Jippi. virus på maskinen, Vista crasher under windows oppstart.

[cppdude]

okay, så var jeg så forbanna dum og lasta ned Keygen. (http://www.domene-er-sensurert-av-moderator.com/crysis_multiplayer_crack.html om noen skulle lure eller se på)

lasta ned en keygen, skulle "pakke ut" alt, når alt var pakket ut så poppa kommando vindu opp, og kjørte 2 exe filer. (serial.exe og crack.exe)

 

så, hasta jeg meg inn på mappa, trykte på "readme" seff uten å se at det var en forbanna .bat fil i farta...jippi, satt å vente 2-3 sekund så kom den så fine BSOD'en opp.

 

maskinen restarter seg, men låser seg i startop vinduet FØR man passord felt kommer. står "Staring up" og loade icon på skjermen (er Vista det er prat om), går slik i ca. 30-40 sek og restart. om og om igjen.

 

starta windows opp i sikkerhetsmodus, åpner .bat fila i notepad, men der står bare disse kommandoene:

 

crack.exe

serial.exe

keygen.exe

install.exe

 

men eneste exe fila som finnes i mappa er keygen.exe ....hm?

 

Etter alt dette, så ser jeg at "Runner1" starter på windows oppstart, og en exe som heter "17PHolmes1535.exe"/"mrofinu1535.exe" kjører også, aldri sett de før nå.

 

men, mistenker at viruset fucka noe med driverne på noe i maskinen, ettersom at den kræsjer under oppstart.

 

noen ideer hva det kan være, eller hva som kan gjøres?

regner bare med at dette er et eldre virus, som bare er blitt endra navn på.

Endret 23. februar 2008 av Skagen
Sensurerte potensiell skadeklig link.

[Skagen]

Tråden var feilpostet og har blitt flyttet til riktig kategori.

Jeg gjør samtidig oppmerksom på at det kun skal diskuteres løsninger for virusinfeksjonen her, og ikke keygens og annet som bryter med retningslinjene #8.

 

(Vennligst ikke kommenter dette innlegget. Reaksjoner på moderering gjøres pr. PM/melding)

[snippsat]

Får du startet i normalmodus gjør du dette.

 

Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Do a system scan and save a logfile" .

Loggfilen kopierer du og limer inn i posten din.

 

I sikkerhet modus med nettverk.

Last ned oppdatere kjør SAS free

Post logg.

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

 

Se om normalmodus virker nå.

Endret 23. februar 2008 av SNIPPSAT

[cppdude]

heisann, her er hijackthis og combofix loggen.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:15:08, on 23.02.2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [NvExportOEMDefaults] RUNDLL32.EXE C:\Windows\system32\NVCPL.DLL,ExportOEMDefaults

O4 - HKLM\..\RunOnce: [NvRegisterMCTray] RUNDLL32.EXE C:\Windows\system32\NVMCTRAY.DLL,NvMCRegisterApp C:\Windows\system32\NvCpl.dll

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\games\steam\steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\apps\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 4218 bytes

 

 

 

 

 

 

combofixlog:

 

ComboFix 08-02-23.2 - jonathan 2008-02-23 17:55:54.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1607 [GMT 1:00]

Running from: C:\apps\ComboFix.exe

.

 

Unable to gain System Privileges

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Windows\System32\fgjlm.ini

C:\Windows\System32\fgjlm.ini2

C:\Windows\system32\ljhgdbx.dll

C:\Windows\system32\mljgf.dll

C:\Windows\system32\vtuspmk.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))

.

 

2008-02-23 17:54 . 2008-02-23 17:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-23 13:07 . 2008-02-23 13:08 1,905 --a------ C:\Windows\diagwrn.xml

2008-02-23 13:07 . 2008-02-23 13:08 1,905 --a------ C:\Windows\diagerr.xml

2008-02-23 12:27 . 2008-02-23 12:27 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-23 11:59 . 2008-02-23 11:59 <DIR> d-------- C:\Windows\LastGood.Tmp

2008-02-23 11:50 . 2008-02-23 11:50 <DIR> d-------- C:\tempvi

2008-02-23 10:19 . 2008-02-23 10:18 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys

2008-02-23 10:18 . 2008-02-23 10:18 <DIR> d-------- C:\Windows\Sun

2008-02-23 10:18 . 2008-02-23 10:22 <DIR> d-------- C:\Users\jonathan\.housecall6.6

2008-02-23 10:04 . 2008-02-23 10:04 58,368 --a------ C:\wpohl.exe

2008-02-23 10:04 . 2008-02-23 10:04 54,764 --a------ C:\Windows\system\tunnet.ocx

2008-02-23 10:04 . 2008-02-23 10:04 2 --a------ C:\-390778837

2008-02-22 01:01 . 2008-02-22 01:04 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\Winamp

2008-02-22 01:01 . 2008-02-23 10:04 <DIR> d-------- C:\Program Files\Winamp

2008-02-22 01:01 . 2007-03-08 00:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-02-22 00:57 . 2008-02-22 01:06 <DIR> d-------- C:\mp3

2008-02-19 08:53 . 2008-02-19 08:56 <DIR> d-------- C:\realfag

2008-02-19 08:06 . 2008-02-19 08:06 <DIR> dr-h----- C:\MSOCache

2008-02-19 08:05 . 2008-02-19 08:06 10,420,936 --a------ C:\xlviewer.exe

2008-02-15 18:57 . 2008-02-15 18:57 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\dvdcss

2008-02-15 05:09 . 2008-02-15 05:09 <DIR> d-------- C:\Users\All Users\Adobe

2008-02-15 05:09 . 2008-02-15 05:09 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-02-13 22:39 . 2008-02-17 21:15 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\Bioshock

2008-02-13 22:34 . 2008-02-13 22:34 <DIR> d-------- C:\Program Files\2K Games

2008-02-13 22:29 . 2008-02-13 22:30 2,686,232 --a------ C:\vcredist_x86.exe

2008-02-13 22:28 . 2008-02-13 22:28 <DIR> d-------- C:\Program Files\DAMN NFO Viewer

2008-02-13 22:28 . 2008-02-13 22:28 269,312 --a------ C:\DAMN_NFO_Viewer_v2-10-0032-RC3.exe

2008-02-12 07:51 . 2008-02-21 08:20 <DIR> d-------- C:\bilda

2008-02-11 05:42 . 2008-02-11 05:42 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\vlc

2008-02-11 03:41 . 2008-02-11 03:41 <DIR> d-------- C:\Program Files\VideoLAN

2008-02-09 06:10 . 2008-02-09 06:13 <DIR> d-------- C:\steamapps

2008-02-08 20:47 . 2008-02-23 03:27 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\Azureus

2008-02-08 20:47 . 2008-02-08 20:47 <DIR> d-------- C:\Users\All Users\Azureus

2008-02-08 20:47 . 2008-02-08 20:47 <DIR> d-------- C:\ProgramData\Azureus

2008-02-08 20:41 . 2008-02-08 20:41 <DIR> d-------- C:\Users\All Users\Google

2008-02-08 20:41 . 2008-02-08 21:11 <DIR> d-------- C:\Program Files\Google

2008-02-08 20:40 . 2008-02-08 20:40 <DIR> d-------- C:\Program Files\Java

2008-02-08 20:40 . 2008-02-08 20:40 <DIR> d-------- C:\Program Files\Common Files\Java

2008-02-08 20:40 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl

2008-02-08 20:35 . 2008-02-08 20:46 <DIR> d-------- C:\Program Files\Azureus

2008-02-08 20:30 . 2008-02-08 20:30 <DIR> d-------- C:\Program Files\GameSpy

2008-02-08 20:29 . 2008-02-08 20:29 <DIR> d-------- C:\Windows\System32\URTTEMP

2008-02-08 20:26 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll

2008-02-08 20:26 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll

2008-02-08 20:26 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll

2008-02-08 20:26 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll

2008-02-08 20:26 . 2008-02-08 21:09 674,600 --a------ C:\Windows\System32\pbsvc.exe

2008-02-08 20:26 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll

2008-02-08 20:26 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll

2008-02-08 20:26 . 2008-02-08 21:09 103,736 --a------ C:\Windows\System32\PnkBstrB.exe

2008-02-08 20:26 . 2008-02-08 21:09 66,872 --a------ C:\Windows\System32\PnkBstrA.exe

2008-02-08 20:26 . 2008-02-08 21:09 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys

2008-02-08 20:26 . 2008-02-08 21:09 22,328 --a------ C:\Users\jonathan\AppData\Roaming\PnkBstrK.sys

2008-02-08 20:24 . 2008-02-08 20:24 <DIR> d-------- C:\Users\All Users\Media Center Programs

2008-02-08 20:24 . 2008-02-08 20:24 <DIR> d-------- C:\ProgramData\Media Center Programs

2008-02-08 20:20 . 2008-02-08 20:20 <DIR> d-------- C:\Program Files\Electronic Arts

2008-02-08 20:01 . 2008-02-08 20:05 <DIR> d-------- C:\filmer

2008-02-08 10:52 . 2008-02-08 01:56 <DIR> d-------- C:\Windows\Panther

2008-02-08 10:52 . 2008-02-23 17:58 <DIR> d--hs---- C:\Boot

2008-02-08 10:52 . 2006-11-02 10:53 438,840 -rahs---- C:\bootmgr

2008-02-08 10:52 . 2008-02-08 10:52 8,192 -ra-s---- C:\BOOTSECT.BAK

2008-02-08 01:54 . 2008-02-07 19:06 <DIR> d-------- C:\Windows\Debug

2008-02-08 01:53 . 2008-02-23 10:06 141,192,289 --a------ C:\Windows\DUMP6580.tmp

2008-02-07 23:37 . 2008-02-07 23:37 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\DAEMON Tools

2008-02-07 23:02 . 2008-02-07 23:02 716,272 --a------ C:\Windows\System32\drivers\sptd.sys

2008-02-07 22:29 . 2008-02-09 06:35 <DIR> d-------- C:\Program Files\Common Files\Steam

2008-02-07 22:01 . 2008-02-07 22:01 <DIR> dr-h----- C:\Users\jonathan\AppData\Roaming\SecuROM

2008-02-07 22:01 . 2007-03-12 16:42 3,495,784 --a------ C:\Windows\System32\d3dx9_33.dll

2008-02-07 22:01 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll

2008-02-07 22:01 . 2007-03-12 16:42 1,123,696 --a------ C:\Windows\System32\D3DCompiler_33.dll

2008-02-07 22:01 . 2007-03-15 16:57 443,752 --a------ C:\Windows\System32\d3dx10_33.dll

2008-02-07 22:01 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll

2008-02-07 22:01 . 2008-02-07 22:01 107,888 --a------ C:\Windows\System32\CmdLineExt.dll

2008-02-07 22:01 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll

2008-02-07 21:57 . 2008-02-15 16:41 <DIR> d-------- C:\games

2008-02-07 21:54 . 2008-02-07 21:54 <DIR> d-------- C:\Program Files\Sierra Entertainment

2008-02-07 21:52 . 2008-02-07 21:52 <DIR> d-------- C:\Program Files\Opera

2008-02-07 21:46 . 2008-02-07 21:46 <DIR> d-------- C:\Windows\PCHEALTH

2008-02-07 21:43 . 2008-02-23 03:32 <DIR> d--hs---- C:\Windows\Installer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-07 18:11 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-02-07 18:11 315,392 ----a-w C:\Windows\HideWin.exe

2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Steam"="c:\games\steam\steam.exe" [2008-02-09 06:20 1266936]

"DAEMON Tools Lite"="C:\apps\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856]

"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-08 20:49 171448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 09:56 4493312 C:\Windows\RtHDVCpl.exe]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 02:30 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:30 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:30 81920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NvExportOEMDefaults"="C:\Windows\system32\NVCPL.DLL" [2007-11-07 02:30 8530464]

"NvRegisterMCTray"="C:\Windows\system32\NVMCTRAY.DLL" [2007-11-07 02:30 81920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

C:\Windows\mrofinu1535.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{EEB1216C-1D3F-492C-9607-3E69AC86A27F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

"{86984BCB-69E6-4F10-9087-081FF963E999}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict

"{076A67D7-D1DC-4BD6-825C-D21F05BE3ED9}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict

"{AC007167-950E-4467-9588-34EE6EC2589A}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only

"{F8DFB312-B86B-4573-98FF-B7D0AE91244B}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only

"{DE5D6EB7-51DB-4002-8B4C-70E2F89F6007}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server

"{42CFF767-2562-4845-8194-56DE3A1ED301}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server

"{0C231EEF-9591-4474-B0F7-3111B95CFDF7}"= UDP:C:\games\BF2 Game\BF2.exe:Battlefield 2

"{C94521E6-1824-4C2C-9633-FD0E5484EA64}"= TCP:C:\games\BF2 Game\BF2.exe:Battlefield 2

"{DC81D3DE-4861-49B8-88C6-37FA7D0199CE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{3F773331-A073-42EA-866B-83F14C8EC10C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E9C5DEAC-C478-46D9-9F3D-0D153DA5A317}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{BE1AAA88-DBBD-4769-A764-FEC45F4C46B6}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{5F3B83CD-C949-49AF-A1B6-B481C9896401}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"UDP Query User{9221BE1D-AC17-46A1-AE08-FEF070B26F14}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus

"TCP Query User{3872A3CB-13F2-4FB8-88B7-BF81D316AC6F}C:\games\steam\steamapps\common\call of duty 4\iw3mp.exe"= UDP:C:\games\steam\steamapps\common\call of duty 4\iw3mp.exe:iw3mp|Desc=iw3mp

"UDP Query User{E9976370-8A96-49D7-AF9D-ED3290946740}C:\games\steam\steamapps\common\call of duty 4\iw3mp.exe"= TCP:C:\games\steam\steamapps\common\call of duty 4\iw3mp.exe:iw3mp|Desc=iw3mp

"TCP Query User{B2BEDDD1-CF59-4B51-A04F-C28BE3795902}C:\games\soldier of fortune\sof3.exe"= UDP:C:\games\soldier of fortune\sof3.exe:sof3|Desc=sof3

"UDP Query User{9B0E000A-2085-4B9B-82B7-F2D2E43DA51B}C:\games\soldier of fortune\sof3.exe"= TCP:C:\games\soldier of fortune\sof3.exe:sof3|Desc=sof3

"TCP Query User{26EB7C44-0F6F-4A48-B171-9A85755F7CC2}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe"= UDP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis|Desc=Crysis

"UDP Query User{EFDFE4AA-5F5B-4696-913D-77B464092717}C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe"= TCP:C:\program files\electronic arts\crytek\crysis\bin32\crysis.exe:Crysis|Desc=Crysis

 

R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 06:42]

S1 tunnet;tunnet;C:\Windows\system\tunnet.ocx [2008-02-23 10:04]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-09 06:21]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ab00c11-d5cd-11dc-adc9-0019dbf76a9e}]

\shell\AutoRun\command - G:\LaunchU3.exe -a

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-23 18:04:54

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\helppane.exe

.

**************************************************************************

.

Completion time: 2008-02-23 18:06:15 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-23 17:06:12

 

 

---------------------------------------------------------------------------------------

 

 

akkurat denne: [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

C:\Windows\mrofinu1535.exe så litt skummel ut, for etter at jeg greide å få viruset, begynte denne å kjøre i bakgrunn. hmm....

[snippsat]

Sjekk disse filer her Jotti eller Virustotal

 

C:\Program Files\GameSpy\Comrade\Comrade.exe

 

C:\Windows\mrofinu1535.exe

Mulig at comofix fjernet denne.

Endret 23. februar 2008 av SNIPPSAT