bowiebolan

Members
  • Content Count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About bowiebolan

  • Rank
    Member
  1. When I bought the monitor it came with a cd, on the cd is "HP My Display" (HP Adjustment Pattern Utility). If there was some drivers on that cd, I don't know. I just installed what was on the cd. I followed your link, updated the monitor driver, and updated "HP My Display". Thanks for the link But nothing changed. I still get that screen with the "circles" when I start in Safe Mode
  2. No, I don't have any other monitor I can use. Is there any settings I can change?
  3. What do you mean by "all passwords"? To all sites I log into etc? I have a HP w2207
  4. Yes, I unchecked "Heuristic analysis". Can I remove Dr. Web now? And what about this one: A0000067.EXE;C:\System Volume Information\_restore{93A41DA8-9662-40FA-86B9-06914D114A2F}\RP2;Program.PsExec.170 that's still in quarantine, should I delete it? Updated the graphic driver now, but it didn't help. Can't start in Safe Mode Have you ever heard of anyone with that problem before? I just want to say Thank you very much for your help I got rid of that sinowal And my pc is working just fine. It worked fine with sinowal too It was just that it turned up every time I scanned. But it may be a bigger problem that I can't start in Safe Mode? May come a day when Safe Mode is the ONLY way to fix something? Well, I guess it's time for a new pc when that happens Thanks for all your help
  5. Hi I don't remember if I have ever used Safe Mode on this pc. I've never had any problems with viruses or anything, there hasn't been a reason to use it(until now) Ok, I ran Dr Web in normal mode. Here's the log: zanda.exe;c:\norman\npm\bin;Sannsynlighvis BACKDOOR.Trojan;Incurable.Deleted.; ComboFix.exe\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe;Program.PsExec.171;; ComboFix.exe;C:\Documents and Settings\Eier\Skrivebord;Archive contains infected objects;Moved.; KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.; Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Moved.; A0000067.EXE;C:\System Volume Information\_restore{93A41DA8-9662-40FA-86B9-06914D114A2F}\RP2;Program.PsExec.170;Moved.; PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170;Incurable.Moved.; I know what that zanda.exe is. That has something to do with my virusprogram(Norman). When Dr. Web removed it, there was a red X on the Norman icon saying: zanda is not running. When i rebooted it seems that the virusprogram didn't start at all, there's no icon(near the clock) It's only a week or so since I scanned the pc with Norman. It did find this: C:\System Volume Information\_restore{93A41DA8-9662-40FA-86B9-06914D114A2F} I turned off system restore and scanned again, but it didn't find it then, so I thought I got rid of it.(guess I didn't) But Norman never found any of these PSEXESVC.EXE;C:\WINDOWS;Program.PsExec.170 Terminator.exe;C:\hp\bin;Trojan.KillApp.30208 KillWind.exe;C:\hp\bin;Tool.ProcessKill Are they viruses? Dr. Web found zanda and ComboFix, but they are not viruses And a question: I use Norman only because I get it for free from my isp. Are you familiar with Norman? Should I get rid of it and use AVG instead? And do you know if AVG use less memory than Norman? I think Norman use to much. (well actually I don't know that cause I haven't used any other and compared )
  6. I tried 3 times and the only thing that shows on my screen is what you see in that picture. The upper part of the screen is blue, and the lower part is the circles.
  7. Ok, was going to do the Dr. Web thing, but....... I can't start in Safe Mode! When i select Safe Mode I then have to select to start Windows XP Home Edition or the Recovery console thing. I select Windows XP and this is what my screen shows then: What does this mean? (sorry about the quality, it's taken with my old mobilephone)
  8. NO!! Ran Adaware now and it's gone! Yes!! Do I have to do the Dr. Web Curelt thing just to be sure, or...?
  9. Ok, not sure if I've done this first part correct. (Sorry for being so stupid ) I selected the recovery console, but I didn't have to log on(?) Then I had to choose between these: 1: D:\MiniNT 2. D:\I386 3. C:\Windows I choose 3 and enter, was it right to type 3 on the keyboard? (Or should I have typed C:\Windows?) Then this come up, C:\WINDOWS> and I typed fixmbr c: and enter Then C:\WINDOWS shows up again Rebooted and started Reg editor. Couldn't delete it at first, but unchecked allow inheritible permissions, and deleted it. Here's the gmer log: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-14 18:05:35 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF739BB3A] SSDT sptd.sys ZwEnumerateKey [0xF739BC7E] SSDT sptd.sys ZwEnumerateValueKey [0xF739BFF6] SSDT sptd.sys ZwOpenKey [0xF739BA18] SSDT sptd.sys ZwQueryKey [0xF739C0C0] SSDT sptd.sys ZwQueryValueKey [0xF739BF58] SSDT sptd.sys ZwSetValueKey [0xF739C148] INT 0x01 \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F668B541 INT 0x03 \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F668B5E7 ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Prosessen fÃ¥r ikke tilgang til filen fordi den brukes av en annen prosess. ? C:\WINDOWS\System32\Drivers\SPTD7453.SYS Prosessen fÃ¥r ikke tilgang til filen fordi den brukes av en annen prosess. ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73A4DB2] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA71E] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F73A53B2] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F73A52B6] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F73A5482] sptd.sys IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA032] sptd.sys IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F73A4F6E] sptd.sys IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F73B9C76] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F73A4E06] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7397A32] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7397B6E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7397AF6] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73986CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73985A2] sptd.sys IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA864] sptd.sys IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F73A9F78] sptd.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F73B9C76] sptd.sys IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA864] sptd.sys IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7397020] sptd.sys IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7397020] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8738A398 Device \FileSystem\Fastfat \FatCdrom 86DE9228 Device \Driver\USBSTOR \Device00008e 8726FC58 Device \Driver\USBSTOR \Device00008e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device00008f 8726FC58 Device \Driver\USBSTOR \Device00008f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetBT_Tcpip_{63470DD6-E0F0-4EED-8021-37A7EB12FCBC} 863EB9C0 Device \Driver\Ftdisk \Device\HarddiskVolume1 8738AA40 Device \Driver\Ftdisk \Device\HarddiskVolume2 8738AA40 Device \Driver\Cdrom \Device\CdRom0 86EC0A90 Device \FileSystem\Rdbss \Device\FsWrap 86DF5308 Device \Driver\Cdrom \Device\CdRom1 86EC0A90 Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device000090 8726FC58 Device \Driver\USBSTOR \Device000090 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetBt_Wins_Export 863EB9C0 Device \Driver\USBSTOR \Device000091 8726FC58 Device \Driver\USBSTOR \Device000091 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetbiosSmb 863EB9C0 Device \Driver\Disk \Device\Harddisk0\DR0 8738A5D0 Device \Driver\Disk \Device\Harddisk1\DR3 8738A5D0 Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+7 8738A5D0 Device \Driver\Disk \Device\Harddisk2\DR4 8738A5D0 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+8 8738A5D0 Device \Driver\Disk \Device\Harddisk3\DR5 8738A5D0 Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 8738A5D0 Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+a 8738A5D0 Device \Driver\Disk \Device\Harddisk4\DR6 8738A5D0 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86E04EB0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86E04EB0 Device \FileSystem\Npfs \Device\NamedPipe 86E3F298 Device \Driver\Ftdisk \Device\FtControl 8738AA40 Device \Driver\USBSTOR \Device00008a 8726FC58 Device \Driver\USBSTOR \Device00008a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\Msfs \Device\Mailslot 86E33610 Device \FileSystem\Fastfat \Fat 86DE9228 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 86E396A0 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -70556022 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -369950323 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1255105973 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] DD01ABA758D288EA263E8FA21256F05BE2D1238869EB2A4A15BC54B9C7C7D4AC6F3EE4E53212C326A3644210497B3ED38528289F0AE508AAFB1812846B1ABF5B402006E9C48F0FD06DD024F506C01F3BE2BF8D214211EAA875F616120748DB326C71CD9682133430D52D50A27F1DC98DA246EBE3AEB6189C9DA516E1BA8B1801A5C12EB5B167EE2E40EB1647C20FE86D7DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555426CEF1C7CD60DB64E2A4D22FBEC4EA70BAA6826E945AD6674B25C1D96EA1781F63BFAE7DADE693444020F8D6F1087C7AEF3AEC2532C6C4A18DB1DC0C336D807726BBE7240FA0D5AC78E9BE823C594D3648D70A3C5F01D247605D02C3AC565DDDAA75BFC919EB7886255FC382BEDECFCB4FBBFB22686121A3850B14DD2B50BC21ECED498B4B44E2EDF121F52A0E0B1896C7814AC5FCCC368CC9361E465963706E873122C1719D851CFB5546420E822541E6E4821DE1C4CDEE5576287D1EBFD0CAEDB6272A61E068B86E2D26C4A4226CA9EFE987515BE6A60F8DB9BA1FAAD984CA781F47BD887260A1DF0323FC49F46F0867FA9E2F8758164C00F596F474962D3CE95DD28A30F2D8D6EEBF18436A830DAB3F68075037197F43B194A82A11DD ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a14c00 size 0x1e4 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ----
  10. Ahaa, the screen that disappear quickly at the begining?
  11. [boot loader] timeout=3 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn/NOGUIBOOT C:\CMDCONS\BOOTSECT.DAT="Gjenopprettingskonsoll for Microsoft Windows XP" /cmdcons
  12. Ok, here's the log: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-10-13 17:50:28 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT sptd.sys ZwCreateKey [0xF739BB3A] SSDT sptd.sys ZwEnumerateKey [0xF739BC7E] SSDT sptd.sys ZwEnumerateValueKey [0xF739BFF6] SSDT sptd.sys ZwOpenKey [0xF739BA18] SSDT sptd.sys ZwQueryKey [0xF739C0C0] SSDT sptd.sys ZwQueryValueKey [0xF739BF58] SSDT sptd.sys ZwSetValueKey [0xF739C148] INT 0x01 \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F619D541 INT 0x03 \SystemRoot\System32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F619D5E7 ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Prosessen fÃ¥r ikke tilgang til filen fordi den brukes av en annen prosess. ? C:\WINDOWS\System32\Drivers\SPTD7453.SYS Prosessen fÃ¥r ikke tilgang til filen fordi den brukes av en annen prosess. ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73A4DB2] sptd.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA71E] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F73A53B2] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F73A52B6] sptd.sys IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F73A5482] sptd.sys IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA032] sptd.sys IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F73A4F6E] sptd.sys IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F73B9C76] sptd.sys IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F73A4E06] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7397A32] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7397B6E] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7397AF6] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73986CC] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73985A2] sptd.sys IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA864] sptd.sys IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F73A9F78] sptd.sys IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F73B9C76] sptd.sys IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73BA864] sptd.sys IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F7397020] sptd.sys IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F7397020] sptd.sys ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8738A5D0 Device \FileSystem\Fastfat \FatCdrom 86E5F8B0 Device \Driver\USBSTOR \Device00008e 86F340E8 Device \Driver\USBSTOR \Device00008e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device00008f 86F340E8 Device \Driver\USBSTOR \Device00008f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetBT_Tcpip_{63470DD6-E0F0-4EED-8021-37A7EB12FCBC} 873550E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 8738AC78 Device \Driver\Ftdisk \Device\HarddiskVolume2 8738AC78 Device \Driver\Cdrom \Device\CdRom0 86ECF0E8 Device \FileSystem\Rdbss \Device\FsWrap 86F190E8 Device \Driver\Cdrom \Device\CdRom1 86ECF0E8 Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\USBSTOR \Device000090 86F340E8 Device \Driver\USBSTOR \Device000090 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetBt_Wins_Export 873550E8 Device \Driver\NetBT \Device\NetbiosSmb 873550E8 Device \Driver\USBSTOR \Device000089 86F340E8 Device \Driver\USBSTOR \Device000089 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Disk \Device\Harddisk0\DR0 8738A808 Device \Driver\Disk \Device\Harddisk1\DR3 8738A808 Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+7 8738A808 Device \Driver\Disk \Device\Harddisk2\DR4 8738A808 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+8 8738A808 Device \Driver\Disk \Device\Harddisk3\DR5 8738A808 Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 8738A808 Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+a 8738A808 Device \Driver\Disk \Device\Harddisk4\DR6 8738A808 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86F77880 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86F77880 Device \FileSystem\Npfs \Device\NamedPipe 86F16BC0 Device \Driver\Ftdisk \Device\FtControl 8738AC78 Device \FileSystem\Msfs \Device\Mailslot 86E5E900 Device \Driver\USBSTOR \Device00008d 86F340E8 Device \Driver\USBSTOR \Device00008d sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\Fastfat \Fat 86E5F8B0 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 86EE4C80 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys0a3a575837 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\[email protected] 0x6D 0x13 0x74 0x76 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -70556022 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -369950323 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1255105973 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 0xE6 0xB1 0xA9 0x76 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] DD01ABA758D288EA263E8FA21256F05BE2D1238869EB2A4A15BC54B9C7C7D4AC6F3EE4E53212C326A3644210497B3ED38528289F0AE508AAFB1812846B1ABF5B402006E9C48F0FD06DD024F506C01F3BE2BF8D214211EAA875F616120748DB326C71CD9682133430D52D50A27F1DC98DA246EBE3AEB6189C9DA516E1BA8B1801A5C12EB5B167EE2E40EB1647C20FE86D7DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555426CEF1C7CD60DB64E2A4D22FBEC4EA70BAA6826E945AD6674B25C1D96EA1781F63BFAE7DADE693444020F8D6F1087C7AEF3AEC2532C6C4A18DB1DC0C336D807726BBE7240FA0D5AC78E9BE823C594D3648D70A3C5F01D247605D02C3AC565DDDAA75BFC919EB7886255FC382BEDECFCB4FBBFB22686121A3850B14DD2B50BC21ECED498B4B44E2EDF121F52A0E0B1896C7814AC5FCCC368CC9361E465963706E873122C1719D851CFB5546420E822541E6E4821DE1C4CDEE5576287D1EBFD0CAEDB6272A61E068B86E2D26C4A4226CA9EFE987515BE6A60F8DB9BA1FAAD984CA781F47BD887260A1DF0323FC49F46F0867FA9E2F8758164C00F596F474962D3CE95DD28A30F2D8D6EEBF18436A830DAB3F68075037197F43B194A82A11DD ---- Disk sectors - GMER 1.0.14 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x12a14c00 size 0x1e4 Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.14 ----
  13. Like this? Startet skanning av register »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Backdoor.Sinowal Objektet ble gjenkjent Type : Regkey Data : Trusselvurdering : 10 Kategori : Malware Kommentar : Rootkey : HKEY_LOCAL_MACHINE Objekt : system\currentcontrolset\enum\root\legacy_{def85c80-216a-43ab-af70-1665edbe2780}