ROOT\LEGACY_H8SRTD.SYS000- er dette Virus!

billywillie · 4. januar 2010

Har fått et utropstegn i enhetsbehandling og prøver å finne drivere uten resultat. Etter litt googling mistenker jeg at dette er noe virus. Har kjørt combofix, malwarebytes og superantispyware men maskinen tuller jevnlig. Har også problem med oppstart da jeg får beskjed om at den ikke finner operativsystem

norbat · 4. januar 2010

Kunne du ha postet loggene som malwarebytes og Combofix laget?

h8srtd.sys er en trojan som er knyttet til rootkit.

billywillie · 4. januar 2010

Combofix sier at jeg ikke har recovery consol og spør om jeg vil laste ned og instalere men da får jeg bare feilmelding. Men her er loggene

ComboFix 10-01-03.05 - Turspesialisten AS 04.01.2010 13:30:09.3.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.446.128 [GMT 1:00]

Kjører fra: c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Skrivebord\Smarte ting\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100103-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-04 til 2010-01-04 )))))))))))))))))))))))))))))))))

.

2010-01-04 12:18 . 2010-01-04 12:18 -------- d-----w- c:\documents and settings\Administrator

2010-01-04 12:02 . 2010-01-04 12:02 -------- d-----w- C:\FOUND.056

2010-01-04 10:10 . 2010-01-04 10:10 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\FastStone

2010-01-04 10:10 . 2010-01-04 10:10 -------- d-----w- c:\programfiler\FastStone Image Viewer

2010-01-04 09:50 . 2010-01-04 09:50 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Lokale innstillinger\Programdata\HP

2010-01-03 19:03 . 2010-01-03 19:03 52224 ----a-w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-01-03 19:03 . 2010-01-03 19:03 117760 ----a-w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-03 19:01 . 2010-01-03 19:01 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com

2010-01-03 19:01 . 2010-01-03 19:01 -------- d-----w- c:\programfiler\SUPERAntiSpyware

2010-01-03 19:01 . 2010-01-03 19:01 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\SUPERAntiSpyware.com

2010-01-03 16:13 . 2010-01-03 16:13 5061520 ----a-w- c:\documents and settings\All Users\Programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-01-03 16:12 . 2010-01-03 16:12 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\Malwarebytes

2010-01-03 16:12 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 16:12 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 15:58 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys

2010-01-03 15:58 . 2001-08-17 20:57 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys

2010-01-03 15:57 . 2010-01-03 15:57 -------- d-----w- c:\programfiler\Motorola

2010-01-03 15:37 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-01-03 15:37 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-01-03 15:37 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-01-03 15:37 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr

2010-01-03 15:37 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-01-03 15:37 . 2009-11-24 23:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-01-03 15:37 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-01-03 15:37 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-01-03 15:37 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2010-01-03 14:42 . 2010-01-03 14:42 -------- d-sh--w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\IECompatCache

2010-01-03 14:41 . 2005-11-01 09:35 28672 ----a-r- c:\windows\system32\VModes.exe

2010-01-03 14:37 . 2005-11-01 03:15 163840 ----a-w- c:\windows\system32\VTTrayp.exe

2010-01-03 14:37 . 2005-03-08 02:33 53248 ----a-w- c:\windows\system32\VTTimer.exe

2010-01-03 14:37 . 2005-11-17 17:06 540672 ----a-w- c:\windows\system32\VTovrlay.dll

2010-01-03 14:37 . 2006-02-09 15:23 248704 ----a-w- c:\windows\system32\drivers\vtmini.sys

2010-01-03 14:37 . 2005-11-01 04:58 319488 ----a-w- c:\windows\system32\VTInfo2.dll

2010-01-03 14:37 . 2006-02-09 15:26 1875968 ----a-w- c:\windows\system32\vticd.dll

2010-01-03 14:37 . 2005-11-29 03:05 446464 ----a-w- c:\windows\system32\VTGamma2.dll

2010-01-03 14:37 . 2005-05-24 01:36 581632 ----a-w- c:\windows\system32\VTDisply.dll

2010-01-03 14:37 . 2006-02-09 15:23 3492864 ----a-w- c:\windows\system32\vtdisp.dll

2010-01-03 14:16 . 2008-04-14 16:49 37376 ----a-w- c:\windows\system32\drivers\isapnp.sys

2010-01-03 14:16 . 2008-04-14 16:49 37376 ----a-w- c:\windows\system32\dllcache\isapnp.sys

2010-01-03 12:49 . 2010-01-03 12:49 -------- d-----w- C:\FOUND.055

2010-01-02 16:45 . 2008-12-03 16:40 81408 ----a-w- c:\windows\system32\devcon_x64.exe

2010-01-02 16:45 . 2002-11-14 21:32 55808 ----a-w- c:\windows\system32\devcon.exe

2010-01-02 16:45 . 2010-01-02 16:45 -------- d-----w- c:\programfiler\Driver Checker

2010-01-02 16:19 . 2010-01-02 16:19 -------- d-----w- c:\documents and settings\All Users\Programdata\F-Secure

2010-01-02 15:24 . 2010-01-02 15:24 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-01-02 15:24 . 2010-01-02 15:24 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-01-02 15:16 . 2010-01-02 15:16 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys

2009-12-30 14:41 . 2009-12-30 14:41 -------- d-sh--w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\PrivacIE

2009-12-30 14:32 . 2009-12-30 14:32 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Lokale innstillinger\Programdata\CMO_V2_D-50

2009-12-30 14:31 . 2009-12-30 14:31 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\Skype

2009-12-30 14:22 . 2009-12-30 14:22 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000

2009-12-30 14:09 . 2009-12-30 14:09 -------- d-----r- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF\Mine dokumenter

2009-12-30 13:01 . 2009-07-12 17:25 -------- d--h--w- c:\documents and settings\TEMP\Programdata

2009-12-30 13:01 . 2009-07-12 17:25 -------- d--h--w- c:\documents and settings\TEMP\Lokale innstillinger

2009-12-30 13:01 . 2009-12-30 13:01 -------- d-----w- c:\documents and settings\TEMP

2009-12-30 11:00 . 2009-12-30 11:00 -------- d--h--r- c:\documents and settings\Turspesialisten AS\Siste

2009-12-29 19:01 . 2009-12-29 19:01 -------- d-----w- c:\programfiler\Fellesfiler\xing shared

2009-12-29 19:00 . 2009-12-29 19:00 -------- d-----w- c:\programfiler\Real

2009-12-29 19:00 . 2009-12-29 19:00 -------- d-----w- c:\programfiler\Fellesfiler\Real

2009-12-29 06:32 . 2009-12-29 06:32 552 ----a-w- c:\windows\system32\d3d8caps.dat

2009-12-28 02:41 . 2009-12-28 02:41 -------- d-----w- c:\windows\system32\XPSViewer

2009-12-28 02:41 . 2009-12-28 02:41 -------- d-----w- c:\programfiler\MSBuild

2009-12-28 02:41 . 2009-12-28 02:41 -------- d-----w- c:\programfiler\Reference Assemblies

2009-12-28 02:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2009-12-28 02:40 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-12-28 02:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-12-28 02:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-12-28 02:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-12-28 02:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-12-28 02:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll

2009-12-28 02:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2009-12-28 02:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-12-27 22:13 . 2009-12-27 22:13 -------- d-----w- C:\FOUND.054

2009-12-27 07:49 . 2009-12-27 07:49 -------- d-----w- C:\FOUND.053

2009-12-25 10:58 . 2009-12-25 10:58 -------- d-----w- c:\documents and settings\Turspesialisten AS\Tracing

2009-12-25 10:55 . 2009-12-25 10:55 -------- d-----w- c:\programfiler\Microsoft Silverlight

2009-12-25 10:55 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-12-25 10:52 . 2009-12-25 10:52 -------- d-----w- c:\programfiler\Windows Live SkyDrive

2009-12-25 10:32 . 2009-12-25 10:32 -------- d-----w- c:\programfiler\Microsoft Sync Framework

2009-12-25 10:32 . 2009-12-25 10:32 -------- d-----w- c:\programfiler\Microsoft

2009-12-25 10:30 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-12-25 10:30 . 2009-12-25 10:30 -------- d-----w- c:\programfiler\Microsoft SQL Server Compact Edition

2009-12-25 10:29 . 2009-12-25 10:29 -------- d-----w- c:\programfiler\Windows Live

2009-12-25 09:57 . 2009-12-25 09:57 -------- d-----w- c:\programfiler\Fellesfiler\Windows Live

2009-12-25 09:54 . 2009-12-25 09:54 -------- d-----w- C:\FOUND.052

2009-12-23 23:06 . 2009-12-23 23:06 -------- d-----w- C:\FOUND.051

2009-12-21 09:26 . 2009-12-21 09:26 -------- d-----w- C:\FOUND.050

2009-12-18 11:11 . 2009-12-18 11:11 -------- d-----w- C:\FOUND.049

2009-12-17 17:37 . 2009-12-17 17:37 -------- d-----w- C:\FOUND.048

2009-12-07 19:09 . 2010-01-02 16:30 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-12-07 18:47 . 2009-12-07 18:47 -------- d-----w- C:\FOUND.047

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-04 12:31 . 2009-07-12 17:12 88840 ----a-w- c:\windows\system32\perfc014.dat

2010-01-04 12:31 . 2009-07-12 17:12 465682 ----a-w- c:\windows\system32\perfh014.dat

2010-01-03 15:56 . 2010-01-02 16:47 364544 ----a-w- c:\windows\system32\sm56co81.dll

2010-01-03 15:56 . 2010-01-02 16:47 1090304 ----a-w- c:\windows\system32\drivers\smserial.sys

2010-01-03 15:55 . 2010-01-02 16:47 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS

2010-01-03 15:55 . 2010-01-02 16:47 10966528 ----a-w- c:\windows\system32\RTLCPL.EXE

2010-01-03 15:55 . 2010-01-02 16:47 598016 ----a-w- c:\windows\SOUNDMAN.EXE

2010-01-03 15:55 . 2010-01-02 16:47 147456 ----a-w- c:\windows\system32\RTLCPAPI.dll

2010-01-03 15:55 . 2010-01-02 16:47 284160 ----a-w- c:\windows\system32\RtkPgExt.dll

2010-01-03 15:55 . 2010-01-02 16:47 1767424 ----a-w- c:\windows\system32\RtkAPO.dll

2010-01-03 15:55 . 2010-01-02 16:47 217088 ----a-w- c:\windows\Alcrmv.exe

2010-01-03 15:55 . 2010-01-02 16:47 4071272 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS

2010-01-02 16:47 . 2010-01-02 16:47 598016 ----a-w- c:\windows\SET33.tmp

2009-12-30 14:24 . 2009-12-30 14:24 28264 ----a-w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-12-30 14:24 . 2009-12-30 14:24 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\Windows Desktop Search

2009-12-30 14:24 . 2009-12-30 14:24 162 ----a-w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Lokale innstillinger\Programdata\fusioncache.dat

2009-12-30 14:24 . 2009-12-30 14:24 -------- d-----w- c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Programdata\Windows Search

2009-12-28 09:18 . 2009-07-12 21:45 28264 ----a-w- c:\documents and settings\Turspesialisten AS\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-11-23 12:46 . 2009-11-23 12:46 -------- d-----w- c:\programfiler\IKEA HomePlanner

2009-11-23 12:44 . 2009-11-23 12:44 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard

2009-11-12 11:31 . 2009-11-12 11:31 16384 ------w- c:\documents and settings\Turspesialisten AS\Programdata\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xhamster.com

2009-11-12 11:31 . 2009-11-12 11:31 16384 ------w- c:\documents and settings\Turspesialisten AS\Programdata\Macromedia\Flash Player\#SharedObjects\6585YWW3\static.xhamster.com

2009-11-09 12:40 . 2009-11-09 12:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-11-09 12:40 . 2009-11-09 12:40 -------- d-----w- c:\documents and settings\Turspesialisten AS\Programdata\skypePM

2009-11-09 12:36 . 2009-11-09 12:36 -------- d-----w- c:\documents and settings\Turspesialisten AS\Programdata\Skype

2009-11-09 12:34 . 2009-11-09 12:34 -------- d-----w- c:\programfiler\Fellesfiler\Skype

2009-11-09 12:34 . 2009-11-09 12:34 -------- d-----r- c:\programfiler\Skype

2009-11-09 12:34 . 2009-11-09 12:34 -------- d-----w- c:\documents and settings\All Users\Programdata\Skype

2009-11-09 12:20 . 2009-11-09 12:20 -------- d-----w- c:\programfiler\Realtek Sound Manager

2009-11-09 12:20 . 2009-11-09 12:20 -------- d-----w- c:\programfiler\AvRack

2009-11-09 12:20 . 2009-11-09 12:20 -------- d-----w- c:\programfiler\Realtek AC97

2009-11-09 12:19 . 2009-11-09 12:19 32017861 ----a-w- C:\FTS_AudioRealtekALC655_51006120_1007193.ZIP

2009-11-09 10:58 . 2009-11-09 10:58 -------- d-----w- c:\programfiler\CCleaner

2009-10-29 07:45 . 2009-07-12 17:12 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 05:41 . 2009-07-12 17:11 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:41 . 2009-07-12 17:08 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-03 22:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:38 . 2009-07-12 17:10 270848 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:40 . 2009-07-12 17:10 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:40 . 2009-07-12 17:10 79872 ----a-w- c:\windows\system32\raschap.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-06 14:20 279944 ----a-w- c:\programfiler\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programfiler\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]

"SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-08-06 149280]

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2009-12-29 198160]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" [2005-11-01 163840]

"avast!"="c:\progra~2\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"SoundMan"="SOUNDMAN.EXE" [2010-01-03 598016]

"SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2010-01-03 1208320]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Turspesialisten AS\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

HP Image Zone Hurtigstart.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

ZDWLan Utility.lnk - c:\programfiler\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2009-7-13 487424]

HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [02.01.2010 16:16 33920]

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [03.01.2010 16:37 114768]

R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [16.12.2009 16:26 9968]

R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [16.12.2009 16:26 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [03.01.2010 16:37 20560]

R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [25.12.2009 11:55 54752]

R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [16.12.2009 16:27 7408]

S3 cmusbser;%CMUSBSER%;c:\windows\SYSTEM32\DRIVERS\cmusbser.sys [14.09.2009 23:48 87040]

S3 fsssvc;Windows Live Tryggere for familien-tjenesten;c:\programfiler\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-01-04 c:\windows\Tasks\User_Feed_Synchronization-{0EEA60C1-D977-40C2-A55F-A9902E55E938}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

------- Tilleggsskanning -------

.

IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-04 13:34

Windows 5.1.2600 Service Pack 3 FAT NTAPI

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\programfiler\SUPERAntiSpyware\SASWINLO.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3864)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tidspunkt ferdig: 2010-01-04 13:35:50

ComboFix-quarantined-files.txt 2010-01-04 12:35

Pre-Run: 44 744 196 096 byte ledig

Post-Run: 44 709 773 312 byte ledig

- - End Of File - - D0D1AB0376F9B6BF14D227E26B96B7DA

Malwarebytes' Anti-Malware 1.43

Databaseversjon: 3487

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

04.01.2010 13:15:18

mbam-log-2010-01-04 (13-15-18).txt

Skanntype: Rask Skann

Objekter skannet: 121138

Tid tilbakelagt: 8 minute(s), 13 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

norbat · 4. januar 2010

Combofix-loggen ser grei ut.

Fant combofix og mbam noe når du kjørte skanningen 1.gang?

billywillie · 4. januar 2010

Ja de fant masse men jeg fikk ikke startet maskinen da så jeg måtte koble harddisken inn på en annen maskin for å få få kjørt malwarebytes og superantispyware. Det merkelige er at loggene er borte. Windows var også ødelagt så jeg måtte kopiere en manglende fil i systemet for å få startet windows. (isapg). Prøver nå å kjøre full scan med MVB men maskinen kræsjer.

billywillie · 5. januar 2010

Har nå endelig fått kjørt mb i sikkerhetsmodus. Det merkelige er at for å komme inn i sikkerhetsmodus må jeg logge inn som admin eller vanlig bruker.Logget inn som admin men da var mbam borte både på skrivebordet og i mappen som jeg hadde lagt den i. Logget på som vanlig bruker og da funket det. Fikk kjørt Mbam og poster loggen her.Nå fikk jeg også kjørt combofiks uten krasj og poster loggen. Kjørte også en rootkitscanner mc.afee men turde ikke gjøre noe med det den fant. poster bilde.

ComboFix 10-01-04.01 - Turspesialisten AS 05.01.2010 14:41:41.4.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.446.174 [GMT 1:00]

Kjører fra: c:\documents and settings\Turspesialisten AS.TURSPESI-B4FBEF.000\Skrivebord\Smarte ting\ComboFix.exe

AV: avast! antivirus 4.8.1368 [VPS 100105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-05 til 2010-01-05 )))))))))))))))))))))))))))))))))

.

2010-01-04 22:39 . 2010-01-04 22:39 117760 ----a-w- c:\documents and settings\Administrator\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-01-04 22:39 . 2010-01-04 22:39 -------- d-----w- c:\documents and settings\Administrator\Programdata\SUPERAntiSpyware.com

2010-01-04 12:23 . 2010-01-04 12:24 -------- d-----w- c:\documents and settings\Administrator\Programdata\Windows Search

2010-01-04 12:19 . 2010-01-04 12:19 -------- d-----w- c:\documents and settings\Administrator\Tracing