Virus på pcen

manna420 · 18. april 2008

Hei

Har en eller annen form for virus på pcen. Mens jeg surfer på nettet dukker det plutselig opp med sider some sier at pcen er har virus og at jeg bør installere programmet som det henvises til. Askeladdantivirus programmet er navnet på den. Prøvd å surfe litt på nettet om det men klarer ikke å bli kvitt det. Har scanna pcen min med Hijackthis så dere får sett logfilen.

Logfile of HijackThis v1.99.1

Scan saved at 17:58:29, on 18.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NPCTray] C:\Programfiler\Norman\npc\bin\npc_tray.exe /LOAD

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [b8139427] rundll32.exe "C:\WINDOWS\system32\lhtlhvne.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Programfiler\DNA\btdna.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1207925789640

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

snippsat · 18. april 2008

Hei!

Ja du har noe grums,må ha en logg som går grundigere til verks.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

fenderebest · 18. april 2008

Askeladdantivirus...hehe bra navn!

Og uten å ha peiling på Hijackthis logger vil jeg si at lhtlhvne.dll virker mistenkelig....Herr SNIPPSAT hjelper deg nok med dette!

AvidGamer · 18. april 2008

Det er bare et popup reklame. Husker å fått den selv på et par sider, men da pleier de sitene å være temmelig tvilsomme. Porno eller amatør video sider (ala YouTube), eller gamecracks sider osv osv.

Bruk Opera eller Firefox så ser du den ikke lenger.

Endret 18. april 2008 av AvidGamer

snippsat · 18. april 2008

Det er bare et popup reklame

Det er nok mere enn det AvidGamer :whistle:

Endret 18. april 2008 av SNIPPSAT

manna420 · 18. april 2008

Aller først takker og bukker for alle tilbakemeldingene til nå. Her er loggen fra Compfix som foreslått.

ComboFix 08-04-17.1 - Numan 2008-04-18 19:28:57.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.341 [GMT 2:00]

Running from: C:\Documents and Settings\Numan\Skrivebord\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\cookies.ini

C:\WINDOWS\system32\envhlthl.ini

C:\WINDOWS\system32\fccdbXQJ.dll

C:\WINDOWS\system32\JQXbdccf.ini

C:\WINDOWS\system32\JQXbdccf.ini2

C:\WINDOWS\system32\lhtlhvne.dll

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\oiifphuc.dll

C:\WINDOWS\system32\urqRHATJ.dll

.

((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))

.

2008-04-17 16:29 . 2008-04-17 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab Setup Files

2008-04-17 15:51 . 2008-04-17 15:51 <DIR> d-------- C:\WINDOWS\Sun

2008-04-17 15:50 . 2008-04-17 16:01 <DIR> d-------- C:\Programfiler\Google

2008-04-14 21:16 . 2008-02-18 11:16 30,464 --------- C:\WINDOWS\system32\drivers\SET43.tmp

2008-04-13 23:42 . 2008-04-13 23:42 <DIR> d-------- C:\Programfiler\BitTorrent

2008-04-13 23:42 . 2008-04-16 23:55 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\DNA

2008-04-13 23:42 . 2008-04-16 13:07 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\BitTorrent

2008-04-13 19:12 . 2008-04-13 19:12 <DIR> d-------- C:\WINDOWS\ShellNew

2008-04-13 19:12 . 2008-04-13 19:12 382 --a------ C:\WINDOWS\ODBC.INI

2008-04-13 19:11 . 2008-04-13 19:11 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\Microsoft Web Folders

2008-04-13 00:46 . 2008-04-13 12:57 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\.ABC

2008-04-13 00:45 . 2008-04-14 18:44 <DIR> d-------- C:\Programfiler\ABC

2008-04-13 00:25 . 2004-08-04 08:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-12 22:40 . 2008-04-12 22:47 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\Azureus

2008-04-12 22:40 . 2008-04-12 22:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Azureus

2008-04-12 22:39 . 2008-04-12 22:50 <DIR> d-------- C:\Programfiler\Azureus

2008-04-12 22:12 . 2008-04-14 21:18 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\Apple Computer

2008-04-12 22:12 . 2008-04-18 19:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-04-12 22:12 . 2008-04-12 22:12 1,409 --a------ C:\WINDOWS\QTFont.for

2008-04-12 22:11 . 2008-04-12 22:11 <DIR> d-------- C:\Programfiler\iTunes

2008-04-12 22:11 . 2008-04-12 22:11 <DIR> d-------- C:\Programfiler\iPod

2008-04-12 22:11 . 2008-04-12 22:11 <DIR> d-------- C:\Programfiler\Bonjour

2008-04-12 22:10 . 2008-04-12 22:11 <DIR> d-------- C:\Programfiler\QuickTime

2008-04-12 22:10 . 2008-04-12 22:10 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-04-12 22:10 . 2008-04-12 22:10 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-04-12 22:10 . 2008-04-12 22:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-04-12 22:10 . 2008-04-12 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-04-12 22:10 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-04-12 15:58 . 2004-08-04 08:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-04-12 15:58 . 2004-08-04 08:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-04-12 15:58 . 2008-04-12 15:58 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-04-12 15:58 . 2008-04-12 15:58 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-04-12 15:52 . 2008-04-12 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations

2008-04-12 15:50 . 2008-04-12 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite

2008-04-12 15:50 . 2008-04-12 15:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nokia

2008-04-12 15:49 . 2008-04-12 15:49 <DIR> d-------- C:\Programfiler\DIFX

2008-04-12 15:49 . 2008-04-12 15:50 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\PC Suite

2008-04-12 15:49 . 2008-04-12 15:51 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\Nokia

2008-04-12 15:49 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll

2008-04-12 15:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-04-12 15:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-04-12 15:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-04-12 15:05 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll

2008-04-12 14:02 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

2008-04-11 20:45 . 2008-04-12 21:08 <DIR> d-------- C:\Documents and Settings\Numan\Contacts

2008-04-11 20:44 . 2008-04-17 16:18 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-11 20:42 . 2008-04-17 16:19 <DIR> d-------- C:\Programfiler\Windows Live

2008-04-11 20:42 . 2008-04-11 20:44 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-04-11 20:41 . 2008-04-11 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-04-11 17:51 . 2008-04-11 17:51 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\MSN6

2008-04-11 17:51 . 2008-04-11 17:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MSN6

2008-04-11 17:45 . 2008-04-11 17:45 <DIR> d-------- C:\Programfiler\Fellesfiler\xing shared

2008-04-11 17:45 . 2008-04-11 17:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Real

2008-04-11 17:45 . 2008-04-18 17:57 <DIR> d-------- C:\Program Files

2008-04-11 17:44 . 2008-04-11 17:44 <DIR> d-------- C:\Programfiler\VideoLAN

2008-04-11 17:44 . 2008-04-11 17:44 <DIR> d-------- C:\Documents and Settings\Numan\Programdata\vlc

2008-04-11 17:39 . 2008-04-11 17:39 <DIR> d-------- C:\Documents and Settings\NetworkService\Start-meny

2008-04-11 17:34 . 2006-06-14 10:47 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2008-04-11 17:34 . 2006-02-15 02:22 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2008-04-11 17:34 . 2006-06-14 11:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-11 17:34 . 2004-08-04 08:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-11 17:34 . 2001-08-17 23:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2008-04-11 17:34 . 2004-08-04 08:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2008-04-11 17:34 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-04-11 17:34 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-04-11 17:34 . 2004-08-04 08:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2008-04-11 17:33 . 2004-08-04 10:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2008-04-11 17:33 . 2004-08-04 09:54 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-04-11 17:33 . 2004-08-04 08:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2008-04-11 17:33 . 2001-08-17 23:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

2008-04-11 17:32 . 2008-04-17 16:04 <DIR> d-------- C:\Programfiler\Norman

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> dr------- C:\Documents and Settings\Default User\Start-meny

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d--h----- C:\Documents and Settings\Default User\Skrivere

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d-------- C:\Documents and Settings\Default User\Skrivebord

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d--h----- C:\Documents and Settings\Default User\Siste

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> dr-h----- C:\Documents and Settings\Default User\Programdata

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d-------- C:\Documents and Settings\Default User\Mine dokumenter

2008-04-11 17:32 . 2008-04-11 16:37 <DIR> d--h----- C:\Documents and Settings\Default User\Maler

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> dr-h----- C:\Documents and Settings\Default User\Lokale innstillinger

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d-------- C:\Documents and Settings\Default User\Favoritter

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d--h----- C:\Documents and Settings\Default User\AndrMask

2008-04-11 17:32 . 2008-04-13 19:12 <DIR> dr------- C:\Documents and Settings\All Users\Start-meny

2008-04-11 17:32 . 2008-04-12 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Skrivebord

2008-04-11 17:32 . 2008-04-18 17:38 <DIR> dr-h----- C:\Documents and Settings\All Users\Programdata

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d--h----- C:\Documents and Settings\All Users\Maler

2008-04-11 17:32 . 2008-04-11 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Favoritter

2008-04-11 17:32 . 2008-04-11 16:38 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenter

2008-04-11 17:16 . 2008-04-11 17:16 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny

2008-04-11 17:12 . 2008-04-11 18:31 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-04-11 17:11 . 2008-04-11 17:11 <DIR> d-------- C:\WINDOWS\provisioning

2008-04-11 17:11 . 2008-04-11 17:11 <DIR> d-------- C:\WINDOWS\peernet

2008-04-11 17:10 . 2008-04-11 17:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-04-11 17:07 . 2008-04-11 17:07 <DIR> d-------- C:\WINDOWS\EHome

2008-04-11 17:04 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

2008-04-11 17:04 . 2004-08-04 01:03 11,776 --------- C:\WINDOWS\system32\spnpinst.exe

2008-04-11 17:04 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig

2008-04-11 17:04 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat

2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-11 16:37 --------- d-----w C:\Programfiler\uTorrent

2008-04-11 16:31 --------- d-----w C:\Programfiler\Winamp

2008-04-11 16:31 --------- d-----w C:\Documents and Settings\Numan\Programdata\Winamp

2008-04-11 14:54 --------- d-----w C:\Programfiler\Realtek Sound Manager

2008-04-11 14:54 --------- d-----w C:\Programfiler\AvRack

2008-04-11 14:53 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-04-11 14:52 --------- d-----w C:\Programfiler\Gigabyte

2008-04-11 14:46 --------- d-----w C:\Programfiler\ATI Technologies

2008-04-11 14:45 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-04-11 14:39 --------- d-----w C:\Programfiler\microsoft frontpage

2008-04-11 14:39 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-04-11 14:38 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-02-18 09:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:03 15360]

"BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00 315392]

"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]

"NPCTray"="C:\Programfiler\Norman\npc\bin\npc_tray.exe" [ ]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-04-11 17:45 185896]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-04-01 20:49 36352]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:03 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHATJ]

urqRHATJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-11 17:45 185896 C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Messenger\\msmsgs.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\BitTorrent\\bittorrent.exe"=

"C:\\Programfiler\\ABC\\abc.exe"=

"C:\\Documents and Settings\\All Users\\Programdata\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.321\\English\\setup.exe"=

S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-18 19:32:54

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 4

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-04-18 19:35:26 - machine was rebooted

ComboFix-quarantined-files.txt 2008-04-18 17:35:23

Pre-Run: 23,322,918,912 byte ledig

Post-Run: 23,928,872,960 byte ledig

.

2008-04-12 13:19:16 --- E O F ---

snippsat · 18. april 2008

Kopiere fet tekst->lim inn i notisblokk.

Lagre på skrivebordet som CFScript.txt.

Gjør som på bildet,Post logg c:\combofix.txt

File::

C:\WINDOWS\system32\drivers\SET43.tmp

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHATJ]

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

Du her en gammel ver av hjt.

Last ned ny HijackThis

Restart og ny hijackthis logg.

Endret 18. april 2008 av SNIPPSAT

snippsat · 18. april 2008

Da er det klart,surra litt

Endret 18. april 2008 av SNIPPSAT

manna420 · 18. april 2008

her er loggen etter å ha dragga CFSCRIPT filen på combofix. I dette øyeblikket har ikke jeg scannet med CCleaner enda.

ComboFix 08-04-17.1 - Numan 2008-04-18 21:37:08.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.318 [GMT 2:00]

Running from: C:\Documents and Settings\Numan\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Numan\Skrivebord\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\system32\drivers\SET43.tmp