Theresese Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Jeg har virus, men virusprogrammet greier ikke å fjerne det. Tror jeg lastet viruset ned fra LimeWire, fordi dataen klikker og det kommer opp masse blå streker når jeg skal bruke iTunes. Har F-secure Client Security virusprogram i tillegg til Norton. Med F-secure har jeg prøvd å desinfisere og slette viruset, men det kommer bare opp feilmeldinger. Hva skal jeg gjøre? Lenke til kommentar
Duqe Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Jeg ville brukt kun 1 virusprogram så det ikke blir konflikt mellom programvarene. I ditt tilfelle ville jeg avinstallert f-secure, norton og installert AVG istedet. Men husk også å oppdatere AVG før bruk. http://free.grisoft.com/doc/downloads-prod...s/frt/0?prd=aff Lenke til kommentar
Skagen Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Tråden var feilpostet og har blitt flyttet til riktig kategori. (Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres pr. PM/melding) Lenke til kommentar
snippsat Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Last ned HijackThis legg i egen mappe på skrivebordet. Start programmet og velg "Trykk scan og save log" . Loggfilen kopierer du og limer inn i posten din. Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst. Lenke til kommentar
Duqe Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Jeg har virus, men virusprogrammet greier ikke å fjerne det. Tror jeg lastet viruset ned fra LimeWire, fordi dataen klikker og det kommer opp masse blå streker når jeg skal bruke iTunes. Har F-secure Client Security virusprogram i tillegg til Norton. Med F-secure har jeg prøvd å desinfisere og slette viruset, men det kommer bare opp feilmeldinger. Hva skal jeg gjøre? De blå strekene høres ut som det er noe feil med grafikken. Hvilket skjermkort har du? Er det bærbar eller stasjonær pc du har? Lenke til kommentar
Theresese Skrevet 19. mars 2008 Forfatter Del Skrevet 19. mars 2008 Er jeg nødt å avinnstallere F-secure? Har fått det gratis hos skolen og kan ha det i tre år. Greit å ha det der liksom. Aner ikke hvilket skjermkort jeg har, men jeg har en helt vanlig bærbar datamaskin, fujitsu siemens. Skal laste ned hijack scan, så får vi se ;p Hvordan kan jeg unngå virus? Lenke til kommentar
snippsat Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Hvordan kan jeg unngå virus? Tar litt om det etter vi har fått rensket opp Lenke til kommentar
Theresese Skrevet 19. mars 2008 Forfatter Del Skrevet 19. mars 2008 Vet ikke om jeg limer inn rett fil nå, men det var en lang notisblokk-fil fra det der hijack. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:29:02, on 20.03.2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\s3trayp.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\F-Secure\common\FSM32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\LimeWire\LimeWire.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1 O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7135 bytes Lenke til kommentar
snippsat Skrevet 19. mars 2008 Del Skrevet 19. mars 2008 Det så jo bra ut dette ikke noe virus-spyware og se. Kan kjøre combofix denne går litt grundigere tilverks. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
Theresese Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 Dette var det jeg fikk opp, veldig lang: ComboFix 08-03-18.1 - Therese 2008-03-20 1:12:58.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.1121 [GMT 1:00] Running from: C:\Users\Public\Documents\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-20 00:28 . 2008-03-20 00:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-17 17:13 . 2008-03-17 17:14 <DIR> d-------- C:\Program Files\iTunes 2008-03-17 17:13 . 2008-03-17 17:13 <DIR> d-------- C:\Program Files\iPod 2008-03-14 10:01 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-14 10:01 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-11 19:59 . 2008-03-11 19:59 <DIR> d-------- C:\Program Files\iTunes(7) 2008-03-11 19:59 . 2008-03-11 19:59 <DIR> d-------- C:\Program Files\iPod(6) 2008-03-11 19:55 . 2008-03-11 19:55 <DIR> d-------- C:\Program Files\Bonjour 2008-03-11 19:53 . 2008-03-11 19:54 <DIR> d-------- C:\Program Files\QuickTime 2008-03-07 19:36 . 2008-03-07 19:36 <DIR> d-------- C:\Users\Therese\AppData\Roaming\Kunnskapsforlaget 2008-03-07 11:58 . 2008-03-07 11:58 <DIR> d-------- C:\Users\Therese\ordnettPluss 2008-03-07 11:48 . 2008-03-07 11:51 29 --a------ C:\Windows\System32\GetWord.ini 2008-03-07 11:46 . 2008-03-19 18:11 <DIR> d-------- C:\Users\All Users\OrdnettPluss 2008-03-07 11:46 . 2008-03-19 18:11 <DIR> d-------- C:\ProgramData\OrdnettPluss 2008-03-07 11:46 . 2008-03-07 11:46 <DIR> d-------- C:\Program Files\Kunnskapsforlaget 2008-03-04 18:06 . 2008-03-04 18:06 0 --a------ C:\Windows\nsreg.dat 2008-02-29 18:00 . 2008-02-29 18:46 1,690 --a------ C:\error.htm 2008-02-29 18:00 . 2008-02-29 18:00 0 --a------ C:\infect.htm 2008-02-29 11:24 . 2008-03-19 18:01 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-02-29 11:18 . 2008-02-29 11:18 <DIR> d-------- C:\Users\All Users\Symantec 2008-02-29 11:18 . 2008-02-29 11:18 <DIR> d-------- C:\ProgramData\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 17:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-03-19 16:54 --------- d-----w C:\Users\Therese\AppData\Roaming\OpenOffice.org2 2008-03-18 14:45 --------- d-----w C:\Users\Therese\AppData\Roaming\LimeWire 2008-03-14 23:36 --------- d-----w C:\Program Files\Windows Mail 2008-03-08 21:16 --------- d-----w C:\Program Files\Java 2008-02-18 10:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-02-17 02:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-17 02:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-17 02:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-17 02:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-17 02:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-17 02:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-17 02:10 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys 2008-02-17 02:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-17 02:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-17 02:09 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-17 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-17 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-17 02:09 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-17 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-17 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-17 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-17 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-17 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-17 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-17 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-17 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-17 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-17 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-17 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-01-22 10:55 --------- d-----w C:\Program Files\EA GAMES 2008-01-09 23:15 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-09-23 10:48 174 --sha-w C:\Program Files\desktop.ini 2007-09-19 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-19 17:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-19 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 00:15 1232896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-02-26 18:15 149040] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-20 15:25 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-20 07:22 1006264] "S3Trayp"="S3trayp.exe" [2006-12-15 14:04 176128 C:\Windows\System32\s3trayp.exe] "HDAudDeck"="C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-01-02 10:28 471040] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 09:22 155648] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 19:46 153136] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 12:06 741376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27 895600] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EB2699C2-78BF-4292-8764-681AE7E74001}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{43E6490D-F1A3-46A1-87C5-AF22DEAB1B6A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{DB1252F4-D64E-4A3F-BDF2-596EF46409F7}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "TCP Query User{78A2CF80-BD18-44CE-B8D0-51E3605330BF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{A47AD385-054D-42AF-AFE4-DE3ACC444DA7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{8DD15560-BCFE-4725-83B0-8EAACBCBD5F7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{9E39B153-E9FB-40E5-B91F-D7AC2CA81BFA}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{C7D6B01A-6BFD-403A-8AC2-6BAFF1E9A273}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{7CD3BD52-0A98-4676-AACA-803EBF9C5A03}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{99174701-0BFF-4AB3-8279-4CF20E26DAE8}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{56FBBE9E-A0E8-4B44-982B-AE7F79C6404A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{7A6294DE-1946-40A6-BBD0-D91890A231CC}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{43F7A428-3015-4A70-A6BF-ECC19FD2ACC7}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{2F32DF61-F9D7-4DB5-BDF7-21994A901ADC}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{EE8325CC-7220-4592-91A1-2634CBAEA4AC}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{94CA3085-49BF-40DD-AC53-C6360B71EA7A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{2CEBB291-3B21-4E77-9716-6CB1D8995078}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "TCP Query User{D70183A5-F870-495A-8D98-89CED33B7A5A}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{D91A7C76-BEA4-4052-A318-7A3607D843F5}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{467AC104-C55E-43F5-8D25-F8BC25685E0C}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{BE270857-31B1-4451-8B7C-BD49E6AA8395}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "{802F9941-A0FD-43BC-9815-7E37D5C3B759}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{ED1BA613-470B-44FA-92A7-7B75F81B0273}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A11CD6A4-7A27-474D-A212-EC922693B371}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{19606683-7CAF-40B4-BD6B-746D1AC17F70}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{2CFF4324-F7E6-4BAC-A906-6658D752C5B3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{3486771E-DAB4-4A46-A28C-E31F71DCF816}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{F3411370-94F4-44E2-8B89-0B2A964564EC}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{DEAA6566-8BE7-47C4-9BB0-75661EDBF59C}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 18:52] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 16:39] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 22:47] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2006-12-20 15:00] R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-02-05 13:53] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2f444b-670b-11dc-ad3d-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-03-19 18:46:35 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-03-19 18:46:45 C:\Windows\Tasks\Oppdater Ordnett Pluss.job" - C:\Program Files\Kunnskapsforlaget\Ordnett Pluss\updater.exe "2008-03-20 00:00:39 C:\Windows\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-20 01:16:04 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe 1???????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-03-20 1:17:08 . 2008-03-14 23:35:12 --- E O F --- Lenke til kommentar
snippsat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post logg c:\combofix.txt File:: C:\infect.htm E:\Autorun.exe Folder:: C:\Program Files\Common Files\Symantec Shared C:\Users\All Users\Symantec C:\ProgramData\Symantec C:\Program Files\Norton Security Scan Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2f444b-670b-11dc-ad3d-806e6f6e6963}] "shell\AutoRun\command - E:\Autorun.exe"=- Last ned oppdatere og kjør full scan SAS free Last ned kjør CCleaner Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere xx. Kjør register-renser og. Fjern filer viss f-secure har satt noen i karantene. Kjør nå scann med f-scure. Meld ifra med filnavn viss den finner noe. Noen ganger finner antivirus noe som kalles false/posetiv. Dette er ikke virus,men antivirus kan ta dem for det. Endret 20. mars 2008 av SNIPPSAT Lenke til kommentar
Theresese Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 (endret) Her er loggen fra Combofix: ComboFix 08-03-18.1 - Therese 2008-03-20 11:35:49.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1044.18.958 [GMT 1:00] Running from: C:\Users\Public\Documents\ComboFix.exe Command switches used :: C:\Users\Therese\Desktop\CFScript.txt..txt * Created a new restore point FILE :: C:\infect.htm E:\Autorun.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\infect.htm C:\Program Files\Common Files\Symantec Shared C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.grd C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.sig C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.spm C:\Program Files\Norton Security Scan C:\Program Files\Norton Security Scan\ccL70U.dll C:\Program Files\Norton Security Scan\ccScanw.dll C:\Program Files\Norton Security Scan\ccVrTrst.dll C:\Program Files\Norton Security Scan\dec_abi.dll C:\Program Files\Norton Security Scan\DefUtDCD.dll C:\Program Files\Norton Security Scan\ecmldr32.dll C:\Program Files\Norton Security Scan\help.htm C:\Program Files\Norton Security Scan\Microsoft.VC80.CRT.manifest C:\Program Files\Norton Security Scan\msl.dll C:\Program Files\Norton Security Scan\msvcp80.dll C:\Program Files\Norton Security Scan\msvcr80.dll C:\Program Files\Norton Security Scan\Nss.exe C:\Program Files\Norton Security Scan\patch25d.dll C:\Program Files\Norton Security Scan\SAUpdt.dll C:\Program Files\Norton Security Scan\ScanCore.dll C:\Program Files\Norton Security Scan\ScanRes.dll C:\Program Files\Norton Security Scan\SKURes.dll C:\ProgramData\Symantec C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\CATALOG.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\CCERASER.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ECMSVR32.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\EECTRL.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.GRD C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.SIG C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.SPM C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ESRDEF.BIN C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\HH C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\hub.scr C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVENG.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVENG32.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVEX15.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVEX32A.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NCSACERT.TXT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SCRAUTH.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMAVENG.CAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMAVENG.INF C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMERASE.CAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMERASE.INF C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCDEFS.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCSCAN7.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCSCAN8.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCSCAN9.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TECHNOTE.TXT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TINF.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TINFIDX.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TINFL.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TSCAN1.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TSCAN1HD.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\V.GRD C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\V.SIG C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN.INF C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN1.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN2.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN3.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN4.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN5.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN6.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN7.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN8.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN9.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCANT.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\WHATSNEW.TXT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ZDONE.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\CATALOG.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\CCERASER.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ECMSVR32.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\EECTRL.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.GRD C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.SIG C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.SPM C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ESRDEF.BIN C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\HH C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\hub.scr C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVENG.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVENG32.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVEX15.SYS C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVEX32A.DLL C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NCSACERT.TXT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SCRAUTH.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMAVENG.CAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMAVENG.INF C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMERASE.CAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMERASE.INF C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCDEFS.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCSCAN7.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCSCAN8.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCSCAN9.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TECHNOTE.TXT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TINF.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TINFIDX.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TINFL.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TSCAN1.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TSCAN1HD.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\V.GRD C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\V.SIG C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN.INF C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN1.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN2.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN3.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN4.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN5.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN6.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN7.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN8.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN9.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCANT.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\WHATSNEW.TXT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ZDONE.DAT C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\catalog.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\hh C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\technote.txt C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinf.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.grd C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.sig C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan.inf C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\zdone.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\definfo.dat C:\ProgramData\Symantec\Definitions\SymcData\virusdefs-2.5-e\usage.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\CATALOG.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\CCERASER.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ECMSVR32.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\EECTRL.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.GRD C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.SIG C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.SPM C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ERASER.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ESRDEF.BIN C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\HH C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\hub.scr C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVENG.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVENG32.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVEX15.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NAVEX32A.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\NCSACERT.TXT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SCRAUTH.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMAVENG.CAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMAVENG.INF C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMERASE.CAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\SYMERASE.INF C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCDEFS.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCSCAN7.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCSCAN8.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TCSCAN9.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TECHNOTE.TXT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TINF.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TINFIDX.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TINFL.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TSCAN1.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\TSCAN1HD.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\V.GRD C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\V.SIG C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN.INF C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN1.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN2.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN3.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN4.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN5.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN6.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN7.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN8.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCAN9.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\VIRSCANT.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\WHATSNEW.TXT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080318.009\ZDONE.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\CATALOG.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\CCERASER.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ECMSVR32.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\EECTRL.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.GRD C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.SIG C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.SPM C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ERASER.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ESRDEF.BIN C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\HH C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\hub.scr C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVENG.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVENG32.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVEX15.SYS C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NAVEX32A.DLL C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\NCSACERT.TXT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SCRAUTH.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMAVENG.CAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMAVENG.INF C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMERASE.CAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\SYMERASE.INF C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCDEFS.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCSCAN7.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCSCAN8.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TCSCAN9.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TECHNOTE.TXT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TINF.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TINFIDX.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TINFL.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TSCAN1.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\TSCAN1HD.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\V.GRD C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\V.SIG C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN.INF C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN1.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN2.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN3.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN4.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN5.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN6.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN7.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN8.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCAN9.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\VIRSCANT.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\WHATSNEW.TXT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\20080319.003\ZDONE.DAT C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\catalog.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\hh C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\technote.txt C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinf.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.grd C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\v.sig C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan.inf C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\zdone.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\definfo.dat C:\Users\All Users\Symantec\Definitions\SymcData\virusdefs-2.5-e\usage.dat E:\Autorun.exe . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))) . 2008-03-20 11:28 . 2008-03-20 11:28 <DIR> d-------- C:\Users\Therese\AppData\Roaming\SUPERAntiSpyware.com 2008-03-20 11:28 . 2008-03-20 11:28 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-03-20 11:28 . 2008-03-20 11:28 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-03-20 11:28 . 2008-03-20 11:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-03-20 11:27 . 2008-03-20 11:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-20 00:28 . 2008-03-20 00:28 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-17 17:13 . 2008-03-17 17:14 <DIR> d-------- C:\Program Files\iTunes 2008-03-17 17:13 . 2008-03-17 17:13 <DIR> d-------- C:\Program Files\iPod 2008-03-14 10:01 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-03-14 10:01 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-03-11 19:59 . 2008-03-11 19:59 <DIR> d-------- C:\Program Files\iTunes(7) 2008-03-11 19:59 . 2008-03-11 19:59 <DIR> d-------- C:\Program Files\iPod(6) 2008-03-11 19:55 . 2008-03-11 19:55 <DIR> d-------- C:\Program Files\Bonjour 2008-03-11 19:53 . 2008-03-11 19:54 <DIR> d-------- C:\Program Files\QuickTime 2008-03-07 19:36 . 2008-03-07 19:36 <DIR> d-------- C:\Users\Therese\AppData\Roaming\Kunnskapsforlaget 2008-03-07 11:58 . 2008-03-07 11:58 <DIR> d-------- C:\Users\Therese\ordnettPluss 2008-03-07 11:48 . 2008-03-07 11:51 29 --a------ C:\Windows\System32\GetWord.ini 2008-03-07 11:46 . 2008-03-19 18:11 <DIR> d-------- C:\Users\All Users\OrdnettPluss 2008-03-07 11:46 . 2008-03-19 18:11 <DIR> d-------- C:\ProgramData\OrdnettPluss 2008-03-07 11:46 . 2008-03-07 11:46 <DIR> d-------- C:\Program Files\Kunnskapsforlaget 2008-03-04 18:06 . 2008-03-04 18:06 0 --a------ C:\Windows\nsreg.dat 2008-02-29 18:00 . 2008-02-29 18:46 1,690 --a------ C:\error.htm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 16:54 --------- d-----w C:\Users\Therese\AppData\Roaming\OpenOffice.org2 2008-03-18 14:45 --------- d-----w C:\Users\Therese\AppData\Roaming\LimeWire 2008-03-14 23:36 --------- d-----w C:\Program Files\Windows Mail 2008-03-08 21:16 --------- d-----w C:\Program Files\Java 2008-02-18 10:16 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys 2008-02-17 02:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-17 02:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-17 02:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-17 02:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-17 02:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-17 02:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-17 02:10 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys 2008-02-17 02:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-17 02:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-17 02:09 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-17 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-17 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-17 02:09 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-17 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-17 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-17 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-17 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-17 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-17 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-17 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-17 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-17 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-17 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-17 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-01-22 10:55 --------- d-----w C:\Program Files\EA GAMES 2008-01-09 23:15 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-09-23 10:48 174 --sha-w C:\Program Files\desktop.ini 2007-09-19 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-19 17:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-19 17:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-03-20_ 1.16.43.48 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-19 23:00:39 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-03-20 10:41:22 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-03-20 10:28:28 18,944 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-03-20 10:28:29 65,024 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2008-03-20 00:00:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-03-20 10:43:05 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-03-19 18:49:02 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-03-20 10:45:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-03-20 10:45:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-03-20 00:11:52 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat + 2008-03-20 10:44:27 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat - 2008-03-20 00:15:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-03-20 10:45:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-03-19 23:00:47 212,642 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-03-20 10:12:51 213,392 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 00:15 1232896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-02-26 18:15 149040] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-20 15:25 171448] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-20 07:22 1006264] "S3Trayp"="S3trayp.exe" [2006-12-15 14:04 176128 C:\Windows\System32\s3trayp.exe] "HDAudDeck"="C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe" [2007-01-02 10:28 471040] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-12 09:22 155648] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 19:46 153136] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 12:06 741376] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2007-08-27 14:28 182952] "F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2007-08-27 14:27 895600] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 23:01:50 734872] Hurtigstart for Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 00:48:20 40048] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{EB2699C2-78BF-4292-8764-681AE7E74001}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{43E6490D-F1A3-46A1-87C5-AF22DEAB1B6A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{DB1252F4-D64E-4A3F-BDF2-596EF46409F7}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "TCP Query User{78A2CF80-BD18-44CE-B8D0-51E3605330BF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{A47AD385-054D-42AF-AFE4-DE3ACC444DA7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{8DD15560-BCFE-4725-83B0-8EAACBCBD5F7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{9E39B153-E9FB-40E5-B91F-D7AC2CA81BFA}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{C7D6B01A-6BFD-403A-8AC2-6BAFF1E9A273}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{7CD3BD52-0A98-4676-AACA-803EBF9C5A03}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{99174701-0BFF-4AB3-8279-4CF20E26DAE8}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{56FBBE9E-A0E8-4B44-982B-AE7F79C6404A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{7A6294DE-1946-40A6-BBD0-D91890A231CC}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{43F7A428-3015-4A70-A6BF-ECC19FD2ACC7}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{2F32DF61-F9D7-4DB5-BDF7-21994A901ADC}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{EE8325CC-7220-4592-91A1-2634CBAEA4AC}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{94CA3085-49BF-40DD-AC53-C6360B71EA7A}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "UDP Query User{2CEBB291-3B21-4E77-9716-6CB1D8995078}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare "TCP Query User{D70183A5-F870-495A-8D98-89CED33B7A5A}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{D91A7C76-BEA4-4052-A318-7A3607D843F5}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{467AC104-C55E-43F5-8D25-F8BC25685E0C}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{BE270857-31B1-4451-8B7C-BD49E6AA8395}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "{802F9941-A0FD-43BC-9815-7E37D5C3B759}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{ED1BA613-470B-44FA-92A7-7B75F81B0273}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A11CD6A4-7A27-474D-A212-EC922693B371}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{19606683-7CAF-40B4-BD6B-746D1AC17F70}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{2CFF4324-F7E6-4BAC-A906-6658D752C5B3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{3486771E-DAB4-4A46-A28C-E31F71DCF816}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{F3411370-94F4-44E2-8B89-0B2A964564EC}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= UDP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary "UDP Query User{DEAA6566-8BE7-47C4-9BB0-75661EDBF59C}C:\\program files\\kunnskapsforlaget\\ordnett pluss\\lib\\ieembed.exe"= TCP:C:\program files\kunnskapsforlaget\ordnett pluss\lib\ieembed.exe:JDesktop Integration Components binary [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2007-08-27 14:27] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 18:52] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 16:39] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 22:47] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2007-08-27 14:27] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2006-12-20 15:00] R3 S3GIGP;S3GIGP;C:\Windows\system32\DRIVERS\VTGKModeDX32.sys [2007-02-05 13:53] S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2007-08-27 14:27] S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2007-08-27 14:27] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2f444b-670b-11dc-ad3d-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-03-19 18:46:35 C:\Windows\Tasks\Norton Security Scan.job" - C:\Program Files\Norton Security Scan\Nss.exe "2008-03-20 10:44:45 C:\Windows\Tasks\Oppdater Ordnett Pluss.job" - C:\Program Files\Kunnskapsforlaget\Ordnett Pluss\updater.exe "2008-03-20 10:41:30 C:\Windows\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-Secure\ANTI-V~1\report.txt . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a> Rootkit scan 2008-03-20 11:46:23 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\system32\AUDIODG.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe C:\Program Files\F-Secure\Common\FSMA32.EXE C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\F-Secure\Common\FSMB32.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\F-Secure\Common\FCH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsqh.exe C:\Program Files\F-Secure\Common\FAMEH32.EXE C:\Program Files\F-Secure\Anti-Virus\fssm32.exe C:\Program Files\F-Secure\Common\FNRB32.EXE C:\Program Files\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\F-Secure\Common\FIH32.EXE C:\Program Files\F-Secure\Anti-Virus\fsav32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\F-Secure\FSGUI\fsguidll.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Windows\system32\consent.exe C:\Windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2008-03-20 11:48:33 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-20 10:48:26 ComboFix2.txt 2008-03-20 00:17:09 . 2008-03-14 23:35:12 --- E O F --- Skal kjøre SAS nå. Endret 20. mars 2008 av Theresese Lenke til kommentar
Theresese Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 Nå har jeg kjørt alt du sa, og f-secure fant ingen ting på siste scanning. Ccleaner fant tolv filer som ble slettet. Hvordan vet du alt dette? Lenke til kommentar
snippsat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 (endret) Ja viss pcen kjører greit. Kan du gjøre dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Anngådende sikkerhet. Du har f-secure som er bra. Til spyware her fortsetter du og bruke SAS. Opprydding her bruker du ccleaner. Defrag som er litt bedere enn win sin. Auslogics Disk Defrag + Free Registry Defrag Hvordan vet du alt dette? Litt intresse for dette Surf trygt Endret 20. mars 2008 av SNIPPSAT Lenke til kommentar
Theresese Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 Jeg fikk ikke til å gjhøre det med combofix. Det starter å kjøre automatisk. Lenke til kommentar
norbat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 (endret) Når du skriver combofix /u i kjør-feltet, så vil det starte opp for et lite øyeblikk for så og gi melding om at det er avinstallert. Programiconet vil forsvinne fra Skrivebordet. Endret 20. mars 2008 av norbat Lenke til kommentar
Theresese Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 Hvilket kjør- felt? Når jeg starter combofix kommer det opp et svart vindu og det begynner med en gang å kjøre. Det går ikke an å skrive noe. Kan jeg ikke bare slette på vanlig måte? Lenke til kommentar
Duqe Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 Hvilket kjør- felt? Når jeg starter combofix kommer det opp et svart vindu og det begynner med en gang å kjøre. Det går ikke an å skrive noe. Kan jeg ikke bare slette på vanlig måte? Trykk på start-baren deretter kjør eller run hvis du bruker engelsk OS. Lenke til kommentar
norbat Skrevet 20. mars 2008 Del Skrevet 20. mars 2008 Vistas 'kjør'-felt er det samme som 'Søk'-feltet (det 'skrivbare' feltet helt nederst når du klikker på Start-knappen) Lenke til kommentar
Theresese Skrevet 20. mars 2008 Forfatter Del Skrevet 20. mars 2008 Tusen takk for hjelpa alle sammen! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå