kan noen sjekke ut hijackthis loggen min?

Hippiebanan · 20. april 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:13:16, on 20.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Programfiler\Dell Network Assistant\hnm_svc.exe

C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\iTunes\iTunes.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Picasa2\Picasa2.exe

C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdoclc.dll/offcancl.htm

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programfiler\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programfiler\Dell Network Assistant\hnm_svc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Programfiler\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 4365 bytes

norbat · 20. april 2008

Ikke så mye å se i den loggen. Har du mistanke om noe?

Du kan godt kjøre en combofix-scan:

Last ned Combofix , og legg det på skrivebordet.

Kjør combofix.exe, og følg veiledningen.

Post loggen den lager

Hippiebanan · 21. april 2008

jeg kjørte hijackthis, og så sletta jeg alt den kom opp med, har jeg mistet noen viktige programmer da ? :O

og Pcn min er treg og klikker hele tiden. og så er det noe galt med proxy eller nøkkelporteren elns... kommer ikke inn på msn live messenger pga det..

her er loggen

ComboFix 08-04-20.5 - renate wollum 2008-04-21 19:03:43.1 - NTFSx86

Running from: C:\Documents and Settings\renate wollum\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\setup.inf

.

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))

.

2008-04-21 17:31 . 2008-04-21 17:31 <DIR> d-------- C:\WINDOWS\LastGood

2008-04-21 17:24 . 2008-04-21 17:24 268 --ah----- C:\sqmdata19.sqm

2008-04-21 17:24 . 2008-04-21 17:24 244 --ah----- C:\sqmnoopt19.sqm

2008-04-20 14:55 . 2008-04-20 14:55 653 --a------ C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini

2008-04-20 14:46 . 2008-04-20 14:46 <DIR> d-------- C:\Programfiler\Trend Micro

2008-04-20 03:09 . 2008-04-20 03:08 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-04-20 03:08 . 2008-04-20 11:21 <DIR> d-------- C:\Documents and Settings\renate wollum\.housecall6.6

2008-04-20 02:51 . 2008-04-20 02:51 <DIR> d-------- C:\Programfiler\aMSN

2008-04-20 02:51 . 2008-04-20 17:34 <DIR> d-------- C:\Documents and Settings\renate wollum\amsn

2008-04-18 20:22 . 2008-04-18 20:22 268 --ah----- C:\sqmdata18.sqm

2008-04-18 20:22 . 2008-04-18 20:22 244 --ah----- C:\sqmnoopt18.sqm

2008-04-13 22:05 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\system32\lfpsd13n.dll

2008-04-13 00:18 . 2008-04-15 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-04-12 18:17 . 2008-04-12 18:17 304 --ah----- C:\sqmdata16.sqm

2008-04-12 18:17 . 2008-04-12 18:17 268 --ah----- C:\sqmdata17.sqm

2008-04-12 18:17 . 2008-04-12 18:17 244 --ah----- C:\sqmnoopt17.sqm

2008-04-12 18:17 . 2008-04-12 18:17 244 --ah----- C:\sqmnoopt16.sqm

2008-04-11 17:57 . 2008-04-11 17:57 244 --ah----- C:\sqmnoopt15.sqm

2008-04-11 17:57 . 2008-04-11 17:57 232 --ah----- C:\sqmdata15.sqm

2008-04-09 15:30 . 2008-04-09 15:30 <DIR> d-------- C:\Programfiler\Torrent Episode Downloader

2008-04-07 17:08 . 2004-08-04 01:03 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll

2008-04-07 17:08 . 2001-08-18 06:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe

2008-04-07 17:08 . 2001-10-06 14:03 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe

2008-04-07 17:08 . 2001-10-06 14:02 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll

2008-04-07 17:08 . 2001-10-06 14:02 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll

2008-04-07 17:08 . 2001-10-06 14:03 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe

2008-04-07 17:06 . 2001-08-17 21:28 794,399 --a------ C:\WINDOWS\system32\dllcache\usr1806v.sys

2008-04-07 17:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys

2008-04-07 17:04 . 2001-10-06 14:02 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll

2008-04-07 17:02 . 2004-08-04 13:00 185,344 --a------ C:\WINDOWS\system32\dllcache\thawbrkr.dll

2008-04-07 16:57 . 2004-08-04 13:00 459,264 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll

2008-04-07 16:56 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys

2008-04-07 16:55 . 2001-10-06 14:01 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll

2008-04-07 16:54 . 2004-08-04 01:03 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll

2008-04-07 16:53 . 2001-10-06 13:38 899,242 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys

2008-04-07 16:49 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys

2008-04-07 16:48 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys

2008-04-07 16:47 . 2004-08-04 01:03 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll

2008-04-07 16:46 . 2001-08-17 21:28 797,500 --a------ C:\WINDOWS\system32\dllcache\ltsmt.sys

2008-04-07 16:45 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys

2008-04-07 16:44 . 2004-08-04 01:03 152,576 --a------ C:\WINDOWS\system32\dllcache\irftp.exe

2008-04-07 16:44 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\dllcache\irda.sys

2008-04-07 16:44 . 2004-08-04 13:00 34,816 --a------ C:\WINDOWS\system32\dllcache\iprip.dll

2008-04-07 16:44 . 2001-08-17 21:49 26,624 --a------ C:\WINDOWS\system32\dllcache\irstusb.sys

2008-04-07 16:44 . 2001-08-17 21:49 23,552 --a------ C:\WINDOWS\system32\dllcache\irmk7.sys

2008-04-07 16:44 . 2001-08-17 21:51 18,688 --a------ C:\WINDOWS\system32\dllcache\irsir.sys

2008-04-07 16:44 . 2004-08-04 13:00 18,432 --a------ C:\WINDOWS\system32\dllcache\jupiw.dll

2008-04-07 16:42 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys

2008-04-07 16:41 . 2001-10-06 14:02 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll

2008-04-07 16:40 . 2001-10-06 13:32 595,743 --a------ C:\WINDOWS\system32\dllcache\es56cvmp.sys

2008-04-07 16:39 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys

2008-04-07 16:38 . 2001-10-06 14:02 618,525 --a------ C:\WINDOWS\system32\dllcache\digiview.exe

2008-04-07 16:37 . 2001-10-06 13:34 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys

2008-04-07 16:36 . 2001-08-17 21:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys

2008-04-07 16:35 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll

2008-04-05 18:44 . 2008-04-05 18:44 268 --ah----- C:\sqmdata14.sqm

2008-04-05 18:44 . 2008-04-05 18:44 244 --ah----- C:\sqmnoopt14.sqm

2008-04-05 18:21 . 2008-04-05 18:21 268 --ah----- C:\sqmdata13.sqm

2008-04-05 18:21 . 2008-04-05 18:21 268 --ah----- C:\sqmdata12.sqm

2008-04-05 18:21 . 2008-04-05 18:21 244 --ah----- C:\sqmnoopt13.sqm

2008-04-05 18:21 . 2008-04-05 18:21 244 --ah----- C:\sqmnoopt12.sqm

2008-04-02 23:53 . 2008-04-02 23:53 268 --ah----- C:\sqmdata11.sqm

2008-04-02 23:53 . 2008-04-02 23:53 244 --ah----- C:\sqmnoopt11.sqm

2008-04-02 17:15 . 2008-04-02 17:15 268 --ah----- C:\sqmdata10.sqm

2008-04-02 17:15 . 2008-04-02 17:15 244 --ah----- C:\sqmnoopt10.sqm

2008-04-02 14:10 . 2008-04-02 14:10 268 --ah----- C:\sqmdata09.sqm

2008-04-02 14:10 . 2008-04-02 14:10 244 --ah----- C:\sqmnoopt09.sqm

2008-04-02 13:05 . 2008-04-02 13:05 268 --ah----- C:\sqmdata08.sqm

2008-04-02 13:05 . 2008-04-02 13:05 244 --ah----- C:\sqmnoopt08.sqm

2008-04-02 00:12 . 2008-04-02 00:12 268 --ah----- C:\sqmdata07.sqm

2008-04-02 00:12 . 2008-04-02 00:12 244 --ah----- C:\sqmnoopt07.sqm

2008-03-31 00:29 . 2008-03-31 00:29 268 --ah----- C:\sqmdata06.sqm

2008-03-31 00:29 . 2008-03-31 00:29 244 --ah----- C:\sqmnoopt06.sqm

2008-03-28 23:40 . 2008-04-05 18:38 <DIR> d-------- C:\Programfiler\Free Screen Recorder

2008-03-28 21:39 . 2008-03-28 21:39 304 --ah----- C:\sqmdata05.sqm

2008-03-28 21:39 . 2008-03-28 21:39 244 --ah----- C:\sqmnoopt05.sqm

2008-03-28 16:47 . 2008-03-28 16:47 268 --ah----- C:\sqmdata04.sqm

2008-03-28 16:47 . 2008-03-28 16:47 244 --ah----- C:\sqmnoopt04.sqm

2008-03-28 00:13 . 2008-03-28 00:13 268 --ah----- C:\sqmdata03.sqm

2008-03-28 00:13 . 2008-03-28 00:13 244 --ah----- C:\sqmnoopt03.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-15 17:24 --------- d-----w C:\Documents and Settings\renate wollum\Programdata\LimeWire

2008-04-08 19:31 7,408 ----a-w C:\Documents and Settings\renate wollum\Programdata\wklnhst.dat

2008-04-05 16:43 --------- d-----w C:\Programfiler\MSN Messenger

2008-04-05 16:36 --------- d-----w C:\Programfiler\Windows Live

2008-04-05 16:33 --------- d-----w C:\Programfiler\Windows Live Toolbar

2008-04-05 16:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-03-26 15:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-09 17:14 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-08 23:34 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-03-03 21:59 --------- d-----w C:\Programfiler\Creative

2008-03-03 21:57 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-03-03 17:01 --------- d-----w C:\Programfiler\CONEXANT

2008-03-03 16:59 --------- d-----w C:\Programfiler\Google

2008-03-02 22:04 --------- d-----w C:\Programfiler\JLC's Software

2008-03-02 21:52 --------- d-----w C:\Documents and Settings\renate wollum\Programdata\.purple

2008-03-02 21:51 --------- d-----w C:\Documents and Settings\renate wollum\Programdata\gtk-2.0

2008-03-02 21:44 --------- d-----w C:\Programfiler\Fellesfiler\GTK

2008-03-02 21:15 --------- d-----w C:\Programfiler\Microsoft SQL Server Compact Edition

2008-03-02 21:12 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-02-22 23:51 --------- d-----w C:\Programfiler\ReflexiveArcade

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2008-02-03 18:57 38,534 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-02-03 18:57 2,382 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-10-21 18:26 56 --sh--r C:\WINDOWS\system32\9368ADD4A2.sys

2007-05-20 14:27 88 --sh--r C:\WINDOWS\system32\9DCEAD5000.sys

2007-10-21 18:26 7,152 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-24 21:51 316784 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-01-31 16:36 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\LimeWire\\LimeWire.exe"=

"C:\\Programfiler\\Dell Network Assistant\\ezi_hnm2.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys []

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 22:32]

S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys []

S4 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-23 14:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead2628e-7314-11dc-80d9-0016cfffa75e}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-03-04 20:01:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-04-14 19:08:29 C:\WINDOWS\Tasks\Norton Internet Security - Kjør full systemskanning - renate wollum.job"

- C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exec/TASK:

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-21 19:06:51

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

Completion time: 2008-04-21 19:09:14

ComboFix-quarantined-files.txt 2008-04-21 17:08:10

Pre-Run: 50,931,253,248 byte ledig

Post-Run: 51,513,982,976 byte ledig

204 --- E O F --- 2008-04-21 15:20:50

norbat · 22. april 2008

Det du bør gjøre nå er å starte HJT, velg "View the list of backups", merka alt du slettet og klikk 'Restore'.

Restart PC-en og lag en ny hjt-logg.

Hvis PC-en fortsatt er kronglete, så kan du kjøre en systemgjenoppretting til et tidspunkt FØR du slettet noe med HJT (tilbehør->systemverktøy->systemgjenoppretting).

Logg inn

kan noen sjekke ut hijackthis loggen min?

Anbefalte innlegg

Hippiebanan

Lenke til kommentar

Videoannonse

norbat

Lenke til kommentar

Hippiebanan

Lenke til kommentar

norbat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer