Adversary Skrevet 10. januar 2009 Forfatter Del Skrevet 10. januar 2009 Det skulle jeg gjerne gjort, men jeg kan ikke fordi jeg ikke finner filen, hjelper ikke å skru på "vis sjulte filer og mapper" heller. Kan heller ikke skrive inn C:\WINDOWS\system32\drivers\ah9jc24i.SYS og trykke på send file. Lenke til kommentar
norbat Skrevet 10. januar 2009 Del Skrevet 10. januar 2009 Fjern også merket framfor "Skjul beskyttede operativsystemfiler" og se om du da finner fila. Lenke til kommentar
Adversary Skrevet 10. januar 2009 Forfatter Del Skrevet 10. januar 2009 Nei, fant ikke fila da heller. Lenke til kommentar
Adversary Skrevet 11. januar 2009 Forfatter Del Skrevet 11. januar 2009 Siden jeg ikke får feilmeldinger på stasjonæren satser jeg på at den funker som den skal. Her er problemet jeg har på bærbaren, det popper opp i ny og ne, og alltid når jeg prøver å logge på msn. hijack this Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:06:15, on 11.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Acer\Empowering Technology\admServ.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgcsrvx.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\Programfiler\OpenOffice.org 3\program\soffice.exe C:\Programfiler\OpenOffice.org 3\program\soffice.bin C:\DOCUME~1\Rolfie\LOKALE~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Programfiler\MSN Messenger\msnmsgr.exe C:\Programfiler\AVG\AVG8\avgdiagex.exe C:\Programfiler\AVG\AVG8\avgdiagex.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Programfiler\Opera\Opera.exe C:\Programfiler\AVG\AVG8\avgcsrvx.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.92.1:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 1.1.1.1;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Programfiler\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [synTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1226510457640 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1226512246937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 6943 bytes combofix ComboFix 09-01-09.03 - Rolfie 2009-01-11 14:28:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1014.498 [GMT 1:00] Kjører fra: c:\documents and settings\Rolfie\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Desktop_.ini c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_AVG -------\Service_NPF ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-11 til 2009-01-11 ))))))))))))))))))))))))))))))))) . 2009-01-10 17:32 . 2009-01-10 17:32 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-10 17:32 . 2009-01-10 17:32 <DIR> d-------- c:\documents and settings\Rolfie\Programdata\Malwarebytes 2009-01-10 17:32 . 2009-01-10 17:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-10 17:32 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-10 17:32 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-10 12:59 . 2009-01-10 13:02 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-08 09:17 . 2009-01-08 09:17 <DIR> d-------- C:\UbiSoft 2009-01-08 09:16 . 2009-01-08 09:18 <DIR> d-------- c:\windows\UbiSoft 2009-01-01 22:56 . 2009-01-10 12:47 <DIR> dr-h----- c:\documents and settings\Rolfie\Siste 2008-12-16 12:12 . 2008-12-16 12:12 21,840 --a------ c:\windows\system32\SIntfNT.dll 2008-12-16 12:12 . 2008-12-16 12:12 17,212 --a------ c:\windows\system32\SIntf32.dll 2008-12-16 12:12 . 2008-12-16 12:12 12,067 --a------ c:\windows\system32\SIntf16.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 14:29 --------- d-----w c:\documents and settings\All Users\Programdata\avg8 2009-01-08 09:30 324,872 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-08 09:30 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys 2009-01-08 09:30 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-08 08:12 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-08 08:11 --------- d-----w c:\programfiler\Final Fantasy VII 2008-12-09 12:02 --------- d-----w c:\documents and settings\Rolfie\Programdata\Autodesk 2008-12-09 11:59 --------- d-----w c:\programfiler\Fellesfiler\Autodesk Shared 2008-12-09 11:59 --------- d-----w c:\programfiler\Autodesk 2008-12-09 11:57 --------- d-----w c:\documents and settings\Rolfie\Programdata\U3 2008-12-08 11:29 --------- d-----w c:\programfiler\WorldOfGoo 2008-12-08 10:03 --------- d-----w c:\documents and settings\All Users\Programdata\2DBoy 2008-12-08 08:21 --------- d-----w c:\programfiler\Square Soft, Inc 2008-12-08 07:55 --------- d-----w c:\programfiler\Java 2008-11-21 09:56 --------- d-----w c:\programfiler\Google 2008-11-21 07:36 --------- d-----w c:\programfiler\DAEMON Tools Lite 2008-11-21 07:27 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-21 07:26 --------- d-----w c:\documents and settings\Rolfie\Programdata\DAEMON Tools 2008-11-20 07:16 --------- d-----w c:\programfiler\Synaptics 2008-11-15 16:07 --------- d-----w c:\programfiler\MSN Messenger 2008-11-15 15:44 --------- dcsh--w c:\programfiler\Fellesfiler\WindowsLiveInstaller 2008-11-15 15:43 --------- d-----w c:\documents and settings\All Users\Programdata\WLInstaller 2008-11-13 15:19 --------- d-----w c:\documents and settings\Rolfie\Programdata\Intel 2008-11-12 21:38 --------- d-----w c:\programfiler\CONEXANT 2008-11-12 20:25 --------- d-----w c:\programfiler\Windows Desktop Search 2008-11-12 19:38 --------- d-----w c:\programfiler\MSXML 4.0 2008-11-12 19:07 --------- d-----w c:\programfiler\Windows Media Connect 2 . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-27 1576176] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AzMixerSel"="c:\programfiler\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-11-11 1236992] "ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 344064] "Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 3080192] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-08 1601304] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "RTHDCPL"="RTHDCPL.EXE" [2006-08-16 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-08-16 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Rolfie\Start-meny\Programmer\Oppstart\ OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-08 10:30 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-11-23 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-23 324872] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-23 107272] R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2008-10-20 12106] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [2008-08-19 8944] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [2008-08-19 55024] R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2008-10-20 4392] R3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-08-19 7408] R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264] R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2008-10-20 4096] R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2008-10-20 78208] R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2008-10-20 7296] R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2008-10-20 4010] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyServer = 192.168.92.1:80 uInternet Settings,ProxyOverride = 1.1.1.1;localhost;<local> . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 14:32:06 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(852) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\System32\BCMLogon.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\acer\Empowering Technology\admServ.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\AVG\AVG8\avgam.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\programfiler\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programfiler\OpenOffice.org 3\program\soffice.exe c:\programfiler\OpenOffice.org 3\program\soffice.bin c:\windows\system32\wbem\unsecapp.exe c:\docume~1\Rolfie\LOKALE~1\temp\RtkBtMnt.exe c:\programfiler\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Tidspunkt ferdig: 2009-01-11 14:35:01 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-01-11 13:34:57 Pre-Run: 44 395 130 880 byte ledig Post-Run: 44,397,699,072 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS [operating systems] d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 179 --- E O F --- 2008-11-12 22:57:15 filen AVG fant "C:\WINDOWS\System32\Drivers\aj67fkwp.SYS";"Hidden driver";"Object is hidden" Men om det er ett virus i det heletatt er jeg ikke sikker på. Er vel like greit å titte litt på loggene uansett. Lenke til kommentar
norbat Skrevet 11. januar 2009 Del Skrevet 11. januar 2009 (endret) Last ned gmer rootkitskanner , og pakk ut programmet til skrivebordet I panelet på høyre side, fjern avmerkingen framfor følgende: Sections IAT/EAT Partisjoner andre enn Systemdrive (C:\) Show All Klikk på Scan-knappen. Når skannen er ferdig, klikk på Save-knappen og i filnavn-feltet, skriver du logg.txt. Lagre den på skrivebordet slik at du finner den lett. Kopier og post loggen (evt. last den opp som vedlegg) Uansett hva den finner, ikke foreta deg noe med det den finner. Endret 11. januar 2009 av norbat Lenke til kommentar
Adversary Skrevet 11. januar 2009 Forfatter Del Skrevet 11. januar 2009 gmer GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-11 23:15:03 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT spqx.sys ZwCreateKey [0xF73BE0E0] SSDT spqx.sys ZwEnumerateKey [0xF73DCCA2] SSDT spqx.sys ZwEnumerateValueKey [0xF73DD030] SSDT spqx.sys ZwOpenKey [0xF73BE0C0] SSDT spqx.sys ZwQueryKey [0xF73DD108] SSDT spqx.sys ZwQueryValueKey [0xF73DCF88] SSDT spqx.sys ZwSetValueKey [0xF73DD19A] SSDT \??\C:\Programfiler\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA763F20] INT 0x62 ? 865D7BF8 INT 0x63 ? 86375BF8 INT 0x82 ? 865D7BF8 INT 0x94 ? 86375BF8 INT 0xB4 ? 86375BF8 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 865D61F8 AttachedDevice \FileSystem\Ntfs \Ntfs OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT kjerne og system/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\NetBT \Device\NetBT_Tcpip_{529A547E-70C8-472A-A530-D3D94523BF18} 860ED500 Device \Driver\usbuhci \Device\USBPDO-0 863661F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 865671F8 Device \Driver\dmio \Device\DmControl\DmConfig 865671F8 Device \Driver\dmio \Device\DmControl\DmPnP 865671F8 Device \Driver\dmio \Device\DmControl\DmInfo 865671F8 Device \Driver\usbuhci \Device\USBPDO-1 863661F8 Device \Driver\usbehci \Device\USBPDO-2 863F91F8 Device \Driver\usbuhci \Device\USBPDO-3 863661F8 Device \Driver\usbuhci \Device\USBPDO-4 863661F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT kjerne og system/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 865D81F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 865D81F8 Device \Driver\Cdrom \Device\CdRom0 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) Device \Driver\Cdrom \Device\CdRom0 862F41F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 865D81F8 Device \Driver\Cdrom \Device\CdRom1 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies) Device \Driver\Cdrom \Device\CdRom1 862F41F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 860ED500 Device \Driver\NetBT \Device\NetbiosSmb 860ED500 Device \Driver\PCI_PNP2988 \Device00004e spqx.sys Device \Driver\PCI_PNP2988 \Device00004e spqx.sys AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT kjerne og system/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT kjerne og system/Microsoft Corporation) Device \Driver\usbuhci \Device\USBFDO-0 863661F8 Device \Driver\usbuhci \Device\USBFDO-1 863661F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 860D9500 Device \Driver\usbuhci \Device\USBFDO-2 863661F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 860D9500 Device \Driver\usbuhci \Device\USBFDO-3 863661F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{8DE40C30-FF9B-4332-958B-99A903CD680A} 860ED500 Device \Driver\Ftdisk \Device\FtControl 865D81F8 Device \Driver\usbehci \Device\USBFDO-4 863F91F8 Device \Driver\sptd \Device\4288906738 spqx.sys Device \Driver\aj67fkwp \Device\Scsi\aj67fkwp1 862A91F8 Device \Driver\aj67fkwp \Device\Scsi\aj67fkwp1Port2Path0Target0Lun0 862A91F8 Device \FileSystem\Cdfs \Cdfs 8616E3C8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0xB7 0x43 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x3B 0x9B 0x39 0xD7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x48 0x68 0xE6 0x56 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programfiler\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0xB7 0x43 0x8F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x3B 0x9B 0x39 0xD7 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x48 0x68 0xE6 0x56 ... ---- EOF - GMER 1.0.14 ---- Lenke til kommentar
norbat Skrevet 11. januar 2009 Del Skrevet 11. januar 2009 Den 'hidden driver' som avg finner er knyttet til Scsi-kontrolleren og er derfor ingen skummel fil I dette tilfellet varsler bare avg om at den fant en driver som var skjult - noe som er normalt. Lenke til kommentar
Adversary Skrevet 11. januar 2009 Forfatter Del Skrevet 11. januar 2009 Okay, så jeg har altså ikke noe virus på bærbaren, bare ett problem som må fikses på andre måter. Tusen takk for all hjelp til begge to. Lenke til kommentar
norbat Skrevet 11. januar 2009 Del Skrevet 11. januar 2009 Du kunne ha forsøkt å reinstallert avg for og sett om det ikke løser problemet du opplever med programmet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå