Problem med oidentifierat Rootkit

28 september, 2012

Sitter med en relativt ny hp dator med win 7 som jag också kör ubuntu 12.04 på, har slarvat en aning med mina sökningar av datorn, det var först sen jag installerade ubuntu via wubi som jag körde en sökning av hela datorn med avg-free edition 2012 då den hittade 2 dolda rootkits som fick namnet "unknown" den ena har försvunnit men den andra går inte att göra något åt. Bifogar enligt dds. Attach.zip

Edit: Detta hittar mitt avg: "";"<unknown>";"Inline hook win32k.sys EngCopyBits+0x422E -> 0xFFFFF95F80187C56";"Object is hidden"

[log].

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Hemma at 12:06:56 on 2012-09-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8175.5066 [GMT 2:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files\OO Software\Defrag\oodag.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Windows\system32\WUDFHost.exe

C:\Users\Hemma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\Hemma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Users\Hemma\AppData\Local\Apps\2.0\HW2P3887.GTJ\2ZDR60WE.2VK\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b138542379386c\CurseClient.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Hemma\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.se/

uWindow Title = Windows Internet Explorer erhållet från MSN and Bing

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [skyDrive] "C:\Users\Hemma\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [spotify Web Helper] "C:\Users\Hemma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [Google Update] "C:\Users\Hemma\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Hemma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Hemma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Hemma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTU~1.LNK - C:\Users\Hemma\AppData\Roaming\FAH\CPU\StartupCPU.exe

StartupFolder: C:\Users\Hemma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTU~2.LNK - C:\Users\Hemma\AppData\Roaming\FAH\GPU\StartupGPU.exe

StartupFolder: C:\Users\Hemma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VERSIO~1.LNK - C:\Users\Hemma\AppData\Roaming\FAH\VersionCheck.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

mPolicies-system: DisableStartupSound = 1 (0x1)

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Ski&cka till OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{11DB40C6-7A4D-40AE-97E2-7D9D32E030A3} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{11DB40C6-7A4D-40AE-97E2-7D9D32E030A3}\46C696E6B6 : DhcpNameServer = 213.80.98.2 192.168.0.1

TCP: Interfaces\{3427093F-2220-42C7-A992-7B0341C2D966} : DhcpNameServer = 192.168.0.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

BHO-X64: AutorunsDisabled - No File

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{95B7759C-8C7F-4BF1-B163-73684A933233}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{95B7759C-8C7F-4BF1-B163-73684A933233}

TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-16 89600]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-3-16 514232]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-10 1258856]

R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2010-8-24 3013448]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-16 2655768]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-8-30 722528]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-23 250288]

S3 EWSASERV;EWSA Control Service;"C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe --> C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys --> C:\Windows\system32\DRIVERS\ggflt.sys [?]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\system32\DRIVERS\s0016bus.sys --> C:\Windows\system32\DRIVERS\s0016bus.sys [?]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0016mdfl.sys --> C:\Windows\system32\DRIVERS\s0016mdfl.sys [?]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0016mdm.sys --> C:\Windows\system32\DRIVERS\s0016mdm.sys [?]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0016mgmt.sys --> C:\Windows\system32\DRIVERS\s0016mgmt.sys [?]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\system32\DRIVERS\s0016nd5.sys --> C:\Windows\system32\DRIVERS\s0016nd5.sys [?]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0016obex.sys --> C:\Windows\system32\DRIVERS\s0016obex.sys [?]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\system32\DRIVERS\s0016unic.sys --> C:\Windows\system32\DRIVERS\s0016unic.sys [?]

S3 SRS_AE_Service;SRS Audio Essentials;C:\Windows\system32\drivers\SRS_AE_amd64.sys --> C:\Windows\system32\drivers\SRS_AE_amd64.sys [?]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader;C:\Windows\system32\DRIVERS\nordecr.sys --> C:\Windows\system32\DRIVERS\nordecr.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

.

=============== Created Last 30 ================

.

2012-09-28 08:19:06 -------- d-----w- C:\Users\Hemma\AppData\Local\MFAData

2012-09-28 08:19:06 -------- d-----w- C:\Users\Hemma\AppData\Local\Avg2013

2012-09-27 09:03:12 -------- d-----w- C:\Users\Hemma\AppData\Local\{C3525516-4182-48F9-865B-0C3E9683B28B}

2012-09-26 16:54:48 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-20 18:45:28 -------- d-----w- C:\Users\Hemma\AppData\Roaming\OpenOffice.org

2012-09-20 18:44:39 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-09-19 08:39:41 -------- d-----w- C:\Program Files (x86)\VSTPlugins

2012-09-19 08:16:06 -------- d-----w- C:\Program Files\Virtual Audio Cable

2012-09-14 07:29:13 -------- d-----w- C:\temp

2012-09-12 09:52:39 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 09:52:39 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 09:52:39 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 09:52:39 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 09:52:39 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 09:52:39 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 09:52:39 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-08 17:55:13 -------- d-----w- C:\Users\Hemma\AppData\Local\{95CA218A-2B10-4B3E-8DC8-40B7ECB8FB36}

2012-09-07 05:14:11 -------- d-----w- C:\Windows\SysWow64\spool

2012-09-07 05:13:03 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2012-09-05 10:57:58 -------- d-----w- C:\Users\Hemma\AppData\Local\{F2333843-75EE-429F-90F8-409D2AFB4653}

2012-09-05 10:57:35 -------- d-----w- C:\Users\Hemma\AppData\Local\{C3C13F66-B498-4337-9A86-879203F7B096}

2012-09-04 17:47:57 -------- d-----w- C:\Users\Hemma\.thumbnails

2012-09-04 17:22:17 -------- d-----w- C:\Users\Hemma\AppData\Local\fontconfig

2012-09-04 17:22:16 -------- d-----w- C:\Users\Hemma\AppData\Local\gegl-0.2

2012-09-04 17:22:16 -------- d-----w- C:\Users\Hemma\.gimp-2.8

2012-09-04 09:39:38 -------- d-----w- C:\Users\Hemma\AppData\Local\{CD81AD39-BAC2-40ED-AC7C-6606371D9436}

2012-08-30 08:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2012-09-20 21:52:09 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 21:52:09 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-30 18:14:22 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-08-30 16:18:05 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll

2012-08-28 18:24:56 477168 ------w- C:\Windows\SysWow64\npdeployJava1.dll

2012-08-28 18:24:53 473072 ------w- C:\Windows\SysWow64\deployJava1.dll

2012-08-24 13:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-07-26 01:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 15:25:21 31080 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-07-03 15:25:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-07-03 07:37:57 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

.

============= FINISH: 12:07:11,35 ===============

[/log]

28 september, 2012

Du får vänta på gudomliga Cecilia som är bäst på att läsa på dds filer. Rekommenderar att ladda ner Kasperskys tddskiller, de är bättre med rootkits.

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Ta inte bort något om den hittar något utan fråga på forumet och de ska bort eller inte, eftersom att felaktiga besluta kan leda till att datorn ger upp och krånglar bara mer.

28 september, 2012

Jag tycker det verkar vara ett falsklarm, alternativt att AVG bara informerar om att objektet är gömt (vilket i sig inte behöver innebära något skadligt). Det liknar http://forum.avast.com/index.php?topic=98594.0 delvis.

Några säkerhetsrekommendationer:

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är påslagen (och i Windows 7 även på en hög nivå):

Vista: Kontrollpanelen - Säkerhetscenter - Andra säkerhetsinställningar

Windows 7: Kontrollpanelen - System och säkerhet - Åtgärdscenter följt av UAC i vänsterkolumnen

Java 6 Update 22

Java 6 Update 35

Ovanstående är gamla programversioner med kända säkerhetshål, vilket gör det lätt att infektera datorn från en webbsida. Jag rekommenderar att du avinstallerar dem och bara installerar Java om du är säker på att du behöver det.

Låt Secunias Software Inspector kolla upp om där finns fler osäkra gamla programversioner i datorn. Den engelska sidan http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ beskriver hur man installerar och använder programmet.

Logga in

Problem med oidentifierat Rootkit

Rekommendera Poster

Techh4ck

Länk till kommentar

Dela på andra webbplatser

ePlay

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 43 gäster (Visa hela listan)

Populära medlemmar

Publika meddelanden

Senaste som Tittar

Senaste inlägg

Forum

Aktivitet

pcforalla.se