waste Skrevet 16. desember 2006 Del Skrevet 16. desember 2006 (endret) for ca 2 mnd siden måtte jeg levere inn pc pga jeg ikke fikk startet pc, de på 'pc verkstedet' konkluderte med at hd var ødelagt, og derfor innstallerte de en ny hd. da jeg kommer hjem og skal innstallere windows 2000, viser det seg snart at hd er full av virus, trojaner og ormer....med engang jeg har installert win2000 og nod32 antivirus, kommer den ene virusmeldingen etter den andre opp... hvordan er dette mulig?? sliter nå med diverse trojaner..ormer etc...som bl.a zctesmf.exe gzq.exe zta.exe .exe xnng.exe erepp.exe sabbys.exe etc etc etc etc alle er i winnt\system32 folderen.... noen tips til å fjerne alt dette? står i nod 32, at flere av problemene er skapt av IRC/sdbot, IRCbot, Poebot, etc etc også kommer det opp lsass.exe feilmelding i windows jeg har ikke så god peiling på pc fra før...håper noen kan hjelpe kan legge til at CPU er på 100% hele tiden Endret 16. desember 2006 av waste Lenke til kommentar
norbat Skrevet 16. desember 2006 Del Skrevet 16. desember 2006 (endret) Reinstaller og før du går på nett, kjører du inn alle oppdateringspakkene for win2000 (som du laster ned på forhånd slik at du har dem tilgjengelig). Endret 16. desember 2006 av norbat Lenke til kommentar
waste Skrevet 16. desember 2006 Forfatter Del Skrevet 16. desember 2006 (endret) Reinstaller og før du går på nett, kjører du inn alle oppdateringspakkene for win2000 (som du laster ned på forhånd slik at du har dem tilgjengelig). 7517048[/snapback] er ca bare 1 uke siden jeg hadde full reinstallasjon...jeg må installere OS på nytt 1 gang pr uke(gjort dette i flere uker nå)...får ofte blåskjerm hvordan får jeg til å laste ned alle oppdateringene uten at de installerer seg automatisk nå...? jeg kunne egentlig tenkt meg å bli kvitt ormene og virusene, for det er nok det som fører til blåskjerm 1 gang pr uke... edit: det merkelige er at hverken nod32 eller dr.web finner noe virus... men jeg veit jeg har lsass viruset fordi av og til får jeg bare 1 min på meg får pc blir skrudd av etc... Endret 16. desember 2006 av waste Lenke til kommentar
norbat Skrevet 16. desember 2006 Del Skrevet 16. desember 2006 (endret) SP 4 er vel den siste servicepakken. Vil tro at tidsmessig er det kjappere å reinstallere (du har jo gjort det mange ganger så du har sikkert god kontroll på det ). Blåskjerm kan skyldes flere ting, så det er ingen garanti for at dette skyldes virus. Det kan jo du få bekreftet/avkreftet når du evt. reinstaller og oppdaterer systemet ditt. Endret 16. desember 2006 av norbat Lenke til kommentar
waste Skrevet 16. desember 2006 Forfatter Del Skrevet 16. desember 2006 da er det nok mest sansynlig ikke virus vil jeg tro...? som forårsaker blåskjermen... har jo oppdatert systemet og reinstallert OS ørten gangen de siste ukene... Lenke til kommentar
norbat Skrevet 16. desember 2006 Del Skrevet 16. desember 2006 (endret) Og du oppdaterte systemet ditt før du gladelig surfet rundt på nettet? Vi kan godt prøve å fjerne evt. grums. Last ned Hijackthis og pakk det ut på skrivebordet. Før du kjører hijackthis.exe, forandrer du navnet til noe annet, eks. test.exe Loggen legger du ut her i posten Endret 16. desember 2006 av norbat Lenke til kommentar
waste Skrevet 16. desember 2006 Forfatter Del Skrevet 16. desember 2006 Og du oppdaterte systemet ditt før du gladelig surfet rundt på nettet? Vi kan godt prøve å fjerne evt. grums. Last ned Hijackthis og pakk det ut på skrivebordet. Før du kjører hijackthis.exe, forandrer du navnet til noe annet, eks. test.exe 7517242[/snapback] ja, oppdaterte win2000 etc + hadde brannmur + antivirus før jeg surfet rundt. nå viser det seg visst at dr.watson fant endel trojaner...måtte bare velge en dypere scanning enn express... skal prøve meg på hijackthis om et øyeblikk Lenke til kommentar
waste Skrevet 17. desember 2006 Forfatter Del Skrevet 17. desember 2006 Logfile of HijackThis v1.99.1 Scan saved at 14:49:11, on 17.12.2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINNT\system32\sstray.exe C:\WINNT\system32\internat.exe D:\drweb-cureit.exe C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX2\_start.exe C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX2\cureit.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\WinRAR\WinRAR.exe D:\test.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKCU\..\Run: [internat.exe] internat.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166288785437 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe her er hijackthis loggen.... Lenke til kommentar
norbat Skrevet 17. desember 2006 Del Skrevet 17. desember 2006 (endret) Last ned CCleaner, installer. Last ned SAS, installer og oppdater. Sørg for at du ser skjulte filer og mapper (kontrollpanel->mappealt.->vis->"vis skjulte filer og mapper") Kjør HJT og fix: O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm Slett fra utforsker (i bold): C:\WINNT\web\related.htm Kjør en rens med CCleaner Kjør en complete scan med SAS Restart. Legg ut loggen fra SAS (preferences->statistics/logs) Loggen din ser forøvrig ren ut. Endret 17. desember 2006 av norbat Lenke til kommentar
waste Skrevet 17. desember 2006 Forfatter Del Skrevet 17. desember 2006 SAS står og kjører nå... får fortsatt meldinger fra NOD32 om at jeg har virus.... sender en logg over virus meldinger: Time Module Object Name Threat Action User Information 17.12.2006 18:00:36 AMON file C:\WINNT\system32\.exe a variant of Win32/Allaple.A worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 18:00:36 AMON file C:\WINNT\system32\hmupitw.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 18:00:35 AMON file C:\WINNT\system32\usbawhj.exe Win32/Virut.5127 virus quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 18:00:35 AMON file C:\WINNT\system32\lhjqv.exe Win32/Poebot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 18:00:33 AMON file C:\WINNT\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 15:20:34 AMON file C:\WINNT\system32\.exe a variant of Win32/Allaple.A worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:48:57 AMON file C:\WINNT\system32\.exe probably a variant of Win32/Allaple.A worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:42:42 AMON file C:\WINNT\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:39:33 AMON file C:\WINNT\system32\fokzujm.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a newly created file. The file was moved to quarantine. You may close this window. 17.12.2006 14:39:31 AMON file C:\WINNT\system32\TFTP1292 a variant of Win32/Rbot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\tftp.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:39:28 AMON file C:\WINNT\system32\xmtlpyfs.exe a variant of Win32/Poebot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:37:55 AMON file C:\WINNT\system32\xxnz.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:37:35 AMON file C:\WINNT\system32\wkssr.VV00exe Win32/IRCBot.TS trojan deleted ASYLUM-6U0NON6Q\therapy Event occurred at an attempt to access the file by the application: C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX2\cureit.exe. 17.12.2006 14:34:05 AMON file C:\WINNT\system32\tpotk.exe Win32/Virut.5127 virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:33:19 AMON file C:\WINNT\system32\rrus.exe a variant of Win32/Poebot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:29:32 AMON file C:\WINNT\system32\juufryv.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:29:27 AMON file C:\WINNT\system32\wgqjn.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:29:25 AMON file C:\WINNT\system32\wkssr.VV00exe Win32/IRCBot.TS trojan ASYLUM-6U0NON6Q\therapy Event occurred at an attempt to access the file by the application: C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX2\cureit.exe. 17.12.2006 14:29:22 AMON file C:\WINNT\system32\tvtkhzml.exe Win32/Virut.5127 virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:13:07 AMON file C:\WINNT\system32\mevypmzk.exe Win32/Poebot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:02:59 AMON file C:\WINNT\system32\ksydvdl.exe Win32/Virut.5127 virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:00:13 AMON file C:\WINNT\system32\ackufc.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 14:00:10 AMON file C:\WINNT\system32\.exe probably a variant of Win32/Allaple.A worm quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:53:09 AMON file C:\WINNT\system32\sld.exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:43:34 AMON file C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\WLKBW5O5\prevx[1].exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:43:24 AMON file C:\U.exe probably unknown NewHeur_PE virus quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:43:15 IMON file http://81.191.151.176:17938/prevx.exe probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM 17.12.2006 13:36:18 AMON file C:\WINNT\system32\epgej.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:34:57 AMON file C:\WINNT\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:32:37 AMON file C:\WINNT\system32\spt.exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:32:34 AMON file C:\WINNT\system32\TFTP480 a variant of Win32/Rbot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\tftp.exe. The file was moved to quarantine. You may close this window. 17.12.2006 13:24:42 AMON file C:\WINNT\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 17.12.2006 12:45:02 AMON file C:\WINNT\system32\phhx.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 22:07:25 AMON file C:\WINNT\system32\wkssr.Vexe Win32/IRCBot.TS trojan deleted ASYLUM-6U0NON6Q\therapy Event occurred at an attempt to access the file by the application: C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX1\cureit.exe. 16.12.2006 22:07:17 AMON file C:\WINNT\system32\wkssr.V02exe Win32/IRCBot.TS trojan deleted ASYLUM-6U0NON6Q\therapy Event occurred at an attempt to access the file by the application: C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX1\cureit.exe. 16.12.2006 22:07:14 AMON file C:\WINNT\system32\wkssr.V01exe Win32/IRCBot.TS trojan deleted ASYLUM-6U0NON6Q\therapy Event occurred at an attempt to access the file by the application: C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX1\cureit.exe. 16.12.2006 22:07:06 AMON file C:\WINNT\system32\wkssr.V00exe Win32/IRCBot.TS trojan renamed to C:\WINNT\system32\wkssr.VV00exe ASYLUM-6U0NON6Q\therapy Event occurred at an attempt to access the file by the application: C:\DOCUME~1\therapy\LOCALS~1\Temp\RarSFX1\cureit.exe. 16.12.2006 22:03:58 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan renamed to C:\WINNT\system32\wkssr.V02exe NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:03:55 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:03:47 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:03:42 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan renamed to C:\WINNT\system32\wkssr.V01exe (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:03:27 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:03:22 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan deleted (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:03:09 AMON file C:\WINNT\system32\mzaaaklm.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 22:03:00 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan renamed to C:\WINNT\system32\wkssr.V00exe (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:02:39 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan renamed to C:\WINNT\system32\wkssr.Vexe (after the next restart) NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:02:29 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:02:26 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\tftp.exe. The file was moved to quarantine. You may close this window. 16.12.2006 22:02:23 AMON file C:\WINNT\system32\wkssr.exe Win32/IRCBot.TS trojan NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINNT\system32\svchost.exe. 16.12.2006 22:02:18 AMON file C:\WINNT\system32\TFTP1212 Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\tftp.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:58:33 AMON file C:\WINNT\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:54:52 AMON file C:\WINNT\system32\zduzc.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:47:22 AMON file C:\WINNT\system32\gdllwekc.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:36:44 AMON file C:\WINNT\system32\tsdpjfvt.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:13:06 AMON file C:\WINNT\system32\rmrlg.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:12:22 AMON file C:\WINNT\system32\knfpermf.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:11:40 AMON file C:\WINNT\system32\gsy.exe IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:10:57 AMON file C:\WINNT\system32\lol.exe probably a variant of Win32/Rbot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\ftp.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:10:54 AMON file C:\WINNT\system32\fvxfay.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:10:10 AMON file C:\WINNT\system32\kaqjk.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:09:29 AMON file C:\WINNT\system32\wngeyzf.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:08:46 AMON file C:\WINNT\system32\fkzsci.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 21:08:02 AMON file C:\WINNT\system32\mced.exe Win32/IRCBot.TS trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 20:00:29 AMON file C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\AR2RYFKD\lemsrv[1].exe Win32/IRCBot.UZ trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 16.12.2006 19:59:40 AMON file C:\U.exe Win32/IRCBot.UZ trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 16.12.2006 19:58:31 AMON file C:\WINNT\system32\zctesmf.exe a variant of Win32/Poebot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 19:40:49 IMON file http://81.242.164.97:4611/lemsrv.exe Win32/IRCBot.UZ trojan quarantined - Connection terminated 16.12.2006 19:40:48 AMON file C:\WINNT\system32\gzq.exe IRC/SdBot trojan quarantined - deleted Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 18:21:09 AMON file C:\WINNT\system32\zta.exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 18:17:58 AMON file C:\WINNT\system32\ags.exe IRC/SdBot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 18:15:04 AMON file C:\WINNT\system32\.exe a variant of Win32/Spy.Agent.PY trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 16.12.2006 17:57:35 AMON file C:\WINNT\system32\xnng.exe Win32/IRCBot.TS trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 17:57:11 AMON file C:\WINNT\system32\gvmkim.exe a variant of Win32/Poebot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\svchost.exe. The file was moved to quarantine. You may close this window. 16.12.2006 17:56:33 AMON file C:\WINNT\system32\sabbxs.exe a variant of Win32/Poebot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. 16.12.2006 17:50:27 AMON file C:\WINNT\system32\erepp.exe a variant of Win32/Poebot trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINNT\system32\services.exe. The file was moved to quarantine. You may close this window. Lenke til kommentar
norbat Skrevet 17. desember 2006 Del Skrevet 17. desember 2006 Ønsker å se SAS-loggen samt en ny HJT-logg Lenke til kommentar
waste Skrevet 18. desember 2006 Forfatter Del Skrevet 18. desember 2006 (endret) rekker visst ikke å gjøre annet enn å reinstallere OS får ikke startet windows, det står: \winnt\system32\config\systemced file is missing or corrupt har installert OS 3 ganger siden i går kveld... har jeg verdens grusomte virus/orm installert?? begynner bli utrolig lei... Endret 18. desember 2006 av waste Lenke til kommentar
norbat Skrevet 18. desember 2006 Del Skrevet 18. desember 2006 Jeg vet ikke hvordan du foretar denne reinstalleringen av win2000, men om du gjør det riktig skal det _ikke_ være noe virus etc. på pc'n etter dette. Jeg forutsetter at du bruker en orginal win2000 cd (Med riktig reinstallering, mener jeg at du formaterer harddisken for deretter å installere OS) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå