe80::884:2dd8:3f57:ff4b%9]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::884:2dd8:3f57:ff4b%9]:52553 *:* SSDPSRV [svchost.exe] er virkelig dette riktig??? Lenke til kommentar
snippsat Skrevet 14. september 2008 Del Skrevet 14. september 2008 (endret) er virkelig dette riktig??? Ja det vil alltid være gode prosesser som har kontakt med nettet. Det som er viktig er at ikke prosesser som trojaner,keyloggere sender info ut. Du har DiabloGaming som ligger og lytter etter spillservere. Resten av prosessene er stor sett prosesser som tilhører vista. Alt dette blir kjørt under svchost som er en host for meste av nettverktilkobling. Fjern 1 antivirus som nevnt. Endret 14. september 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå