Beyma Skrevet 19. september 2007 Del Skrevet 19. september 2007 Hei Hver gang jeg starter pc er edt en prosess som jeg må stoppe for å komme på internett... Her er loggen min Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:09:16, on 19.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe D:\Medalofhonor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\Orb Networks\Orb\bin\OrbTray.exe C:\Programfiler\RALINK\Common\RaUI.exe C:\Programfiler\Orb Networks\Orb\bin\Orb.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [uSB Print] Srvces.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [uSB Print] Srvces.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Medalofhonor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- End of file - 4272 bytes Lenke til kommentar
Svenni212000 Skrevet 19. september 2007 Del Skrevet 19. september 2007 HJT loggen viser ikke noe muffins den. Hvilken prosess er det du må stoppe for å komme på nettet da? Lenke til kommentar
Beyma Skrevet 19. september 2007 Forfatter Del Skrevet 19. september 2007 Srvces.exe :S Aldri sett den før Lenke til kommentar
norbat Skrevet 19. september 2007 Del Skrevet 19. september 2007 Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (vanligvis c:\combofix.txt) sammen med ny hjt-logg Lenke til kommentar
Beyma Skrevet 19. september 2007 Forfatter Del Skrevet 19. september 2007 Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 07-09-18.4 - "Christer" 2007-09-19 18:50:48.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.1617 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . F:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 ))))))))))))))))))))))))))))))) . 2007-09-19 18:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-19 15:06 <DIR> d-------- C:\Programfiler\Lavalys 2007-09-19 14:09 <DIR> d-------- C:\Programfiler\Trend Micro 2007-09-19 13:58 <DIR> d-------- C:\WINDOWS\pss 2007-09-19 11:57 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2007-09-19 11:57 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2007-09-19 11:57 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2007-09-19 11:57 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2007-09-19 11:57 311,296 --a------ C:\WINDOWS\system32\AegisI5.exe 2007-09-19 11:57 290,897 --a------ C:\WINDOWS\system32\Install6x.dll 2007-09-19 11:57 243,328 --a------ C:\WINDOWS\system32\drivers\RT2500.SYS 2007-09-19 11:57 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-09-18 17:12 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-09-18 17:12 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-09-18 17:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-09-18 17:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-09-18 17:10 <DIR> d-------- C:\Programfiler\AGEIA Technologies 2007-09-17 22:25 <DIR> dr-h----- C:\DOCUME~1\Christer\Siste 2007-09-17 22:16 <DIR> d-------- C:\Programfiler\CCleaner 2007-09-17 20:20 <DIR> d-------- C:\DOCUME~1\Christer\PROGRA~1\vlc 2007-09-17 20:19 <DIR> d-------- C:\Programfiler\VideoLAN 2007-09-13 22:01 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-09-13 21:55 <DIR> d-------- C:\Programfiler\DAEMON Tools 2007-09-13 21:38 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-12 20:42 <DIR> d-------- C:\Programfiler\Orb Networks 2007-09-12 20:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\OrbNetworks 2007-09-12 14:50 <DIR> d-------- C:\Programfiler\DivX 2007-09-09 21:27 83,712 -ra------ C:\WINDOWS\system32\drivers\Rtenicxp.sys 2007-09-09 21:26 <DIR> d-------- C:\WINDOWS\OPTIONS 2007-09-09 21:26 <DIR> d-------- C:\Programfiler\Realtek 2007-09-04 21:32 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe 2007-09-04 21:32 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll 2007-09-04 21:32 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-09-04 21:32 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll 2007-09-04 21:32 204,800 --a------ C:\WINDOWS\system32\lvcodec2.dll 2007-09-04 21:32 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys 2007-09-04 21:32 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll 2007-09-04 21:32 1,317,152 --a------ C:\WINDOWS\system32\drivers\lvcm.sys 2007-09-04 21:32 <DIR> d-------- C:\Programfiler\Fellesfiler\Logitech 2007-09-04 21:31 306,688 --a------ C:\WINDOWS\IsUn0414.exe 2007-09-01 18:35 <DIR> d-------- C:\wmdownloads 2007-09-01 15:08 <DIR> d-------- C:\Programfiler\ATITool 2007-09-01 13:58 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-01 13:05 8 --a------ C:\WINDOWS\system32\nvModes.dat 2007-09-01 13:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\nView_Profiles 2007-09-01 12:54 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2007-09-01 12:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-09-01 12:53 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-08-31 14:23 <DIR> d-------- C:\Programfiler\uTorrent 2007-08-31 14:23 <DIR> d-------- C:\DOCUME~1\Christer\PROGRA~1\uTorrent 2007-08-31 14:16 <DIR> d-------- C:\Programfiler\Analog Devices 2007-08-31 14:12 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2007-08-31 14:12 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-08-31 00:42 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-31 00:42 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-08-31 00:41 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-31 00:40 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Lokale innstillinger 2007-08-31 00:40 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Start-meny 2007-08-31 00:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Start-meny 2007-08-31 00:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenter 2007-08-31 00:40 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Skrivere 2007-08-31 00:40 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Siste 2007-08-31 00:40 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Maler 2007-08-31 00:40 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\AndrMask 2007-08-31 00:40 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Maler 2007-08-31 00:40 <DIR> d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2007-08-31 00:40 <DIR> d-------- C:\Programfiler\Fellesfiler\ODBC 2007-08-31 00:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Skrivebord 2007-08-31 00:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Mine dokumenter 2007-08-31 00:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Favoritter 2007-08-31 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Skrivebord 2007-08-31 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Favoritter 2007-08-31 00:38 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Programdata 2007-08-31 00:38 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Programdata 2007-08-31 00:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-08-31 00:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-08-30 23:26 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-08-30 23:26 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-08-30 23:26 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-08-30 23:26 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-08-30 23:26 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-08-30 23:26 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-08-30 23:26 163,840 --a------ C:\WINDOWS\system32\unrar.dll 2007-08-30 23:26 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-08-30 23:26 <DIR> d-------- C:\Programfiler\K-Lite Codec Pack 2007-08-30 23:26 <DIR> d-------- C:\DOCUME~1\Christer\PROGRA~1\Media Player Classic 2007-08-30 23:25 <DIR> d-------- C:\DOCUME~1\Christer\PROGRA~1\WinRAR 2007-08-30 23:20 <DIR> d-------- C:\Programfiler\SpeedFan 2007-08-30 23:09 2,048 --a------ C:\WINDOWS\mozver.dat 2007-08-30 23:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-08-30 23:08 <DIR> d-------- C:\DOCUME~1\Christer\Contacts 2007-08-30 23:07 0 --a------ C:\WINDOWS\nsreg.dat 2007-08-30 23:07 <DIR> d-------- C:\Programfiler\MSN Messenger 2007-08-30 23:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-30 23:02 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-08-30 23:01 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-08-30 23:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-08-30 23:00 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-08-30 23:00 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-08-30 23:00 <DIR> d-------- C:\WINDOWS\nview . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-19 11:57 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-19 11:57 --------- d-------- C:\Programfiler\RALINK 2007-09-04 21:29 --------- d-------- C:\Programfiler\Fellesfiler\InstallShield 2007-08-30 22:50 --------- d-------- C:\Programfiler\microsoft frontpage 2007-08-30 22:49 --------- d-------- C:\Programfiler\Elektroniske tjenester 2007-08-30 22:47 --------- d-------- C:\Programfiler\Fellesfiler\Tjenester 2007-08-30 22:47 --------- d-------- C:\Programfiler\Fellesfiler\MSSoap 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll 2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe 2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll 2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll 2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll 2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll 2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll 2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll 2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll 2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll 2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll 2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll 2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll 2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll 2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll 2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe 2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2007-06-29 00:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43 1142784 --a------ C:\WINDOWS\system32\nvmobls.dll 2007-06-29 00:43 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll 2007-06-29 00:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43 1018772 --a------ C:\WINDOWS\system32\nvucode.bin 2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll 2007-06-19 15:33 282112 --a------ C:\WINDOWS\system32\gdi32.dll 2007-06-19 08:59 70400 --a------ C:\WINDOWS\system32\PhysXLoader.dll 2007-06-13 13:24:02 567,808 --sh--r C:\WINDOWS\system32\Srvces.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 14:28] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "USB Print"=Srvces.exe C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\ Ralink Wireless Utility.lnk - C:\Programfiler\RALINK\Common\RaUI.exe [2007-09-19 11:57:56] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] "C:\Programfiler\Orb Networks\Orb\bin\OrbTray.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Print] Srvces.exe R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Programfiler\Lavalys\EVEREST Ultimate Edition\kerneld.wnt *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-19 18:51:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-19 18:51:18 C:\ComboFix-quarantined-files.txt ... 2007-09-19 18:51 . --- E O F --- Hjt Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:52:02, on 19.09.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe D:\Medalofhonor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\RALINK\Common\RaUI.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\RunServices: [uSB Print] Srvces.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programfiler\RALINK\Common\RaUI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - D:\Medalofhonor\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe -- End of file - 3932 bytes Lenke til kommentar
norbat Skrevet 19. september 2007 Del Skrevet 19. september 2007 (endret) Gå til nettstedet http://virusscan.jotti.org/. Øverst på siden kan du laste opp følgende fil for sjekk: C:\WINDOWS\system32\Srvces.exe Hvis du ikke finner fila, kan det hende at du må slå på hvis skjulte filer og mapper (kontrollpanel->mappealt.->vis->'vis skjulte filer og mapper'). Post gjerne resultatet hvis du får tilbakemelding om noe ang. fila. Endret 19. september 2007 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå