bjornawarjar Skrevet 11. juni 2009 Del Skrevet 11. juni 2009 Får melding fra Norman på en del klientpc-er at den finner et ukjent virus og har fjernet det. Navn: W32/Obfuscated.G!genr Googlet dette, men fant ikke stort med informasjon annet enn at det er en trojaner. Er det noen som vet hva dette viruset gjør? Lenke til kommentar
HannibalChopsticks Skrevet 11. juni 2009 Del Skrevet 11. juni 2009 (endret) Får melding fra Norman på en del klientpc-er at den finner et ukjent virus og har fjernet det. Navn: W32/Obfuscated.G!genr Googlet dette, men fant ikke stort med informasjon annet enn at det er en trojaner. Er det noen som vet hva dette viruset gjør? Hvis jeg ikke tar helt feil er det samme type som jeg har hatt tidligere. En trojaner som opptar virtuelt minne, og gjør at data ikke blir riktig i forhold til lagringsplass tilgjengelig. Men vil ikke si noe for sikkert. Men mye mulig. Det er såpass at en merker det om en tenker over det. [EDIT] Norman er forresten lite oppdatert på trojanere.. Oppdager ikke og kjenner ikke igjen det meget kjente sevhost.exe (av navn ligner svchost.exe), en trojaner som er helt forferdelig å ha med å gjøre. Endret 11. juni 2009 av DJ_Hidden Lenke til kommentar
bjornawarjar Skrevet 11. juni 2009 Forfatter Del Skrevet 11. juni 2009 Får melding fra Norman på en del klientpc-er at den finner et ukjent virus og har fjernet det. Navn: W32/Obfuscated.G!genr Googlet dette, men fant ikke stort med informasjon annet enn at det er en trojaner. Er det noen som vet hva dette viruset gjør? Hvis jeg ikke tar helt feil er det samme type som jeg har hatt tidligere. En trojaner som opptar virtuelt minne, og gjør at data ikke blir riktig i forhold til lagringsplass tilgjengelig. Men vil ikke si noe for sikkert. Men mye mulig. Det er såpass at en merker det om en tenker over det. [EDIT] Norman er forresten lite oppdatert på trojanere.. Oppdager ikke og kjenner ikke igjen det meget kjente sevhost.exe (av navn ligner svchost.exe), en trojaner som er helt forferdelig å ha med å gjøre. Må dette fjernes manuelt eller er det såpass enkelt å fjerne at Norman tar det når den finner det? Lenke til kommentar
dozer22 Skrevet 13. juni 2009 Del Skrevet 13. juni 2009 Får melding fra Norman på en del klientpc-er at den finner et ukjent virus og har fjernet det. Navn: W32/Obfuscated.G!genr Googlet dette, men fant ikke stort med informasjon annet enn at det er en trojaner. Er det noen som vet hva dette viruset gjør? Hvis jeg ikke tar helt feil er det samme type som jeg har hatt tidligere. En trojaner som opptar virtuelt minne, og gjør at data ikke blir riktig i forhold til lagringsplass tilgjengelig. Men vil ikke si noe for sikkert. Men mye mulig. Det er såpass at en merker det om en tenker over det. [EDIT] Norman er forresten lite oppdatert på trojanere.. Oppdager ikke og kjenner ikke igjen det meget kjente sevhost.exe (av navn ligner svchost.exe), en trojaner som er helt forferdelig å ha med å gjøre. Må dette fjernes manuelt eller er det såpass enkelt å fjerne at Norman tar det når den finner det? Dersom Norton sier at det har fjernet viruset så trenger du ikke gjøre noe mer. Scan for sikkerhetsskyld en gang til for å være sikker Lenke til kommentar
HannibalChopsticks Skrevet 14. juni 2009 Del Skrevet 14. juni 2009 Må dette fjernes manuelt eller er det såpass enkelt å fjerne at Norman tar det når den finner det? Mest sannsynlig må det fjernes manuelt. Og i tillegg er det alltid det sikreste. Lenke til kommentar
Tosha0007 Skrevet 14. juni 2009 Del Skrevet 14. juni 2009 Køyr gjennom veiledninga så skal me hjelpe deg å sjå om du har virus. Post logger her i din eigen tråd. Lenke til kommentar
bjornawarjar Skrevet 17. juni 2009 Forfatter Del Skrevet 17. juni 2009 Logger fra skanning Combofix: ComboFix 09-06-16.05 - bda008 17.06.2009 11:23.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2002.1248 [GMT 2:00] Kjører fra: c:\documents and settings\bda008\Mine dokumenter\ComboFix.exe AV: Norman Virus Control ver. 5.99 *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\IoctlSvc.exe c:\windows\system32\mdm.exe ----- BITS: Mulige infiserte sider ----- hxxp://sus-olivia . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PLFlash_DeviceIoControl_Service -------\Service_PLFlash DeviceIoControl Service ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-17 til 2009-06-17 ))))))))))))))))))))))))))))))))) . 2009-06-17 09:12 . 2009-06-17 09:12 -------- d-----w- c:\documents and settings\bda008\Programdata\Malwarebytes 2009-06-17 09:12 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:12 . 2009-06-17 09:12 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-06-17 09:12 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-17 09:12 . 2009-06-17 09:12 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-06-11 11:18 . 2009-06-11 11:18 167376 ----a-w- c:\documents and settings\bda008\Programdata\Mozilla\Firefox\Profiles\qzexmpic.default\FlashGot.exe 2009-06-11 11:04 . 2009-06-11 11:04 0 ----a-w- c:\windows\nsreg.dat 2009-06-11 11:04 . 2009-06-11 11:04 -------- d-----w- c:\documents and settings\bda008\Lokale innstillinger\Programdata\Mozilla 2009-06-11 10:49 . 2009-06-11 10:49 -------- d-----w- C:\Downloaded Videos 2009-06-11 10:48 . 2000-07-15 04:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2009-06-11 10:43 . 2009-06-11 10:43 -------- d-----w- c:\documents and settings\bda008\Programdata\Oksima Plus s.r.o 2009-06-10 05:35 . 2009-04-30 21:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 05:35 . 2009-04-30 21:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 05:35 . 2009-05-07 15:34 346112 -c----w- c:\windows\system32\dllcache\localspl.dll 2009-06-10 05:35 . 2009-04-15 14:55 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll 2009-05-26 07:08 . 2009-05-26 07:08 -------- d-----w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Google 2009-05-26 07:08 . 2009-05-26 07:20 -------- d-----w- c:\documents and settings\bda008\Lokale innstillinger\Programdata\Google 2009-05-26 07:07 . 2009-05-26 07:08 -------- d-----w- c:\documents and settings\All Users\Programdata\Google Updater 2009-05-26 07:07 . 2009-05-26 07:09 -------- d-----w- c:\programfiler\Google 2009-05-20 12:16 . 2009-05-20 12:20 -------- d-----w- c:\documents and settings\bda008\Programdata\vlc 2009-05-20 12:08 . 2009-05-20 12:08 -------- d-----w- c:\programfiler\VideoLAN 2009-05-20 11:07 . 2008-04-14 16:22 26624 ----a-w- c:\documents and settings\LocalService\Programdata\Microsoft\UPnP Device Host\upnphost\udhisapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-17 09:27 . 2009-03-09 11:51 -------- d-----w- c:\programfiler\Norman 2009-06-11 08:28 . 2009-03-10 08:05 -------- d-----w- c:\programfiler\NET6 2009-06-11 08:12 . 2009-04-30 07:04 117760 ----a-w- c:\documents and settings\bda008\Programdata\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-11 08:12 . 2009-04-30 07:03 -------- d-----w- c:\programfiler\SUPERAntiSpyware 2009-05-18 08:25 . 2009-05-18 08:25 -------- d-----w- c:\programfiler\Fellesfiler\PCSuite 2009-05-18 08:25 . 2009-05-18 08:25 -------- d-----w- c:\programfiler\Fellesfiler\Nokia 2009-05-18 08:25 . 2009-05-18 06:57 -------- d-----w- c:\programfiler\Nokia 2009-05-18 08:15 . 2009-05-18 08:24 33731296 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng_us_web.exe 2009-05-18 07:05 . 2009-05-18 07:05 -------- d-----w- c:\documents and settings\bda008\Programdata\Nokia 2009-05-18 07:05 . 2009-05-18 07:05 -------- d-----w- c:\documents and settings\bda008\Programdata\PC Suite 2009-05-18 07:05 . 2009-05-18 07:05 -------- d-----w- c:\documents and settings\All Users\Programdata\PC Suite 2009-05-18 06:58 . 2009-05-18 06:58 -------- d-----w- c:\programfiler\PC Connectivity Solution 2009-05-18 06:56 . 2009-05-18 06:56 8192 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe 2009-05-18 06:56 . 2009-05-18 06:56 61440 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-05-18 06:56 . 2009-05-18 06:56 10240 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe 2009-05-18 06:56 . 2009-05-18 06:56 -------- d-----w- c:\documents and settings\All Users\Programdata\Installations 2009-05-18 06:56 . 2009-05-18 06:57 34143976 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_nor_web.exe 2009-05-13 05:41 . 2009-05-12 11:14 -------- d-----w- c:\programfiler\DAEMON Tools Lite 2009-05-13 05:06 . 2005-03-21 14:49 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 11:14 . 2009-05-12 11:08 -------- d-----w- c:\documents and settings\bda008\Programdata\DAEMON Tools Lite 2009-05-12 11:14 . 2009-05-12 11:14 -------- d-----w- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2009-05-12 11:14 . 2009-05-12 11:14 -------- d-----w- c:\programfiler\DAEMON Tools Toolbar 2009-05-12 11:08 . 2009-05-12 11:08 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-11 12:10 . 2009-04-17 08:18 152576 ----a-w- c:\documents and settings\bda008\Programdata\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-11 10:05 . 2009-03-10 11:51 -------- d-----w- c:\documents and settings\bda008\Programdata\Sierra Wireless 2009-05-07 15:34 . 2005-03-21 14:42 346112 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 12:27 . 2009-05-08 06:19 -------- d-----w- c:\documents and settings\bda008\Programdata\NET6 2009-05-06 08:11 . 2009-05-06 08:02 -------- d-----w- c:\documents and settings\bda008\Programdata\ICAClient 2009-05-06 07:53 . 2009-05-06 07:53 -------- d-----w- c:\programfiler\Citrix 2009-04-30 07:03 . 2009-04-30 07:03 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-04-30 07:03 . 2009-04-30 07:03 -------- d-----w- c:\documents and settings\bda008\Programdata\SUPERAntiSpyware.com 2009-04-30 07:02 . 2009-04-30 07:02 -------- d-----w- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-04-29 13:48 . 2009-04-29 13:48 -------- d-----w- c:\programfiler\Microsoft CAPICOM 2.1.0.2 2009-04-29 07:37 . 2009-04-29 07:37 -------- d-----w- c:\documents and settings\bda008\Programdata\IsolatedStorage 2009-04-29 06:57 . 2009-04-29 06:52 -------- d-----w- c:\documents and settings\All Users\Programdata\Symantec 2009-04-22 07:56 . 2009-03-12 12:43 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-04-22 07:56 . 2009-04-22 07:56 64160 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-04-22 07:56 . 2009-03-12 08:29 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-04-19 19:51 . 2005-03-21 14:48 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-17 08:19 . 2005-03-21 14:45 80036 ----a-w- c:\windows\system32\perfc014.dat 2009-04-17 08:19 . 2005-03-21 14:45 444582 ----a-w- c:\windows\system32\perfh014.dat 2009-04-15 14:55 . 2005-03-21 14:46 585216 ----a-w- c:\windows\system32\rpcrt4.dll 1999-03-29 16:31 . 1999-03-29 16:31 99840 ----a-w- c:\programfiler\Fellesfiler\IRAABOUT.DLL 1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\programfiler\Fellesfiler\IRAMDMTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\programfiler\Fellesfiler\IRALPTTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\programfiler\Fellesfiler\IRAWEBTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\programfiler\Fellesfiler\IRAREG.DLL 1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\programfiler\Fellesfiler\IRASRIAL.DLL . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-26 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-31 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-31 150040] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1040384] "WatcherHelper"="c:\programfiler\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-01-30 120088] "IndicatorUtility"="c:\programfiler\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-04-20 90112] "LoadFUJ02E3"="c:\programfiler\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-01-31 88616] "LoadFujitsuQuickTouch"="c:\addon\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-21 353792] "LoadBtnHnd"="c:\programfiler\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-21 61440] "PSUtility"="c:\addon\Fujitsu\PSUtility\TrayManager.exe" [2008-02-05 118784] "TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400] "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-28 233472] "Norman ZANDA"="c:\programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "NeroFilterCheck"="c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe" [2008-03-25 570664] "NBKeyScan"="c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352] "ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-28 518488] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-06-13 16871936] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2006-05-04 2808832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Bluetooth Manager.lnk - c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-3-14 2938184] InterVideo WinCinema Manager.lnk - c:\programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-3-9 278528] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] Symantec Fax Starter Edition Port.lnk - c:\programfiler\Microsoft Office\Office\1044\OLFSNT40.EXE [1999-3-29 45568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PSUTY] 2008-02-11 16:47 32768 ----a-r- c:\windows\system32\PSUWNP.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "<NO NAME>"= "c:\\Programfiler\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\NET6\\net6vpn.exe"= "c:\\Programfiler\\InterVideo\\DVD7\\WinDVD.exe"= R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [09.03.2009 13:12 7168] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.03.2009 10:29 64160] R1 NGS;Norman General Security Driver;c:\programfiler\Norman\NVC\bin\ngs.sys [09.03.2009 13:54 22712] R1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\sasdifsv.sys [23.03.2009 14:07 9968] R1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.SYS [23.03.2009 14:07 72944] R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [09.03.2009 13:51 20448] R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 20:19 13592] R2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [09.10.2008 11:25 62760] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [09.03.2009 13:07 476672] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [09.03.2009 13:01 4864] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [09.03.2009 13:01 41216] R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [10.03.2009 13:20 49008] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [20.05.2009 12:31 310328] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [09.03.2009 13:51 19512] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\NVC\bin\Nvcoas.exe [09.03.2009 13:51 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\NVC\bin\Nvcsched.exe [09.03.2009 13:51 146488] R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [09.03.2009 13:06 43808] S2 gupdate1c9ddd0c8a4671b;Googles oppdateringstjeneste (gupdate1c9ddd0c8a4671b);c:\programfiler\Google\Update\GoogleUpdate.exe [26.05.2009 09:08 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1005904] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [23.03.2009 14:07 7408] S3 SWNC8U3C;Sierra Wireless MUX NDIS Driver (UMTS3C);c:\windows\system32\drivers\swnc8u3C.sys [09.03.2009 13:01 165248] S3 SWUMX3C;Sierra Wireless USB MUX Driver (UMTS3C);c:\windows\system32\drivers\swumx3C.sys [09.03.2009 13:01 142976] S3 vm331avs;USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [17.11.2008 01:00 976896] S3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [09.03.2009 13:01 475136] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - mchInjDrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:29] 2009-06-17 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-26 07:07] 2009-06-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2009-05-26 07:08] 2009-06-17 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-AirCardEnabler - (no file) . ------- Tilleggsskanning ------- . FF - ProfilePath - c:\documents and settings\bda008\Programdata\Mozilla\Firefox\Profiles\qzexmpic.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.sol.no FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\programfiler\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll FF - plugin: c:\programfiler\Google\Update\1.2.145.5\npGoogleOneClick8.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-17 12:16 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1332) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\PSUWNP.dll - - - - - - - > 'explorer.exe'(2388) c:\programfiler\Norman\nvc\bin\Niphk.dll c:\windows\system32\webcheck.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\programfiler\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\programfiler\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\programfiler\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr c:\programfiler\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Norman\Npm\Bin\eLogsvc.exe c:\programfiler\Norman\Npm\Bin\Zanda.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\o2flash.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\programfiler\Norman\Npm\Bin\Njeeves.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\igfxsrvc.exe c:\programfiler\Norman\NVC\bin\Nip.exe c:\programfiler\Norman\NVC\bin\CClaw.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe . ************************************************************************** . Tidspunkt ferdig: 2009-06-17 12:20 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-06-17 10:20 Pre-Run: 147 306 090 496 byte ledig Post-Run: 147 374 858 240 byte ledig 250 --- E O F --- 2009-06-16 08:46 Mbam: Malwarebytes' Anti-Malware 1.37 Databaseversjon: 2295 Windows 5.1.2600 Service Pack 3 17.06.2009 11:17:36 mbam-log-2009-06-17 (11-17-36).txt Skanntype: Rask Skann Objekter skannet: 110876 Tid tilbakelagt: 4 minute(s), 10 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå