Kazento Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Jeg Bruke SUPERAntiSpyware og tok en full scan og skanna gjennom pcen. jeg fant en god del av spyware, trojanere osv. så etter scanne er ferdig og den skal fjerne alt så må man restarte pcen. jeg gjorde det og nå får jeg bare starta pcen i sikerhets modus Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Restart, klikk F8 under oppstart og velg å starte med 'Siste fungerende..........". Se om det får opp pc'n i normal modus. Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 det skjer ikke noe når jeg presser f8 under oppstart Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 ok jeg trykka på 'Siste fungerende.........." men jeg får blåskjerm når den prøver å boote når jeg har klikka på det også Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 Jeg har nå holdt på ei stund med å prøve litt selv.. bortsett fra å komme inn på pcen i sikkerhets modus så får jeg blåskjerm på alt jeg gjør. Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Du kan ordne dette med blåskjerm ved å kjøre en systemgjenoppretting fra sikker modus, men la oss prøve dette først: Start i sikker modus m/nettverk Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 jeg får ikke kjørt system gjenoppretting mene kan poste loggfil fra combofix snart Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 her er loggen fra combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-01.5 - Bruker 2008-07-03 0:21:02.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.306 [GMT 2:00] Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Bruker\services.exe C:\Documents and Settings\LocalService\Programdata\NetMon C:\Documents and Settings\LocalService\Programdata\NetMon\domains.txt C:\Documents and Settings\LocalService\Programdata\NetMon\log.txt C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\QnJ1a2Vy\ C:\WINDOWS\system32\fhQBHkkj.ini C:\WINDOWS\system32\fhQBHkkj.ini2 C:\WINDOWS\system32\hljwugsf.bin C:\WINDOWS\system32\jkkHBQhf.dll C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\wkukbpov.ini D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR -------\Service_cmdService -------\Service_Network Monitor ((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))) . 2008-07-02 22:37 . 2006-05-10 11:27 38,912 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-07-02 22:36 . 2004-08-12 14:57 248,320 --a------ C:\WINDOWS\system32\newdev.dll 2008-07-02 22:36 . 2004-08-12 14:57 248,320 --a------ C:\WINDOWS\system32\dllcache\newdev.dll 2008-07-02 22:36 . 2004-11-18 01:26 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2008-07-02 22:36 . 2004-11-18 01:26 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2008-07-02 22:36 . 2004-09-28 00:19 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2008-07-02 22:36 . 2004-08-28 00:00 39,936 --a------ C:\WINDOWS\system32\drivers\intelppm.sys 2008-07-02 22:36 . 2004-08-28 00:00 39,296 --a------ C:\WINDOWS\system32\drivers\processr.sys 2008-07-02 22:36 . 2008-07-02 22:36 1,681 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv9000 (RR111EA#UUW)_YN_0Pavi_QCNF6440RSJ_E416920091_46_I30B9_SQuanta_V65.2B_BF.3E_T071227_WXH2_L 14_M1023_J120_7AMD_8Turion 64 X2 Technology TL-52_91.61_#060823_N14E44312_(RR111EA#UUW).MRK 2008-07-02 22:35 . 2008-07-02 22:37 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-07-02 22:35 . 2004-09-30 19:51 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-02 22:15 . 2008-07-02 22:15 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste 2008-07-02 19:22 . 2008-07-02 19:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-02 19:22 . 2008-07-02 19:22 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-07-02 19:22 . 2008-07-02 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-02 19:21 . 2008-07-02 19:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-02 19:08 . 2008-07-02 19:41 <DIR> d-------- C:\WINDOWS\system32\yrt 2008-07-02 19:08 . 2008-07-02 19:41 <DIR> d-------- C:\WINDOWS\system32\pRI 2008-07-02 19:08 . 2008-07-02 19:08 <DIR> d-------- C:\WINDOWS\system32\modtrux18 2008-07-02 19:08 . 2008-07-02 19:08 <DIR> d-------- C:\TEMP\syschk3 2008-07-02 08:28 . 2008-07-02 08:28 244 --ah----- C:\sqmnoopt00.sqm 2008-07-02 08:28 . 2008-07-02 08:28 232 --ah----- C:\sqmdata00.sqm 2008-06-21 20:18 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-06-21 20:18 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-06-21 20:18 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-06-21 20:18 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-06-20 14:28 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-06-20 14:26 . 2008-06-20 14:26 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-06-20 14:21 . 2008-06-20 14:22 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-20 14:21 . 2008-06-20 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-06-20 14:20 . 2008-06-20 14:20 <DIR> dr-h----- C:\MSOCache 2008-06-12 20:44 . 2008-06-12 20:44 <DIR> d-------- C:\Programfiler\DNA 2008-06-12 20:44 . 2008-06-12 20:44 <DIR> d-------- C:\Programfiler\BitTorrent 2008-06-12 20:44 . 2008-07-02 19:42 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\DNA 2008-06-12 20:44 . 2008-06-13 14:48 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\BitTorrent 2008-06-11 12:18 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 12:18 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 23:44 . 2008-06-09 23:44 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\skypePM 2008-06-09 23:44 . 2008-06-09 23:44 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-09 23:43 . 2008-06-09 23:43 <DIR> d-------- C:\Programfiler\Skype 2008-06-09 23:43 . 2008-06-09 23:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-06-09 23:43 . 2008-06-10 11:30 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Skype 2008-06-09 23:43 . 2008-06-09 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype 2008-06-08 19:15 . 2008-06-08 19:15 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-06-05 14:34 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-06-04 09:56 . 2008-06-04 11:42 <DIR> d-------- C:\Diablo 2008-06-04 09:56 . 2008-06-04 09:56 86,528 --a------ C:\WINDOWS\bnetunin.exe 2008-06-04 09:56 . 2008-06-04 09:56 61,440 --a------ C:\WINDOWS\diabunin.exe 2008-06-03 15:53 . 2008-06-03 15:53 <DIR> d---s---- C:\Documents and Settings\Bruker\UserData 2008-06-03 14:48 . 2008-06-20 18:10 <DIR> d-------- C:\Documents and Settings\Bruker\Contacts 2008-06-03 14:43 . 2008-06-03 14:43 <DIR> d-------- C:\Programfiler\MSN Messenger 2008-06-03 09:27 . 2008-06-03 09:27 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Sonic 2008-06-03 09:27 . 2008-06-03 09:27 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Leadertech 2008-06-02 12:54 . 2008-06-02 13:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-06-02 12:54 . 2008-06-02 12:54 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM 2008-06-02 12:49 . 2008-06-02 12:49 <DIR> d-------- C:\Programfiler\Winamp 2008-06-02 12:49 . 2008-06-02 12:49 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Winamp 2008-06-02 12:49 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-06-02 12:49 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-02 12:49 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-02 12:47 . 2008-06-02 12:47 <DIR> d-------- C:\Programfiler\VideoLAN 2008-06-02 12:47 . 2008-06-02 12:47 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\vlc 2008-06-02 10:25 . 2008-06-02 10:25 <DIR> d-------- C:\Programfiler\LD-Anime 2008-06-02 10:24 . 2008-06-02 10:24 <DIR> d-------- C:\Programfiler\Combined Community Codec Pack 2008-06-02 09:23 . 2008-06-02 09:23 <DIR> d-------- C:\Programfiler\CESAM-Flash 2008-06-02 09:23 . 2008-06-02 09:23 <DIR> d-------- C:\Documents and Settings\Bruker\WINDOWS 2008-06-02 09:23 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe 2008-06-02 09:20 . 2008-06-02 09:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-06-02 09:03 . 2008-06-02 09:03 <DIR> d-------- C:\WINDOWS\Sun 2008-06-02 09:03 . 2008-06-02 09:03 <DIR> d-------- C:\Documents and Settings\Bruker\SystemRequirementsLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-02 20:35 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-06-28 13:27 --------- d-----w C:\Programfiler\World of Warcraft 2008-06-20 12:27 --------- d-----w C:\Programfiler\Microsoft Works 2008-06-02 06:50 --------- d-----w C:\Programfiler\Google 2008-05-27 01:39 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-05-27 01:38 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-27 07:04 171448] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-06-12 20:44 289088] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 21:03 36975] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016] "ccApp"="c:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-09-17 16:27 52848] "IS CfgWiz"="c:\Programfiler\Norton Internet Security\cfgwiz.exe" [2005-09-30 14:33 120464] "SSC_UserPrompt"="c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-09 04:45 218240] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= R0 laxfhvmm;laxfhvmm;C:\WINDOWS\system32\drivers\yyubqpwe.sys [2008-07-02 19:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19584927-37f2-11dd-b62c-001636a7a864}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee54c547-307c-11dd-b628-001636a7a864}] \Shell\Auto\command - F:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2006-08-23 02:37:22 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-03 00:25:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\yyubqpwe.sys 24064 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-07-03 0:26:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-02 22:26:21 Pre-Run: 61,579,255,808 byte ledig Post-Run: 61,675,581,440 byte ledig 192 --- E O F --- 2008-06-21 01:01:02 Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 (endret) Fortsett med følgende: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\bnetunin.exe C:\WINDOWS\diabunin.exe C:\WINDOWS\system32\drivers\yyubqpwe.sys Folder:: C:\WINDOWS\system32\yrt C:\WINDOWS\system32\pRI C:\WINDOWS\system32\modtrux18 C:\TEMP\syschk3 Driver:: laxfhvmm Blåskjermproblemet burde bli ordnet etter dette. Problemet skyldes driveren yyubqpwe.sys. Dette er en rootkit som fungerer som en driver - og som kjent er drivere en hyggig årsak til blåskjermer Endret 2. juli 2008 av norbat Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 jeg er inne på pcen vanlig igjen nå så tror at det meste burde fungere her er vertfall den nye loggen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-07-01.5 - Bruker 2008-07-03 1:22:53.2 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.711 [GMT 2:00] Running from: C:\Documents and Settings\Bruker\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Bruker\Skrivebord\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\bnetunin.exe C:\WINDOWS\diabunin.exe C:\WINDOWS\system32\drivers\yyubqpwe.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\TEMP\syschk3 C:\TEMP\syschk3\tdirp5.log C:\WINDOWS\bnetunin.exe C:\WINDOWS\diabunin.exe C:\WINDOWS\system32\drivers\yyubqpwe.sys C:\WINDOWS\system32\modtrux18 C:\WINDOWS\system32\modtrux18\modtrux182328.exe C:\WINDOWS\system32\pRI C:\WINDOWS\system32\yrt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LAXFHVMM -------\Service_laxfhvmm ((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 ))))))))))))))))))))))))))))))) . 2008-07-02 22:37 . 2006-05-10 11:27 38,912 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-07-02 22:36 . 2004-08-12 14:57 248,320 --a------ C:\WINDOWS\system32\newdev.dll 2008-07-02 22:36 . 2004-08-12 14:57 248,320 --a------ C:\WINDOWS\system32\dllcache\newdev.dll 2008-07-02 22:36 . 2004-11-18 01:26 240,128 --a------ C:\WINDOWS\system32\srrstr.dll 2008-07-02 22:36 . 2004-11-18 01:26 171,008 --a------ C:\WINDOWS\system32\srsvc.dll 2008-07-02 22:36 . 2004-09-28 00:19 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2008-07-02 22:36 . 2004-08-28 00:00 39,936 --a------ C:\WINDOWS\system32\drivers\intelppm.sys 2008-07-02 22:36 . 2004-08-28 00:00 39,296 --a------ C:\WINDOWS\system32\drivers\processr.sys 2008-07-02 22:36 . 2008-07-02 22:36 1,681 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv9000 (RR111EA#UUW)_YN_0Pavi_QCNF6440RSJ_E416920091_46_I30B9_SQuanta_V65.2B_BF.3E_T071227_WXH2_L 14_M1023_J120_7AMD_8Turion 64 X2 Technology TL-52_91.61_#060823_N14E44312_(RR111EA#UUW).MRK 2008-07-02 22:35 . 2004-09-30 19:51 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Programfiler\CCleaner 2008-07-02 22:15 . 2008-07-03 01:21 <DIR> dr-h----- C:\Documents and Settings\Bruker\Siste 2008-07-02 19:22 . 2008-07-02 19:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-02 19:22 . 2008-07-02 19:22 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\SUPERAntiSpyware.com 2008-07-02 19:22 . 2008-07-02 19:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-02 19:21 . 2008-07-02 19:21 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-02 08:28 . 2008-07-02 08:28 244 --ah----- C:\sqmnoopt00.sqm 2008-07-02 08:28 . 2008-07-02 08:28 232 --ah----- C:\sqmdata00.sqm 2008-06-21 20:18 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-06-21 20:18 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-06-21 20:18 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-06-21 20:18 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-06-20 14:28 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-06-20 14:26 . 2008-06-20 14:26 <DIR> d-------- C:\Programfiler\Microsoft.NET 2008-06-20 14:21 . 2008-06-20 14:22 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-06-20 14:21 . 2008-06-20 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help 2008-06-20 14:20 . 2008-06-20 14:20 <DIR> dr-h----- C:\MSOCache 2008-06-12 20:44 . 2008-06-12 20:44 <DIR> d-------- C:\Programfiler\DNA 2008-06-12 20:44 . 2008-06-12 20:44 <DIR> d-------- C:\Programfiler\BitTorrent 2008-06-12 20:44 . 2008-07-02 19:42 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\DNA 2008-06-12 20:44 . 2008-06-13 14:48 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\BitTorrent 2008-06-11 12:18 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 12:18 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 23:44 . 2008-06-09 23:44 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\skypePM 2008-06-09 23:44 . 2008-06-09 23:44 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-06-09 23:43 . 2008-06-09 23:43 <DIR> d-------- C:\Programfiler\Skype 2008-06-09 23:43 . 2008-06-09 23:43 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-06-09 23:43 . 2008-06-10 11:30 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Skype 2008-06-09 23:43 . 2008-06-09 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype 2008-06-08 19:15 . 2008-06-08 19:15 <DIR> d-------- C:\Programfiler\MSXML 4.0 2008-06-05 14:34 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-06-04 09:56 . 2008-06-04 11:42 <DIR> d-------- C:\Diablo 2008-06-03 15:53 . 2008-06-03 15:53 <DIR> d---s---- C:\Documents and Settings\Bruker\UserData 2008-06-03 14:48 . 2008-06-20 18:10 <DIR> d-------- C:\Documents and Settings\Bruker\Contacts 2008-06-03 14:43 . 2008-06-03 14:43 <DIR> d-------- C:\Programfiler\MSN Messenger 2008-06-03 09:27 . 2008-06-03 09:27 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Sonic 2008-06-03 09:27 . 2008-06-03 09:27 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Leadertech 2008-06-02 12:54 . 2008-06-02 13:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe 2008-06-02 12:54 . 2008-06-02 12:54 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\AdobeUM 2008-06-02 12:49 . 2008-06-02 12:49 <DIR> d-------- C:\Programfiler\Winamp 2008-06-02 12:49 . 2008-06-02 12:49 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\Winamp 2008-06-02 12:49 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-06-02 12:49 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-06-02 12:49 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-06-02 12:47 . 2008-06-02 12:47 <DIR> d-------- C:\Programfiler\VideoLAN 2008-06-02 12:47 . 2008-06-02 12:47 <DIR> d-------- C:\Documents and Settings\Bruker\Programdata\vlc 2008-06-02 10:25 . 2008-06-02 10:25 <DIR> d-------- C:\Programfiler\LD-Anime 2008-06-02 10:24 . 2008-06-02 10:24 <DIR> d-------- C:\Programfiler\Combined Community Codec Pack 2008-06-02 09:23 . 2008-06-02 09:23 <DIR> d-------- C:\Programfiler\CESAM-Flash 2008-06-02 09:23 . 2008-06-02 09:23 <DIR> d-------- C:\Documents and Settings\Bruker\WINDOWS 2008-06-02 09:23 . 1998-02-06 21:37 299,520 --a------ C:\WINDOWS\uninst.exe 2008-06-02 09:20 . 2008-06-02 09:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-06-02 09:03 . 2008-06-02 09:03 <DIR> d-------- C:\WINDOWS\Sun 2008-06-02 09:03 . 2008-06-02 09:03 <DIR> d-------- C:\Documents and Settings\Bruker\SystemRequirementsLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-02 20:35 --------- d-----w C:\Programfiler\Hewlett-Packard 2008-06-28 13:27 --------- d-----w C:\Programfiler\World of Warcraft 2008-06-20 12:27 --------- d-----w C:\Programfiler\Microsoft Works 2008-06-02 06:50 --------- d-----w C:\Programfiler\Google 2008-05-27 01:39 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-05-27 01:38 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:16 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-17 10:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe . ((((((((((((((((((((((((((((( snapshot@2008-07-03_ 0.26.11.28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-02 22:23:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-02 23:24:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23:00 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-27 07:04 171448] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-06-12 20:44 289088] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 21:03 36975] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 21:48 7561216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 21:48 86016] "ccApp"="c:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-09-17 16:27 52848] "IS CfgWiz"="c:\Programfiler\Norton Internet Security\cfgwiz.exe" [2005-09-30 14:33 120464] "SSC_UserPrompt"="c:\Programfiler\Fellesfiler\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-09 04:45 218240] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 07:01 761946] "QPService"="C:\Programfiler\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400] "HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "Cpqset"="C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 10:36 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "nwiz"="nwiz.exe" [2006-04-26 21:48 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 23:00 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Photosmart Premier Hurtigstart.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 09:39:30 73728] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19584927-37f2-11dd-b62c-001636a7a864}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee54c547-307c-11dd-b628-001636a7a864}] \Shell\Auto\command - F:\Start.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe *Newly Created Service* - COMHOST *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2006-08-23 02:37:22 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-03 01:25:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\Hewlett-Packard\Default Settings\cpqset.exe?????????????,?@??????W??????R?@?????,?@ scanning hidden files ... C:\DOCUME~1\Bruker\LOKALE~1\Temp\{d05c4f95-2f0d-4c77-b14e-d9ecb73fc02e} scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\System32\CSCDLL.dll . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programfiler\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE C:\Programfiler\Messenger\msmsgs.exe C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe C:\Programfiler\HP\Digital Imaging\bin\hpqimzone.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe . ************************************************************************** . Completion time: 2008-07-03 1:27:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-02 23:27:22 ComboFix2.txt 2008-07-02 22:26:25 Pre-Run: 61,637,861,376 byte ledig Post-Run: 60,538,687,488 byte ledig 220 --- E O F --- 2008-06-21 01:01:02 Lenke til kommentar
norbat Skrevet 2. juli 2008 Del Skrevet 2. juli 2008 Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "Bare slett midlertidige filer som er eldre enn 48 timer" Klikk på 'Renser' og deretter 'Kjør CCleaner'. Etter dette skulle det ikke være noe malware igjen. Du kan godt kjøre en ny scan med SAS for å se om det er noen leftover igjen. Kunne også tenkt meg å sett loggen SAS laget første gang (preferences->statistics/logs) Når alt fungerer greit, så tar du å fjerner combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Kazento Skrevet 2. juli 2008 Forfatter Del Skrevet 2. juli 2008 her er loggen Fra SAS fra rett før pcen klikka Klikk for å se/fjerne innholdet nedenfor SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/02/2008 at 07:41 PM Application Version : 4.15.1000 Core Rules Database Version : 3495 Trace Rules Database Version: 1486 Scan type : Complete Scan Total Scan Time : 00:15:53 Memory items scanned : 510 Memory threats detected : 9 Registry items scanned : 5388 Registry threats detected : 92 File items scanned : 13058 File threats detected : 95 Adware.Adservs C:\WINDOWS\QNJ1A2VY\ASAPPSRV.DLL C:\WINDOWS\QNJ1A2VY\ASAPPSRV.DLL C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\SYSTEM32\YRT\WESAMDIR.EXE C:\WINDOWS\Prefetch\WESAMDIR.EXE-178E8F0C.pf Trojan.Vundo-Variant/Small C:\WINDOWS\SYSTEM32\VOPBKUKW.DLL C:\WINDOWS\SYSTEM32\VOPBKUKW.DLL Trojan.Vundo-Variant/Small-GEN C:\WINDOWS\SYSTEM32\DDCBSJBX.DLL C:\WINDOWS\SYSTEM32\DDCBSJBX.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72142FF0-321A-4F58-BEE6-87F4D28479F9} HKCR\CLSID\{72142FF0-321A-4F58-BEE6-87F4D28479F9} HKCR\CLSID\{72142FF0-321A-4F58-BEE6-87F4D28479F9}\InprocServer32 HKCR\CLSID\{72142FF0-321A-4F58-BEE6-87F4D28479F9}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D8F380F-E933-4E5E-8646-CF8CD05AB32D} HKCR\CLSID\{7D8F380F-E933-4E5E-8646-CF8CD05AB32D} HKCR\CLSID\{7D8F380F-E933-4E5E-8646-CF8CD05AB32D}\InprocServer32 HKCR\CLSID\{7D8F380F-E933-4E5E-8646-CF8CD05AB32D}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{7D8F380F-E933-4E5E-8646-CF8CD05AB32D} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddcBSJbx Adware.Vundo Variant/Resident C:\WINDOWS\SYSTEM32\JKKHBQHF.DLL C:\WINDOWS\SYSTEM32\JKKHBQHF.DLL Unclassified.Unknown Origin C:\WINDOWS\QNJ1A2VY\COMMAND.EXE C:\WINDOWS\QNJ1A2VY\COMMAND.EXE C:\WINDOWS\Prefetch\COMMAND.EXE-09623654.pf Trojan.NetMon/DNSChange C:\PROGRAMFILER\NETWORK MONITOR\NETMON.EXE C:\PROGRAMFILER\NETWORK MONITOR\NETMON.EXE HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR00\Control#ActiveService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString C:\Programfiler\Network Monitor C:\WINDOWS\Prefetch\NETMON.EXE-29748A54.pf Trojan.Unclassified/IFTUYSZV C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE C:\WINDOWS\SYSTEM32\IFTUYSZV.EXE C:\WINDOWS\Prefetch\IFTUYSZV.EXE-1DAA5B99.pf Trojan.Unknown Origin C:\DOCUMENTS AND SETTINGS\BRUKER\LSASS.EXE C:\DOCUMENTS AND SETTINGS\BRUKER\LSASS.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run#LSA Shellu [ C:\Documents and Settings\Bruker\lsass.exe ] C:\DOCUMENTS AND SETTINGS\BRUKER\TEMPORARY INTERNET FILES\CONTENT.IE5\R2KCIW1K\INSTALLER[1].EXE C:\WINDOWS\QNJ1A2VY\KBLYUZPV.VBS C:\WINDOWS\UNINSTALL_NMON.VBS C:\WINDOWS\Prefetch\LSASS.EXE-07AB6BDF.pf Trojan.Downloader-Gen/MROFIN C:\WINDOWS\MROFINU1000106.EXE C:\WINDOWS\MROFINU1000106.EXE C:\WINDOWS\MROFINU1188.EXE Rogue.LiveSecurityCenter-Trace [Wallpaper] C:\WINDOWS\DEFAULT.HTM C:\WINDOWS\DEFAULT.HTM Parasite.CoolWebSearch Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} C:\WINDOWS\OLEHELP.EXE HTMLCore Module BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} CoolWebSearch Parasite Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} Adware.CoolWebSearch HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} Browser Hijacker.Tubby HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} ClientMan BHO HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} Adware.Tracking Cookie C:\Documents and Settings\Bruker\Cookies\bruker@adtech[1].txt C:\Documents and Settings\Bruker\Cookies\bruker@doubleclick[1].txt C:\Documents and Settings\Bruker\Cookies\[email protected][2].txt C:\Documents and Settings\Bruker\Cookies\bruker@advertising[1].txt C:\Documents and Settings\Bruker\Cookies\bruker@serving-sys[1].txt C:\Documents and Settings\Bruker\Cookies\[email protected][2].txt C:\Documents and Settings\Bruker\Cookies\bruker@2o7[1].txt C:\Documents and Settings\Bruker\Cookies\[email protected][1].txt C:\Documents and Settings\Bruker\Cookies\bruker@mediaplex[1].txt C:\Documents and Settings\Bruker\Cookies\bruker@atdmt[2].txt C:\Documents and Settings\Bruker\Cookies\bruker@tradedoubler[1].txt C:\Documents and Settings\Bruker\Cookies\[email protected][1].txt Trojan.cmdService HKLM\SYSTEM\CurrentControlSet\Services\cmdService HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE00\Control#ActiveService Trojan.Downloader-Gen/RetAd HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ] Adware.Vundo Variant/Rel HKLM\SOFTWARE\Microsoft\aoprndtws HKLM\SOFTWARE\Microsoft\FCOVM HKLM\SOFTWARE\Microsoft\RemoveRP HKU\S-1-5-21-2927508213-37646414-2725450761-1006\Software\Microsoft\rdfa Trojan.Downloader-CommandDesktop C:\DOCUMENTS AND SETTINGS\BRUKER\LOKALE INNSTILLINGER\TEMP\CMDINST.EXE Trojan.Fake-Drop/Gen C:\WINDOWS\ACCESSS.EXE C:\WINDOWS\AVPCC.DLL C:\WINDOWS\CLRSSN.EXE C:\WINDOWS\CPAN.DLL C:\WINDOWS\CTFMON32.EXE C:\WINDOWS\CTRLPAN.DLL C:\WINDOWS\DIRECTX32.EXE C:\WINDOWS\DNSRELAY.DLL C:\WINDOWS\EDITPAD.EXE C:\WINDOWS\EXPLORE.EXE C:\WINDOWS\EXPLORER32.EXE C:\WINDOWS\FUNNIEST.EXE C:\WINDOWS\FUNNY.EXE C:\WINDOWS\GFMNAAA.DLL C:\WINDOWS\HELPCVS.EXE C:\WINDOWS\INETINF.EXE C:\WINDOWS\INTERNET.EXE C:\WINDOWS\MSCONFD.DLL C:\WINDOWS\MSSPI.DLL C:\WINDOWS\MSSYS.EXE C:\WINDOWS\MSUPDATE.EXE C:\WINDOWS\MSWSC10.DLL C:\WINDOWS\MSWSC20.DLL C:\WINDOWS\MTWIRL32.DLL C:\WINDOWS\NOTEPAD32.EXE C:\WINDOWS\QTTASKS.EXE C:\WINDOWS\QUICKEN.EXE C:\WINDOWS\RUNDLL16.EXE C:\WINDOWS\SEARCHWORD.DLL C:\WINDOWS\SISTEM.EXE C:\WINDOWS\SVCHOST32.EXE C:\WINDOWS\SVCINIT.EXE C:\WINDOWS\TIME.EXE C:\WINDOWS\USERS32.EXE C:\WINDOWS\WAOL.EXE C:\WINDOWS\WIN64.EXE C:\WINDOWS\WINAJBM.DLL C:\WINDOWS\WINDOW.EXE C:\WINDOWS\WINMGNT.EXE C:\WINDOWS\X.EXE C:\WINDOWS\XPLUGIN.DLL C:\WINDOWS\Y.EXE Trojan.Dropper/ASTCTL32 C:\WINDOWS\ASTCTL32.OCX Trojan.Downloader-Gen/Win C:\WINDOWS\IEDLL.EXE C:\WINDOWS\WIN32E.EXE Trojan.Unclassified/IExplorer-Fake C:\WINDOWS\IEXPLORER.EXE Trojan.Unclassified/Loader-Suspicious C:\WINDOWS\LOADER.EXE Trojan.CWS/VBE C:\WINDOWS\RUNDLL32.VBE Trojan.Downloader-Systeem C:\WINDOWS\SYSTEEM.EXE Rogue.Multi-Dropper/Installer C:\WINDOWS\SYSTEM32\PRI\KSCOMDLL3.EXE C:\WINDOWS\Prefetch\KSCOMDLL3.EXE-1C9E69A7.pf Trojan.Downloader-SystemCritcial/Fake Alert C:\WINDOWS\SYSTEMCRITICAL.EXE Trojan.Unclassified/XXXVid C:\WINDOWS\XXXVIDEO.HTA Trace.Known Threat Sources C:\Documents and Settings\Bruker\Temporary Internet Files\Content.IE5\8SL2LCQI\retadpu[2].htm C:\Documents and Settings\Bruker\Temporary Internet Files\Content.IE5\OB9RJ0NQ\retadpu[1].htm C:\Documents and Settings\Bruker\Temporary Internet Files\Content.IE5\OB9RJ0NQ\checkin[1].htm C:\Documents and Settings\Bruker\Temporary Internet Files\Content.IE5\R2KCIW1K\17PHolmes[1].cmt C:\Documents and Settings\Bruker\Temporary Internet Files\Content.IE5\8SL2LCQI\17PHolmes[1].cmt Lenke til kommentar
Kazento Skrevet 11. juli 2008 Forfatter Del Skrevet 11. juli 2008 jeg fant ut i går da jeg kobla til ekstrenhardisken min at det var den som var veldig infisert.... så nå er hele lapptoppen infisert igjen problemene jeg har nå er at jeg ikke får opna firefox og når jeg skanner gjennom pcen med SAS så får jeg blåskjerm når den går over til å scanne filer så jeg får bare scanna register og memori Lenke til kommentar
norbat Skrevet 11. juli 2008 Del Skrevet 11. juli 2008 Scan kun den eksterne harddisken og la sas slette det den finner, koble deretter den eksterne fra. Kjør combofix på nytt og post loggen den lager. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå