RogueAlien Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 Jeg oppdaget denne filen da jeg søkte med AVG Anti-Rootkit Free: a0k6v39g.SYS i Windows/System32/Drivers. Jeg har Windows XP Pro SP2. Noen andre som har fått denne og som vet om det er trygt eller nødvendig og fjerne den? Jeg hadde tenkt og prøve men når jeg trykker "Remove Selected Items" så gir den meg en advarsel om at og fjerne slike filer kan ha ødeleggende konsekvenser på systemet. Jeg vet ikke helt hva jeg skal gjøre. Jeg prøvde og søke på google med filnavnet men fikk ikke opp noe. Dilemma: Redd for og ødelegge systemet og redd for at denne filen kan lage faenskap i maskina mi. Lenke til kommentar
norbat Skrevet 3. februar 2008 Del Skrevet 3. februar 2008 (endret) Det er ikke utenkelig at fila tilhører brannmuren din, men du kunne ha sjekket fila på http://virusscan.jotti.org/ Du kunne også ha postet en combofix-logg: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Endret 3. februar 2008 av norbat Lenke til kommentar
RogueAlien Skrevet 3. februar 2008 Forfatter Del Skrevet 3. februar 2008 (endret) Unnskyld meg men jeg vet ikke hva dette er. Kan du forklare litt? EDIT: Jeg får ikke lastet opp filen på den viruscan.jotti.org siden fordi jeg finner jo ikke filen manuelt uten rootkit-scanneren og scanneren gir meg ikke så veldig mange alternativer. Får ikke copy & paste altså. Endret 3. februar 2008 av RougeAlien Lenke til kommentar
snippsat Skrevet 4. februar 2008 Del Skrevet 4. februar 2008 Min datamaskin Verktøy->mappealternativer->vis->vis skjulte filer og mapper Gå til jotti finn fil scan. Lenke til kommentar
RogueAlien Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 Min datamaskinVerktøy->mappealternativer->vis->vis skjulte filer og mapper Gå til jotti finn fil scan. Jeg har den krysset av fra før av. Slike rootkits ligger nok såpass skjult at det ikke er så lett og fjerne dem uten et verktøy. Jeg finner den ikke manuelt i hvertfall, bare med AVG Anti-Rootkit. Lenke til kommentar
snippsat Skrevet 4. februar 2008 Del Skrevet 4. februar 2008 (endret) AVG Anti-Rootkit kan ha fjernet den eller lagd den i karantene. Post combofix så får vi mere info. Gjerne en hjt-logg og http://www.trendsecure.com/portal/en-US/to...ckthis/download Endret 4. februar 2008 av SNIPPSAT Lenke til kommentar
RogueAlien Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 (endret) Jeg synes dette virker suspekt. Jeg får denne beskjeden da jeg kjører ComboFix: "Roughly 1/100 machines failed to make it through the disinfection process!" "Are you sure you want to do this?" Jeg valgte i første omgang og trykke "No" og da forsvant hele fila jeg hadde lastet ned. Hva slags program er dette? EDIT: Jeg brukte HijackTHis da og her er loggfilen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:11:02, on 04.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [RivaTunerStatisticsServer] "C:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" /s O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8439 bytes Endret 4. februar 2008 av RougeAlien Lenke til kommentar
snippsat Skrevet 4. februar 2008 Del Skrevet 4. februar 2008 (endret) Bare trykk yes du. Comobfix er et programm som gir en detaliert logg,og fjerner grums som du ikke skal ha. Se litt på postene til norbat så skjønner du at du får hjelp. Endret 4. februar 2008 av SNIPPSAT Lenke til kommentar
RogueAlien Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 Jeg kjørte ComboFix programmet og den lagde en logg. Men den fant ingen rootkits. Foressten så kjørte jeg AVG Anti-Rootkit igjen i sted og da kom det opp en rootkit men den hadde skiftet navn. Så kanskje det er brannmuren min. Lenke til kommentar
snippsat Skrevet 4. februar 2008 Del Skrevet 4. februar 2008 Du må poste combofix loggen Lenke til kommentar
RogueAlien Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 Javel, her er ComboFix loggen: ComboFix 08-02.03.1 - Lars 2008-02-04 3:20:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1594 [GMT 1:00] Running from: E:\Programs\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 ))))))))))))))))))))))))))))))) . 2008-02-04 03:09 . 2008-02-04 03:09 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-30 11:06 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys 2008-01-30 11:04 . 2008-01-30 11:04 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys 2008-01-29 22:49 . 2008-01-29 22:49 <DIR> d--hs---- C:\WINDOWS\ftpcache 2008-01-29 14:54 . 2008-01-29 22:42 165,628 --a------ C:\WINDOWS\system32\nvapps.xml 2008-01-29 14:53 . 2008-01-29 22:41 <DIR> d-------- C:\WINDOWS\nview 2008-01-29 14:53 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-01-29 14:53 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-01-29 14:53 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-01-29 05:04 . 2008-02-03 04:13 <DIR> d-------- C:\Program Files\JkDefrag 2008-01-13 03:05 . 2008-01-13 03:05 <DIR> d-------- C:\Program Files\Western Digital Technologies 2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax 2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 19:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-03 19:35 --------- d-----w C:\Program Files\GameFlood 2008-02-01 19:56 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-02-01 19:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-01-31 01:58 --------- d-----w C:\Program Files\RivaTuner v2.06 2008-01-31 00:30 --------- d-----w C:\Documents and Settings\Lars\Application Data\Vidalia 2008-01-31 00:28 --------- d-----w C:\Documents and Settings\Lars\Application Data\tor 2008-01-30 10:04 --------- d-----w C:\Program Files\ASUS 2008-01-29 21:55 --------- d-----w C:\Documents and Settings\Lars\Application Data\My Games 2008-01-28 17:05 --------- d-----w C:\Program Files\PeerGuardian2 2008-01-28 04:15 --------- d-----w C:\Program Files\BitComet 2008-01-23 13:34 --------- d-----w C:\Program Files\X Plugin Manager 2008-01-10 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-10 18:00 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-10 14:20 --------- d-----w C:\Program Files\DivX 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-12-27 21:01 --------- d-----w C:\Documents and Settings\Lars\Application Data\DAEMON Tools 2007-12-27 12:05 --------- d-----w C:\Program Files\DAEMON Tools Lite 2007-12-27 12:02 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-12-27 11:50 --------- d-----w C:\Program Files\MagicDisc 2007-12-27 11:16 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys 2007-12-18 18:55 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-12-18 18:55 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-12-18 18:55 1,073,152 ----a-w C:\WINDOWS\system32\nvcpluir.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-12-05 00:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-12-05 00:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-12-05 00:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-12-05 00:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-12-05 00:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-12-05 00:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-12-05 00:41 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-12-05 00:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-12-05 00:41 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-12-05 00:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-12-05 00:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-12-05 00:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-12-05 00:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-12-05 00:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-12-05 00:41 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-12-05 00:41 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-12-05 00:41 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-12-05 00:41 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-12-05 00:41 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-12-05 00:41 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-12-05 00:41 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-12-05 00:41 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-12-05 00:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-12-05 00:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-12-05 00:41 3,334,144 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-12-05 00:41 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-12-05 00:41 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-12-05 00:41 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-12-05 00:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-12-05 00:41 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-12-05 00:41 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-12-05 00:41 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-12-05 00:41 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-12-05 00:41 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-12-05 00:41 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll 2007-12-05 00:41 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360] "EPSON Stylus D68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00 98304] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 21:13 486856] "RivaTunerStartupDaemon"="" [] "RivaTunerStatisticsServer"="C:\Program Files\RivaTuner v2.06\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe" [2007-10-30 19:05 57344] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-12-14 10:40 1122304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-12-13 09:39 91136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2007-05-09 09:38 2130432] "EPSON Stylus D68 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00 98304] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2007-11-24 16:40 1481984] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-24 16:40] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-24 16:40] R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44] R2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 08:20] R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 09:39] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-04 03:32:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\guard32.dll . Completion time: 2008-02-04 3:32:49 . 2008-01-09 13:52:06 --- E O F --- Lenke til kommentar
norbat Skrevet 4. februar 2008 Del Skrevet 4. februar 2008 Kunne du ha prøvd en annen rootkit-scanner: Blacklight, og sett om den finner det samme? Lenke til kommentar
RogueAlien Skrevet 4. februar 2008 Forfatter Del Skrevet 4. februar 2008 Jeg lastet ned og kjørte BlackLight men den fant ingenting. Så da kan jeg vel avskrive at det kan være noen rootkits på maskina mi da. Lenke til kommentar
norbat Skrevet 5. februar 2008 Del Skrevet 5. februar 2008 Hvis du lager deg et gjenopprettingspunkt (tilbehør->systemverktøy->systemgjenoppretting) og deretter velger å fjerne fila vha. AVG Rootkit, restarter pc og tar en ny scan for å sjekke om det kommer opp noe mer, så ser vi hva som skjer. Blir det noe rot, så kjører du bare systemgjenoppretting til før slettingen. Grunnen til dette er at jeg ikke kan garantere at dette IKKE er noe rusk. Greit å sjekke. Lenke til kommentar
RogueAlien Skrevet 5. februar 2008 Forfatter Del Skrevet 5. februar 2008 Hver gang jeg kjører AVG Anti-Rootkit Free så kommer det opp en rootkit av "Hidden Driver File" typen på samme sted men med et nytt navn hver gang med unntak at den ender på .SYS og begynner på "a". Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå