Maskinen er kokko.. hva kan jeg gjøre?

theboss22 · 12. mars 2008

Fyfaen ta den jævla datan!!!.. Det popper opp hele tia no virusmøøøk om at jeg bør instalere denne osv.. Det er flere brukere av denne maskinen så gud vet hva de gjør med den?

Popper opp program som: Files secure. men prøver å slette den men den vil jo ikke!!!!!

Håper på rimeli kvikt svar!!.. Takk

Sokkalf™ · 12. mars 2008

Kanskje du burde prøve å beskrive problemet ordentlig, og ikke bare slenge ut noen frustrerte gloser.

theboss22 · 12. mars 2008

Kanskje du burde prøve å beskrive problemet ordentlig, og ikke bare slenge ut noen frustrerte gloser.

Hehe.. Jo nå ska vi c.. Når jeg går inn på internett så popper det opp: system feil eller lignende. Også ting som sier at jeg bør innstalere dette virus proramet eller spyware programet.. sånne ting.. Må få det vekk.. kommer hver gang en ny side blir opplasta!!!

snippsat · 12. mars 2008

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

theboss22 · 12. mars 2008

Last ned HijackThis legg i egen mappe på skrivebordet.
Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:07:08, on 12.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe

C:\Programfiler\Ares\Ares.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Files-Secure\secure.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: CIEIntegrator Object - {5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E} - C:\Programfiler\TopSalgAntivirus\Tools\pblock.dll

O2 - BHO: IEFW Object - {6F87F145-DC2D-4766-AF03-3A3B96FFAD98} - C:\Programfiler\TopSalgAntivirus\Tools\sbiebho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Media Player - {9E4503CE-5E52-41F9-A603-D63ED018CED5} - C:\WINDOWS\wmpdxm.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O2 - BHO: (no name) - {BEEBF973-2D68-4D35-8548-D04AA50E6030} - C:\WINDOWS\system32\atrac.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programfiler\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" -start

O4 - HKCU\..\Run: [ares] "C:\Programfiler\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [sTYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Tilkoblingshjelp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Programfiler\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe

O24 - Desktop Component 0: (no name) - http://static.youtube.com/yt/js/watch_all-vfl29352.js

O24 - Desktop Component 1: (no name) - http://alrafdean.org/flag-iraq.gif

O24 - Desktop Component 2: (no name) - http://www.virtualadvantages.com/images/12...atlpop_back.jpg

--

End of file - 8048 bytes

snippsat · 12. mars 2008

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Restart og en ny HijackThis logg.

LysDiode · 12. mars 2008

Ta en titt på denne

Mvh Pilarwiki aka diskusjonsgjest

theboss22 · 12. mars 2008

Last Combofix ned ,legg på skrivebordet.
Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Restart og en ny HijackThis logg.

ComboFix 08-03-10.1 - Compaq_Eier 2008-03-12 16:19:24.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.101 [GMT 1:00]

Running from: C:\Documents and Settings\Compaq_Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\GHYZWXAZ\ComboFix[1].exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Compaq_Eier\ResErrors.log

C:\WINDOWS\system32\drivers\dhlp.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DHLP

-------\LEGACY_FMTR

-------\dhlp

((((((((((((((((((((((((( Files Created from 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))

.

2008-03-12 16:06 . 2008-03-12 16:06 <DIR> d-------- C:\Programfiler\Trend Micro

2008-03-11 21:33 . 2008-03-11 21:33 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Printer Info Cache

2008-03-11 21:33 . 2008-03-11 21:40 <DIR> d-------- C:\Documents and Settings\Compaq_Eier\Programdata\Image Zone Express

2008-03-11 17:19 . 2008-03-11 17:19 <DIR> d-------- C:\Programfiler\Files-Secure

2008-03-11 04:13 . 2008-03-11 04:13 220,672 --a------ C:\WINDOWS\wmpdxm.dll

2008-03-11 04:13 . 2008-03-11 04:13 50 --a------ C:\amp.bat

2008-03-10 10:43 . 2008-03-10 10:43 <DIR> d-------- C:\WINDOWS\system32\Engines

2008-03-10 10:43 . 2008-03-10 10:43 <DIR> d--hs---- C:\TopSalgAntivirus

2008-03-10 10:43 . 2008-03-11 04:36 <DIR> d-------- C:\Programfiler\TopSalgAntivirus

2008-03-09 09:58 . 2008-03-10 03:01 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-03-04 15:37 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2008-03-01 20:04 . 2008-03-01 20:04 2,193,024 --a------ C:\WINDOWS\system32\kernel1.exe

2008-03-01 20:04 . 2007-09-06 13:09 212 -rahs---- C:\BOOT.BKK

2008-03-01 20:00 . 2008-03-01 20:00 <DIR> d-------- C:\Programfiler\TGTSoft

2008-02-17 13:22 . 2008-02-17 13:22 <DIR> d-------- C:\Programfiler\SpyShredder

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-10 09:43 --------- d-----w C:\Programfiler\Fellesfiler\TopSalgAntivirus

2008-03-10 09:40 252,432 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\install_no[1].exe

2008-02-11 22:55 19,584 ----a-w C:\WINDOWS\system32\drivers\wedmrcnn.dat

2008-02-09 22:32 --------- d-----w C:\Programfiler\MinneSparere

2008-02-08 17:40 --------- d-----w C:\Programfiler\IObit

2008-02-02 18:16 260,624 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\setup_no[1].exe

2008-01-31 11:47 --------- d-----w C:\Programfiler\Google

2008-01-30 13:49 --------- d-----w C:\Programfiler\Java

2007-12-10 21:42 1,346 ----a-w C:\Documents and Settings\Compaq_Eier\Programdata\wklnhst.dat

2007-01-01 12:43 1,600,864 ----a-w C:\Documents and Settings\Compaq_Eier\setup.exe

2004-02-04 18:53 24,070,405 ----a-w C:\Documents and Settings\Compaq_Eier\nero6303.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C3F6257-3E00-45C2-88D5-CB0F3A17BF0E}]

2007-12-25 15:32 223232 --a------ C:\Programfiler\TopSalgAntivirus\Tools\pblock.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F87F145-DC2D-4766-AF03-3A3B96FFAD98}]

2007-12-25 15:39 1102848 --a------ C:\Programfiler\TopSalgAntivirus\Tools\sbiebho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E4503CE-5E52-41F9-A603-D63ED018CED5}]

2008-03-11 04:13 220672 --a------ C:\WINDOWS\wmpdxm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEEBF973-2D68-4D35-8548-D04AA50E6030}]

2008-03-05 23:30 98048 --a------ C:\WINDOWS\system32\atrac.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="C:\Programfiler\Ares\Ares.exe" [2007-05-14 23:37 964608]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]

"Yahoo! Pager"="C:\Programfiler\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [ ]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-30 15:04 171448]

"NBJ"="C:\Programfiler\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35 1961984]

"STYLEXP"="C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 04:05 344064]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2005-01-01 15:27 180269]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-07 15:55 267064]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50 221184]

"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]

"ugac"="C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe" [2007-08-21 14:11 151126]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

Icatch(VI) SnapDetect.lnk - C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe [2008-01-06 21:19:52 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Ares\\Ares.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Programfiler\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\WebEye\\WebEye.exe"=

"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

R0 yfkutzfn;yfkutzfn;C:\WINDOWS\system32\drivers\wedmrcnn.dat []

.

Contents of the 'Scheduled Tasks' folder

"2008-03-11 02:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"

- C:\Programfiler\AdwareAlert\AdwareAlert.ex

- C:\Programfiler\AdwareAlert

"2008-03-12 00:27:02 C:\WINDOWS\Tasks\Internett-tjenester.job"

- C:\Programfiler\Hewlett-Packard\SDP\HPSdpApp.exea/remind /LaunchPoint reminder /App C:\Programfiler\Hewlett-Packard\Internet Services\StartIS.aml

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-12 16:22:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yfkutzfn]

"ImagePath"="system32\drivers\wedmrcnn.dat"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2008-03-12 16:24:22 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-12 15:24:18

.

2008-03-10 02:01:14 --- E O F ---

Hijackthis2

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:27:25, on 12.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\FELLES~1\TOPSAL~1\ugac.exe

C:\Programfiler\Ares\Ares.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE