Gå til innhold

Hjelp! blir ikke kvitt spyware/virus

lolsann

Av lolsann
i IKT-drift og sikkerhet

Anbefalte innlegg

lolsann

lolsann

Skrevet
Skrevet

for en stund tilbake, var jeg dum nok til å laste ned avg-antivirus fra en upåliltelig side, så da jeg skulle installere programmet, merket jeg at noe var galt.

det var slett ikke noe fungerende antivirus, men et virus!

kort tid senere begynte det å hoppe opp vinduer i internet explorer, med reklamer for bla. zedo, brandarama osv.. popup blokkering hjelper ikke, annen nettleser hjelper ikke.

jeg har funnet filen (viruset eller hva det nå er) og det ligger i windows/system32/drivers/core.cache.dsk

denne filen lar seg ikke under noen omstendigheter slette.. når jeg har skannet med superantispyware, kommer det fram at det er den filen, og RootKit.TnCore/Trace ... dette blir jeg ikke kvitt!!! det er ufattelig plagsomt med alle de reklamene, er noen ganger opp til 10 stk, og jeg mistenker at de får nettet mitt til å klikke i tillegg

 

HJELP???

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
lolsann

lolsann

Skrevet
  • Forfatter
Skrevet
Kunne du ha postet en combofix-logg:

 

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt)

jo jeg har prøvd det, men det tar uendelig lang tid..

ca. hvor lang tid bør combofix ta egentlig? 160 gb hdd om det har noe å si

Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Uendelig lang tid bør det ikke ta. 15-30 min i verste fall.

 

Hvis det ikke fungerer, kunne du ha prøvd og kjørt combofix fra sikker modus (tapp F8 under oppstart, velg sikker modus). Hvis det heller ikke lar seg gjøre, si i fra, så bruker vi et annet prog. som gir nesten den samme loggen.

 

Vil tro problemet ditt er en 'rootkit-sak' som opptrer som en driver. Den må fjernes før du får slettet core.cache.dsk-fila

Lenke til kommentar
lolsann

lolsann

Skrevet
  • Forfatter
Skrevet (endret)

jeg fikk kjørt combofix i sikkermodus

det stod at programmet sletta en del ting, spesielt fra driver-mappa

core.cache.dsk ble også slettet

 

vet at combofix lager en logg, hvor ligger den?

 

edit: fant loggen

 

 

ComboFix 08-02.05.3 - xxxx 2008-02-14 18:53:00.1 - NTFSx86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1634 [GMT 1:00]

Running from: C:\Users\xxxx\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

C:\Users\xxxx\AppData\Roaming\inst.exe

C:\Windows\system32\drivers\BrSerIdd.sys

C:\Windows\system32\drivers\btwavdtt.sys

C:\Windows\system32\drivers\core.cache.dsk

C:\Windows\system32\drivers\kss.sys

C:\Windows\system32\drivers\qwavedrvv.sys

C:\Windows\system32\drivers\TVICHW322.sys

C:\Windows\system32\drivers\XAudioo.sys

 

----- BITS: Possible infected sites -----

 

hxxp://www.download.windowsupdate.com

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\LEGACY_BRSERIDD

-------\LEGACY_BTWAVDTT

-------\LEGACY_KSS

-------\LEGACY_QWAVEDRVV

-------\LEGACY_TVICHW322

-------\LEGACY_XAUDIOO

-------\BrSerIdd

-------\btwavdtt

-------\kss

-------\qwavedrvv

-------\TVICHW322

-------\XAudioo

 

 

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))

.

 

2008-02-14 18:26 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-02-12 21:47 . 2008-02-12 21:47 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-02-12 21:47 . 2008-02-12 21:47 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-02-12 21:45 . 2008-02-12 21:45 595,456 --a------ C:\Windows\System32\schedsvc.dll

2008-02-10 20:16 . 2008-02-10 20:17 <DIR> d-------- C:\Program Files\Java

2008-02-10 20:16 . 2008-02-10 20:16 <DIR> d-------- C:\Program Files\Common Files\Java

2008-02-10 19:26 . 2008-02-10 19:26 <DIR> d-------- C:\Users\xxxx\Program Files

2008-02-10 17:58 . 2008-02-10 17:58 <DIR> d-------- C:\Windows\System32\Kaspersky Lab

2008-02-10 17:21 . 2008-02-10 17:21 <DIR> d-------- C:\Program Files\Trend Micro

2008-02-08 18:20 . 2007-09-17 15:24 212,024 --a------ C:\Windows\System32\nscrnsav.scr

2008-02-05 20:25 . 2006-11-30 15:11 18,704 --a------ C:\Windows\System32\drivers\se46nd5.sys

2008-02-05 20:19 . 2006-11-30 15:11 90,800 --a------ C:\Windows\System32\drivers\se46unic.sys

2008-02-05 20:19 . 2006-11-30 15:11 4,128 --a------ C:\Windows\System32\drivers\se46cr.sys

2008-02-05 20:16 . 2006-11-30 15:11 88,624 --a------ C:\Windows\System32\drivers\se46mgmt.sys

2008-02-05 20:14 . 2006-11-30 15:11 86,432 --a------ C:\Windows\System32\drivers\se46obex.sys

2008-02-05 20:08 . 2006-11-30 15:11 97,088 --a------ C:\Windows\System32\drivers\se46mdm.sys

2008-02-05 20:08 . 2006-11-30 15:11 9,360 --a------ C:\Windows\System32\drivers\se46mdfl.sys

2008-02-05 20:08 . 2006-11-30 15:11 6,240 --a------ C:\Windows\System32\drivers\se46cmnt.sys

2008-02-05 20:08 . 2006-11-30 15:11 6,240 --a------ C:\Windows\System32\drivers\se46cm.sys

2008-02-05 20:06 . 2006-11-30 15:11 61,536 --a------ C:\Windows\System32\drivers\se46bus.sys

2008-02-05 20:06 . 2006-11-30 15:11 5,872 --a------ C:\Windows\System32\drivers\se46whnt.sys

2008-02-05 20:06 . 2006-11-30 15:11 5,872 --a------ C:\Windows\System32\drivers\se46wh.sys

2008-02-05 19:06 . 2008-02-05 19:06 <DIR> d-------- C:\Users\xxxx\AppData\Roaming\SUPERAntiSpyware.com

2008-02-05 19:06 . 2008-02-05 19:06 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-02-05 19:06 . 2008-02-05 19:06 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-02-05 19:06 . 2008-02-13 23:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-02-03 13:20 . 2008-02-03 13:20 <DIR> d-------- C:\Program Files\Nero

2008-02-03 12:55 . 2008-02-03 12:56 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-02-03 12:55 . 2008-02-03 12:56 <DIR> d-------- C:\ProgramData\Lavasoft

2008-02-03 12:55 . 2008-02-03 12:55 <DIR> d-------- C:\Program Files\Lavasoft

2008-02-03 12:53 . 2008-02-05 19:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-02-03 12:07 . 2008-02-03 12:15 <DIR> d-------- C:\Users\All Users\Grisoft

2008-02-03 12:07 . 2008-02-03 12:15 <DIR> d-------- C:\ProgramData\Grisoft

2008-02-03 01:08 . 2008-02-03 01:08 <DIR> d-------- C:\Users\Alma\AppData\Roaming\AVG7

2008-02-03 01:07 . 2008-02-03 12:11 <DIR> d-------- C:\Users\All Users\avg7

2008-02-03 01:07 . 2008-02-03 12:11 <DIR> d-------- C:\ProgramData\avg7

2008-02-02 23:41 . 2008-02-02 23:41 0 --a------ C:\Windows\System32\tviresource.val

2008-02-02 23:40 . 2008-02-02 23:40 <DIR> d-------- C:\Windows\TweakVI

2008-02-02 23:40 . 2008-02-03 11:05 <DIR> d-------- C:\Program Files\TweakVI

2008-02-02 23:24 . 2008-02-10 19:19 <DIR> d-------- C:\Program Files\IObit

2008-02-02 17:50 . 2008-02-02 17:50 <DIR> d-------- C:\Program Files\Rockstar Games

2008-01-26 23:29 . 2008-01-26 23:30 <DIR> d-------- C:\Program Files\Hotspot Shield

2008-01-26 17:47 . 2008-01-26 20:34 1,905 --a------ C:\Windows\diagwrn.xml

2008-01-26 17:47 . 2008-01-26 20:34 1,905 --a------ C:\Windows\diagerr.xml

2008-01-26 17:34 . 2008-01-26 17:34 <DIR> d--h----- C:\Windows\msdownld.tmp

2008-01-19 14:55 . 2007-09-06 09:45 19,000 --a------ C:\Windows\System32\drivers\nvcv32mf.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-14 18:00 --------- d-----w C:\Program Files\Norman

2008-02-14 17:41 --------- d-----w C:\Users\xxxx\AppData\Roaming\uTorrent

2008-02-13 21:57 --------- d-----w C:\ProgramData\Microsoft Help

2008-02-13 17:35 --------- d-----w C:\Users\xxxx\AppData\Roaming\LimeWire

2008-02-12 21:17 --------- d-----w C:\Program Files\DellTPad

2008-02-12 20:46 943,800 ----a-w C:\Windows\System32\winload.exe

2008-02-12 20:46 905,400 ----a-w C:\Windows\System32\winresume.exe

2008-02-12 20:46 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-12 20:46 613,888 ----a-w C:\Windows\System32\wpd_ci.dll

2008-02-12 20:46 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-12 20:46 558,080 ----a-w C:\Windows\System32\oleaut32.dll

2008-02-12 20:46 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-02-12 20:46 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-02-12 20:46 39,424 ----a-w C:\Windows\System32\lodctr.exe

2008-02-12 20:46 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-02-12 20:46 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-02-12 20:46 35,328 ----a-w C:\Windows\System32\dispci.dll

2008-02-12 20:46 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-02-12 20:46 32,256 ----a-w C:\Windows\System32\unlodctr.exe

2008-02-12 20:46 260,096 ----a-w C:\Windows\System32\dpx.dll

2008-02-12 20:46 23,552 ----a-w C:\Windows\System32\nshhttp.dll

2008-02-12 20:46 224,824 ----a-w C:\Windows\System32\clfs.sys

2008-02-12 20:46 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll

2008-02-12 20:46 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-02-12 20:46 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll

2008-02-12 20:46 17,408 ----a-w C:\Windows\System32\prflbmsg.dll

2008-02-12 20:46 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-02-12 20:46 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys

2008-02-12 20:46 12,800 ----a-w C:\Windows\System32\batt.dll

2008-02-12 20:46 115,200 ----a-w C:\Windows\System32\loadperf.dll

2008-02-12 20:46 101,888 ----a-w C:\Windows\System32\drvinst.exe

2008-02-12 20:46 1,585,664 ----a-w C:\Windows\System32\setupapi.dll

2008-02-12 20:42 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-12 20:42 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-12 20:42 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-12 20:42 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-12 20:42 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-12 20:42 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-12 20:42 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-12 20:42 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-12 20:42 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-12 20:42 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-12 20:42 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-12 20:42 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-12 20:42 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-12 20:42 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-12 20:42 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-12 20:42 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys

2008-02-12 20:42 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-12 20:42 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-12 20:39 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-12 20:39 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-12 20:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-12 20:39 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-11 21:25 27,240 ----a-w C:\Users\xxxx\AppData\Roaming\nvModes.dat

2008-02-11 20:47 --------- d-----w C:\Program Files\Common Files\Adobe

2008-02-10 14:40 --------- d-----w C:\Program Files\VSO

2008-02-10 14:39 47,360 ----a-w C:\Users\xxxx\AppData\Roaming\pcouffin.sys

2008-02-10 14:39 --------- d-----w C:\Users\xxx\AppData\Roaming\Vso

2008-02-09 11:11 --------- d-----w C:\ProgramData\CyberLink

2008-02-03 12:33 --------- d-----w C:\Program Files\Common Files\Nero

2008-02-03 12:21 --------- d-----w C:\ProgramData\Nero

2008-02-03 12:05 --------- d-----w C:\Users\xxxxx\AppData\Roaming\FMZilla

2008-02-03 10:13 --------- d-----w C:\Program Files\CCleaner

2008-02-02 17:14 --------- d-----w C:\Program Files\Electronic Arts

2008-02-02 16:50 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-01-26 16:21 --------- d-----w C:\Users\xxxx\AppData\Roaming\dvdcss

2008-01-26 16:21 --------- d-----w C:\Users\xxxx\AppData\Roaming\Azureus

2008-01-26 16:21 --------- d-----w C:\ProgramData\FLEXnet

2008-01-26 16:21 --------- d-----w C:\Program Files\ClipMagic

2008-01-26 16:21 --------- d-----w C:\Program Files\Bonjour

2008-01-26 14:32 --------- d-----w C:\ProgramData\Logitech

2008-01-16 16:01 --------- d-----w C:\Users\xxxx\AppData\Roaming\App Launcher Gadget

2008-01-14 15:50 --------- d-----w C:\Program Files\uTorrent

2008-01-13 19:24 --------- d-----w C:\ProgramData\WLInstaller

2008-01-12 16:16 --------- d-----w C:\Program Files\Windows Mail

2008-01-11 22:04 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys

2008-01-11 22:04 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys

2008-01-11 22:03 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-11 22:03 --------- d-----w C:\Program Files\Windows Sidebar

2008-01-11 16:14 --------- d-----w C:\Program Files\Google

2008-01-05 18:11 --------- d-----w C:\Program Files\EA GAMES

2008-01-05 17:30 --------- d-----w C:\Program Files\Stardock

2008-01-05 17:30 --------- d-----w C:\Program Files\Common Files\Stardock

2008-01-04 16:14 --------- d-----w C:\ProgramData\DVD Shrink

2008-01-04 16:14 --------- d-----w C:\Program Files\DVD Shrink

2008-01-03 16:45 --------- d-----w C:\Program Files\MediaMonkey

2008-01-02 13:35 --------- d-----w C:\ProgramData\vsosdk

2008-01-02 11:49 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-01-02 11:26 --------- d-----w C:\Program Files\Microsoft Works

2008-01-02 11:25 --------- d-----w C:\Program Files\MSBuild

2008-01-02 11:19 --------- d-----w C:\Program Files\Microsoft.NET

2008-01-01 21:46 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys

2008-01-01 19:11 --------- d-----w C:\Users\xxxx\AppData\Roaming\CyberLink

2008-01-01 18:33 --------- d-----w C:\Program Files\Gabest

2007-12-30 12:12 --------- d-----w C:\Users\xxxx\AppData\Roaming\MessengerGadget

2007-12-28 21:37 --------- d-----w C:\Program Files\Azureus

2007-12-24 14:10 --------- d-----w C:\Program Files\Uniblue

2007-12-24 14:04 --------- d-----w C:\Users\xxxx\AppData\Roaming\Uniblue

2007-12-24 13:47 --------- d-----w C:\Users\xxxx\AppData\Roaming\Ahead

2007-10-17 03:39 76 --sh--r C:\Windows\CT4CET.bin

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-17 12:17 1006264]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-05-11 07:57 159744]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 11:17 405504]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 16:10 184320]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-07-02 06:08 67584]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-06 23:56 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-06 23:56 8493600]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-06 23:56 81920]

"nwiz"="nwiz.exe" []

"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-12-17 14:37 273520]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-17 04:41:23 50688]

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-01 15:15:47 692224]

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-17 04:43:02 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

 

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R2 NVOY;Norman's Very Own supplY of resources;"C:\Program Files\Norman\npm\bin\nvoy.exe" [2008-01-22 15:04]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-29 06:24]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-11 08:00]

R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37]

R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13]

R3 NETw4v32;Intel® Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14]

R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2007-09-06 09:45]

R3 nvcoas;Norman Virus Control on-access component;"C:\Program Files\Norman\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]

R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Program Files\Norman\Npm\bin\NVCSCHED.EXE" [2007-09-18 11:41]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 06:54]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 06:55]

R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [2007-06-08 07:52]

S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\Windows\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]

S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]

S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]

S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]

S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\Windows\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]

S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]

S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\Windows\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-14 19:01:03

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Norman\Npm\Bin\eLogsvc.exe

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\STacSV.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\Norman\Npm\bin\NJEEVES.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Norman\Nvc\bin\cclaw.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2008-02-14 19:06:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-14 18:06:10

.

2008-02-14 17:36:22 --- E O F ---

Endret av lolsann
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

nice :thumbup:

 

Combofix tok alt, så vi slipper noen manuel fjerning.

 

Du kan avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start-kjør).

Dette fjerner programmet, backupmappe samt nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. systemgjenoppretting.

 

Fungerer ellers alt bare fint?

Lenke til kommentar
lolsann

lolsann

Skrevet
  • Forfatter
Skrevet
nice :thumbup:

 

Combofix tok alt, så vi slipper noen manuel fjerning.

 

Du kan avinstallere combofix ved å skrive combofix /u fra kjør-vinduet (start-kjør).

Dette fjerner programmet, backupmappe samt nullstiller systemgjenopprettingen slik at du ikke blir infisert ved en evt. systemgjenoppretting.

 

Fungerer ellers alt bare fint?

ja sletter combofix nå :D

alt fungerer helt toppers, merkelig nok er laptopen både kjappere, stillere og mye kjøligere også :D

takk for hjelpa :)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...