Tenga.gen virus hjelp

[-Tommy14-]

Hei, jeg har Nod32 og den fant Tenga.gen virus hvordan blir jeg kvitt den, hjelp meg:(?

 

Jeg lurte også på om det er et program som sjekker prosesser

[snippsat]

Hei!

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

Helst med skjult tekst [1skjul] logg her [1/skjul] fjern 1 for skjult tekst.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

[-Tommy14-]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:10:09, on 22.04.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe

C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Programfiler\IBM\Messages By IBM\ibmmessages.exe

C:\WINDOWS\system32\SKDAEMON.EXE

C:\Programfiler\RAM Idle LE\RAM_XP.exe

C:\Programfiler\ESET\ESET Smart Security\egui.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe

C:\Programfiler\DisplayFusion\DisplayFusion.exe

C:\WINDOWS\winhlp32.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [smapp] C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [uC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "c:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [ibmmessages] c:\Programfiler\IBM\Messages By IBM\ibmmessages.exe

O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE

O4 - HKLM\..\Run: [startCCC] C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [RAM Idle Professional] C:\Programfiler\RAM Idle LE\RAM_XP.exe

O4 - HKLM\..\Run: [egui] "C:\Programfiler\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "C:\Programfiler\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DisplayFusion] "C:\Programfiler\DisplayFusion\DisplayFusion.exe"

O4 - HKCU\..\Run: [ibmmessages] C:\Programfiler\IBM\Messages By IBM\ibmmessages.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programfiler\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.tvkoo.com/update/UKooPlayer.ocx

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programfiler\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Programfiler\ESET\ESET Smart Security\ekrn.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 7450 bytes

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ComboFix 08-04-20.5 - --Tommy-- 2008-04-22 7:02:59.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.858 [GMT 2:00]

Running from: C:\Documents and Settings\--Tommy--\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\msssc.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))

.

 

2008-04-22 06:59 . 2008-04-22 06:59 <DIR> d-------- C:\Programfiler\Trend Micro

2008-04-21 22:34 . 2008-04-21 22:34 <DIR> dr-h----- C:\Documents and Settings\--Tommy--\Siste

2008-04-21 16:42 . 2008-04-21 16:42 <DIR> d-------- C:\DOOMS

2008-04-21 16:41 . 2008-04-21 16:41 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\WinRAR

2008-04-20 22:24 . 2008-04-20 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Creative

2008-04-20 21:58 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-04-20 21:55 . 2008-04-20 21:58 <DIR> d-------- C:\Programfiler\Creative

2008-04-20 19:58 . 2008-04-20 20:00 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Ventrilo

2008-04-20 13:58 . 2008-04-20 14:18 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\LimeWire

2008-04-19 16:29 . 2008-04-19 16:29 <DIR> d-------- C:\Programfiler\DAEMON Tools Lite

2008-04-19 10:21 . 2008-04-19 10:21 <DIR> d-------- C:\WINDOWS\Sun

2008-04-19 10:21 . 2008-04-19 10:21 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Sun

2008-04-18 22:28 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-04-18 22:26 . 2008-04-18 22:28 <DIR> d-------- C:\Programfiler\Java

2008-04-18 22:25 . 2008-04-18 22:28 <DIR> d-------- C:\Programfiler\LimeWire

2008-04-18 22:25 . 2008-04-18 22:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-04-18 16:16 . 2004-08-04 01:03 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-04-18 16:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-04-18 16:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

2008-04-18 16:16 . 2001-10-06 14:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-04-18 15:38 . 2008-04-18 15:38 <DIR> d-------- C:\Programfiler\Windows Live Toolbar

2008-04-18 15:36 . 2008-04-16 15:36 <DIR> d-------- C:\Documents and Settings\--Tommy--\Contacts

2008-04-18 15:35 . 2008-04-17 22:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-04-18 15:30 . 2008-04-18 15:35 <DIR> d-------- C:\Programfiler\Windows Live

2008-04-18 15:30 . 2008-04-18 15:34 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-04-18 15:30 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

2008-04-18 15:29 . 2008-04-21 22:42 <DIR> d-------- C:\Programfiler\Steam

2008-04-18 15:29 . 2008-04-15 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-04-18 15:27 . 2008-04-18 15:28 1,346 --a------ C:\WINDOWS\mozver.dat

2008-04-18 15:26 . 2006-03-17 02:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe

2008-04-18 15:25 . 2008-04-15 22:47 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-04-18 15:25 . 2008-04-18 15:25 <DIR> d-------- C:\Programfiler\TweakNow RegCleaner Std

2008-04-18 15:25 . 2008-04-18 15:25 <DIR> d-------- C:\Programfiler\RAM Idle LE

2008-04-18 15:25 . 2008-04-18 15:25 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Mozilla

2008-04-18 15:25 . 2002-09-22 12:42 17,408 --a------ C:\WINDOWS\Shortcut.exe

2008-04-18 15:25 . 2008-04-18 15:25 0 --a------ C:\WINDOWS\nsreg.dat

2008-04-18 15:24 . 2008-04-18 15:24 <DIR> d-------- C:\Programfiler\TweakNow WinSecret

2008-04-18 15:24 . 2008-04-18 15:24 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\TweakNow WinSecret

2008-04-18 15:23 . 2008-04-18 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ATI

2008-04-18 15:23 . 2008-04-18 15:23 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\ATI

2008-04-18 14:04 . 2008-04-18 14:10 <DIR> d-------- C:\Programfiler\Fellesfiler\ATI Technologies

2008-04-18 14:00 . 2007-06-29 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-04-18 13:58 . 2008-04-18 13:58 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny

2008-04-18 13:50 . 2008-04-18 13:50 <DIR> d-------- C:\WINDOWS\provisioning

2008-04-18 13:48 . 2008-04-18 13:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-04-18 13:47 . 2008-04-18 13:47 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Macromedia

2008-04-18 13:44 . 2008-04-18 13:44 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Adobe

2008-04-18 13:44 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-04-18 13:44 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002170_.tmp

2008-04-18 13:41 . 2008-04-18 13:41 <DIR> d-------- C:\WINDOWS\EHome

2008-04-18 12:48 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2008-04-18 12:48 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2008-04-18 12:48 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-04-18 12:48 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2008-04-18 12:48 . 2004-08-03 14:00 186,648 --a------ C:\WINDOWS\system32\wuaueng1.dll

2008-04-18 12:48 . 2004-08-03 13:59 169,240 --a------ C:\WINDOWS\system32\wuauclt1.exe

2008-04-18 12:48 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

2008-04-18 12:48 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2008-04-18 12:42 . 2008-04-18 12:42 <DIR> d---s---- C:\Documents and Settings\--Tommy--\UserData

2008-04-18 12:38 . 2008-04-18 12:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS

2008-04-18 12:38 . 2008-04-18 12:22 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

2008-04-18 12:38 . 2008-04-18 12:22 <DIR> d-------- C:\Documents and Settings\--Tommy--\WINDOWS

2008-04-18 12:38 . 2008-04-16 17:18 <DIR> dr------- C:\Documents and Settings\--Tommy--\Start-meny

2008-04-18 12:38 . 2003-03-11 00:08 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Skrivere

2008-04-18 12:38 . 2008-04-22 06:59 <DIR> d-------- C:\Documents and Settings\--Tommy--\Skrivebord

2008-04-18 12:38 . 2003-03-11 00:16 <DIR> dr-h----- C:\Documents and Settings\--Tommy--\SendTo

2008-04-18 12:38 . 2008-04-18 12:26 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Symantec

2008-04-18 12:38 . 2008-04-18 12:25 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Sonic

2008-04-18 12:38 . 2008-04-20 20:00 <DIR> d---s---- C:\Documents and Settings\--Tommy--\Programdata\Microsoft

2008-04-18 12:38 . 2003-03-11 00:23 <DIR> d-------- C:\Documents and Settings\--Tommy--\Programdata\Identities

2008-04-18 12:38 . 2008-04-21 22:26 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Programdata

2008-04-18 12:38 . 2008-04-21 19:22 <DIR> dr------- C:\Documents and Settings\--Tommy--\Mine dokumenter

2008-04-18 12:38 . 2003-03-11 00:08 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Maler

2008-04-18 12:38 . 2008-04-15 21:01 <DIR> d--h----- C:\Documents and Settings\--Tommy--\Lokale innstillinger

2008-04-18 12:38 . 2008-04-16 16:51 <DIR> dr------- C:\Documents and Settings\--Tommy--\Favoritter

2008-04-18 12:38 . 2008-04-21 23:54 <DIR> d---s---- C:\Documents and Settings\--Tommy--\Cookies

2008-04-18 12:38 . 2003-03-11 00:08 <DIR> d--h----- C:\Documents and Settings\--Tommy--\AndrMask

2008-04-18 12:38 . 2008-04-21 22:34 <DIR> d-------- C:\Documents and Settings\--Tommy--

2008-04-18 12:38 . 2008-04-22 07:05 196,608 --ah----- C:\Documents and Settings\--Tommy--\ntuser.dat.LOG

2008-04-18 12:38 . 2008-04-18 12:38 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG

2008-04-18 12:38 . 2008-04-18 12:38 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

2008-04-18 12:33 . 2008-04-18 12:33 <DIR> d--hs---- C:\Recycled

2008-04-18 12:33 . 2008-04-18 12:33 61 --a------ C:\WINDOWS\smscfg.ini

2008-04-18 12:31 . 2008-04-18 12:31 <DIR> d-------- C:\Programfiler\PC-Doctor for Windows

2008-04-18 12:31 . 2003-03-26 22:15 282,624 --a------ C:\WINDOWS\system32\PCDrSystemInformation.dll

2008-04-18 12:31 . 2003-02-03 17:23 122,880 --a------ C:\WINDOWS\system32\JavaAccessBridge.dll

2008-04-18 12:31 . 2003-03-26 20:23 94,208 --a------ C:\WINDOWS\system32\PcdrKernelModeServices.dll

2008-04-18 12:31 . 2003-03-26 20:24 77,824 --a------ C:\WINDOWS\system32\ProgressTrace.dll

2008-04-18 12:31 . 2003-02-03 17:23 69,632 --a------ C:\WINDOWS\system32\WindowsAccessBridge.dll

2008-04-18 12:31 . 2003-03-26 20:23 20,348 --a------ C:\WINDOWS\system32\drivers\pcdrsrvc.sys

2008-04-18 12:29 . 2008-04-18 12:29 <DIR> d-------- C:\Books

2008-04-18 12:27 . 2008-04-18 12:27 <DIR> d-------- C:\Programfiler\InterVideo

2008-04-18 12:27 . 2008-04-18 12:27 0 --ah----- C:\BOOTLOG.PRV

2008-04-18 12:26 . 2008-04-16 15:35 <DIR> d-------- C:\Programfiler\Symantec

2008-04-18 12:26 . 2008-04-16 15:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-04-18 12:26 . 2008-04-16 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec

2008-04-18 12:26 . 2008-04-18 12:26 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

2008-04-18 12:25 . 2008-04-18 12:25 <DIR> d-------- C:\temp\VIES4CD0

2008-04-18 12:25 . 2008-04-18 12:25 <DIR> d-------- C:\Programfiler\IBM RecordNow

2008-04-18 12:25 . 2008-04-18 12:25 <DIR> d-------- C:\Programfiler\IBM DLA

2008-04-18 12:25 . 2008-04-18 12:25 <DIR> d-------- C:\Programfiler\IBM

2008-04-18 12:25 . 2008-04-18 12:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Sonic

2008-04-18 12:25 . 2008-04-18 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ibm

2008-04-18 12:24 . 2008-04-21 19:18 <DIR> d-------- C:\Program Files

2008-04-18 12:24 . 2002-09-03 00:53 45,056 --a------ C:\WINDOWS\system32\IBMJavaPlugin140.cpl

2008-04-18 12:23 . 2008-04-18 12:23 <DIR> d-------- C:\WINDOWS\system32\SBUtils

2008-04-18 12:23 . 2008-04-18 12:23 <DIR> d-------- C:\Programfiler\SBApps

2008-04-18 12:23 . 2008-04-18 12:23 23 --a------ C:\WINDOWS\Welcome.ini

2008-04-18 12:22 . 1997-08-26 21:06 315,904 --a------ C:\WINDOWS\IsUninst.exe

2008-04-18 12:20 . 2008-04-18 12:20 <DIR> d-------- C:\Programfiler\CONEXANT

2008-04-18 12:19 . 2008-04-18 12:19 <DIR> d-------- C:\WINDOWS\Drivers

2008-04-18 12:19 . 2008-04-18 14:10 <DIR> d-------- C:\Programfiler\ATI Technologies

2008-04-18 12:16 . 2003-03-13 23:15 1,106,944 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys

2008-04-18 12:16 . 2003-03-13 23:17 622,592 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys

2008-04-18 12:16 . 2003-03-13 22:55 279,899 --a------ C:\WINDOWS\system32\drivers\hsf2002.cty

2008-04-18 12:16 . 2003-03-13 23:17 176,768 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys

2008-04-18 12:16 . 2002-12-11 18:49 69,632 --a------ C:\WINDOWS\system32\mdmxsdk.dll

2008-04-18 12:16 . 2002-10-30 03:33 27,786 --a------ C:\WINDOWS\system32\HSFCI005.dll

2008-04-18 12:16 . 2002-12-11 20:22 11,044 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys

2008-04-18 12:14 . 2008-04-18 12:33 333 --a------ C:\WINDOWS\system32\$ncsp$.inf

2008-04-18 12:13 . 2008-04-18 12:13 <DIR> d-------- C:\Programfiler\Analog Devices

2008-04-18 12:12 . 2008-04-18 12:12 522 --a------ C:\SYSLEVEL.IBM

2008-04-18 12:11 . 2002-10-16 09:52 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe

2008-04-18 12:07 . 2008-04-18 12:07 <DIR> d-------- C:\Programfiler\Intel

2008-04-18 12:07 . 2008-04-20 21:58 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-18 10:39 47 ----a-w C:\WINDOWS\system32\drivers\IBM_8194_D1G.MRK

2008-03-20 08:11 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:11 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 14:52 71,176 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2008-03-13 14:52 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-03-13 14:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:52 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:39 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-16 22:35 3,080,704 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-15 09:23 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe

2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]

"Steam"="C:\Programfiler\Steam\Steam.exe" [2008-04-18 15:30 1271032]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"DisplayFusion"="C:\Programfiler\DisplayFusion\DisplayFusion.exe" [2008-02-18 18:00 274432]

"ibmmessages"="C:\Programfiler\IBM\Messages By IBM\ibmmessages.exe" [2003-05-06 04:34 528384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mouse Suite 98 Daemon"="ICO.EXE" []

"Smapp"="C:\Programfiler\Analog Devices\SoundMAX\SMTray.exe" [2002-11-09 00:50 98304]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-03-20 19:15 315392]

"UC_SMB"="" []

"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-17 23:27 32768]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-05-05 10:04 114741]

"StorageGuard"="c:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-02-13 10:01 155648]

"ibmmessages"="c:\Programfiler\IBM\Messages By IBM\ibmmessages.exe" [2003-05-06 04:34 528384]

"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2002-07-02 01:24 40960 C:\WINDOWS\system32\SKDAEMON.EXE]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"RAM Idle Professional"="C:\Programfiler\RAM Idle LE\RAM_XP.exe" [2006-01-17 05:38 135168]

"egui"="C:\Programfiler\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dbf45ba-0bb5-11dd-9ebd-0060087bb225}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-04-17 20:34:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-04-22 04:08:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 07:05:11

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-04-22 7:06:22

ComboFix-quarantined-files.txt 2008-04-22 05:06:15

 

Pre-Run: 42,942,115,840 byte ledig

Post-Run: 43,424,190,464 byte ledig

 

222 --- E O F --- 2008-04-16 20:55:40

 

 

 

 

 

 

 

 

 

 

 

 

 

Sånn hva nå???

[snippsat]

Finn og slett.

C:\WINDOWS2170_.tmp

 

Slette gamle mapper fra norton.

C:\Documents and Settings\--Tommy--\Programdata\Symantec

C:\Programfiler\Symantec

C:\Programfiler\Fellesfiler\Symantec Shared

C:\Documents and Settings\All Users\Programdata\Symantec

 

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere 48t"

Kjør register-renser og.

 

Last ned oppdatere og kjør full scan SAS free

Post loggen fra SAS (preferences->statistics/logs)

 

Restart scann nå med nod32,finner den noe nå ta med plassering for den finner dette.

Gi tilbakemelding.

Endret 22. april 2008 av SNIPPSAT

[-Tommy14-]

Er det sånna at hvis viruset er i karante så kan det ikke gjøre noe??

[snippsat]

Du kan bare slette filer i karantene.

c:\progamfiler\eset\infected

 

Gjør det over og kjør nod32 så er detr bra tenker jeg.

[-Tommy14-]

fant ikke den mappen som innfected greia men filen ligger her i følge eset smart securty

 

Hvordan kommer jeg ditt????

eh.bmp

[snippsat]

Den ligger i temp mappe,det blir slettet når du kjører ccleaner(post 4)

 

Manuelt.

Start->søk->%temp%

Alt den finner på dette søket kan du slette.

Endret 22. april 2008 av SNIPPSAT

[-Tommy14-]

så det vil si at når jeg kjører ccleaner så har jeg fjernet viruset?

Det virker litt rart fordi den ligger forsatt i karantenen;/

[snippsat]

Plassering du viser til på bilde vil bli slettet.

Karantene filer kan du slette senere.