Gå til innhold

[Løst By Norbat]Trenger hjelp til fjerning av virus! <Backdoor.Bifrosse>


Anbefalte innlegg

Hey! :D

 

Jeg lastet ned noe dritt fra BitTorrent som jeg fort fant ut var noe galt med. Jeg tokk et søk med norton igår å fant <Backdoor.Bifrosse> den ble jo satt i karantene, Men vill gjerne få bort dette drittet. Hva gjør dette viruset? Keylogger?

Er den bare der? eller sprer den seg rundt og herper opp for folk?

lurer på om dette viruset kopierer opp filer? syns det har blitt litt mer filer i det siste.

hva slags virus er det som kopierer opp filer å fyller opp data'n med samme dritt?

 

Noen som kan gi meg en guide får å få fjernet dette viruset?

 

Takk på forhånd!

Endret av tghp
Lenke til kommentar
Videoannonse
Annonse
Last ned HijackThis legg i egen mappe på skrivebordet.

Start programmet og velg "Trykk scan og save log" .

Loggfilen kopierer du og limer inn i posten din.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:19:30, on 04.03.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

D:\Microsoft.com\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\Programfiler\iTunes\iTunesHelper.exe

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

C:\Programfiler\Windows Media Player\WMPNSCFG.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\Programfiler\Windows Media Player\wmplayer.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe

C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\iexplore.exe

D:\Hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton\osCheck.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programfiler\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138020578359

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Microsoft.com\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 7714 bytes

Lenke til kommentar

Jeg sjekket denne loggen også på HijackThis.de Som skal sjekke loggen for deg. Og fant ikke noe mistenksomt, Untatt en fil som det var noe feil med. Denne filen var det noen små ting som manglet, Blant annet Registry og en <Dll> Fil. Tror ikke dette er stort å bekymre seg over.

 

Men alikevel bekymrer jeg meg å vil gjerne fjerne alt av dette vekk!

 

Viss dere vet hva backdoor.Bifrosse gjør så skriv vis dere føler for det. Tror jeg har virus så det holder så fjerning av dette ville vært genialt. :thumbup: :thumbup:

 

Takk viss dere tar en titt, Eller setter opp en annen guide som kan fjerne alt (Vis det er)

Endret av Skagen
Fjernet redundant info etter fletting av tråder.
Lenke til kommentar

Hvis ikke jeg er helt på jordet nå, noe det kan hende jeg er, så er viruset laget av programmet Bifrost, og der har skaperen av viruset mulighet til å slette alle filer på pc-en din, ta full kontroll over systemet ditt, keylogge deg, endre passorda dine og you name it. Men om du ikke finner noen infiserte filer med HijackThis, så regner jeg med alt er OK. :)

Lenke til kommentar

Du ha nevnt at Norton har satt 'viruset' i karantene. Den er derfor ufarlig. Sletter du fila fra karantene, fjerner du den fra PC-en. Hvis du kjører en ny scan med Norton uten å finne noe, så betyr det at du ikke trenger å bekymre det for om du fortsatt har 'virus'.

Lenke til kommentar
Du ha nevnt at Norton har satt 'viruset' i karantene. Den er derfor ufarlig. Sletter du fila fra karantene, fjerner du den fra PC-en. Hvis du kjører en ny scan med Norton uten å finne noe, så betyr det at du ikke trenger å bekymre det for om du fortsatt har 'virus'.

 

Mente Isolasjon :p

Lenke til kommentar
Hvilken onlinescanner og hvilke type filer ble funnet (cookies e.l)?

 

nå har jeg glemt hvilken scanner det var, men er ganske sikker på at disse filene var virus, lastet jo ned noen programvarer med crack, eller Keygen. Disse filene ble det funnet virus på.

Lenke til kommentar
Ok,

kjør gjennom veilednigen, så ser vi hva som bør gjøres videre.

 

Har fulgt alle tingen på guiden nå, den fant ingen ting (Tror jeg)

Combolog:

 

 

ComboFix 08-03-04.2 - Torgeir 2008-03-05 18:41:47.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.292 [GMT 2:00]

Running from: D:\spytbots programs\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))

.

 

2008-03-05 18:02 . 2004-08-04 21:00 388,096 --a------ C:\CF24938.exe

2008-03-05 17:52 . 2008-03-05 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-03-05 17:27 . 2008-03-05 17:27 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\SUPERAntiSpyware.com

2008-03-05 17:27 . 2008-03-05 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-03-05 17:25 . 2008-03-05 17:25 <DIR> dr-h----- C:\Documents and Settings\Torgeir\Siste

2008-03-04 21:36 . 2008-03-04 21:36 <DIR> d-------- C:\WINDOWS\LastGood

2008-03-04 21:19 . 2008-03-04 21:48 <DIR> d-------- C:\Documents and Settings\Torgeir\.housecall6.6

2008-03-04 20:43 . 2008-03-04 22:19 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2008-03-04 18:35 . 2008-03-04 18:35 <DIR> d-------- C:\Programfiler\vixy.net

2008-03-04 15:29 . 2008-03-04 15:29 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-03-04 15:29 . 2008-03-04 15:29 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-03-04 15:28 . 2008-03-04 15:28 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-03-04 14:17 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-04 14:17 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-04 14:17 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-03 22:56 . 2008-03-03 23:09 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

2008-03-03 22:56 . 2008-03-03 22:56 <DIR> d-------- C:\Programfiler\Hewlett-Packard

2008-03-03 22:56 . 2008-03-03 23:30 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-03-03 19:59 . 2008-03-03 19:59 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.3

2008-03-03 19:55 . 2008-03-05 16:08 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-03-03 19:43 . 2008-03-03 19:54 <DIR> d-------- C:\Programfiler\Microsoft SQL Server

2008-03-03 19:37 . 2008-03-03 19:37 <DIR> d-------- C:\Programfiler\Microsoft Synchronization Services

2008-03-03 19:37 . 2008-03-03 19:37 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition

2008-03-03 19:27 . 2008-03-03 19:50 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-03-03 18:34 . 2008-03-03 18:34 <DIR> d-------- C:\Programfiler\Microsoft SDKs

2008-03-03 18:34 . 2008-03-03 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-03-03 18:32 . 2008-03-03 18:32 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-03-03 18:32 . 2008-03-03 18:32 <DIR> d-------- C:\Programfiler\Reference Assemblies

2008-03-03 18:32 . 2008-03-03 18:32 <DIR> d-------- C:\Programfiler\MSBuild

2008-03-03 18:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-03-03 18:30 . 2008-03-03 18:30 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\vlc

2008-03-03 18:28 . 2008-03-03 18:28 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-03-03 18:17 . 2008-03-03 18:17 <DIR> d--h----- C:\WINDOWS\PIF

2008-03-03 17:58 . 2008-03-04 22:00 <DIR> d-------- C:\Programfiler\Image-Line

2008-03-03 17:58 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-03-03 17:58 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-03-03 17:47 . 2008-03-03 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-03-03 17:46 . 2008-03-05 17:27 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-03-03 17:45 . 2008-03-03 17:45 <DIR> d-------- C:\Documents and Settings\Torgeir\Contacts

2008-03-03 17:32 . 2008-03-03 17:32 <DIR> d-------- C:\Programfiler\MSN Messenger

2008-03-03 17:26 . 2004-08-04 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-03-03 17:24 . 2008-03-03 17:24 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-03-03 17:24 . 2008-03-03 17:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-03-03 17:16 . 2008-03-03 17:16 <DIR> d-------- C:\WINDOWS\Sun

2008-03-03 17:14 . 2008-03-04 22:01 <DIR> d-------- C:\Programfiler\Google

2008-03-03 17:14 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-03 17:13 . 2008-03-03 17:14 <DIR> d-------- C:\Programfiler\Java

2008-03-03 17:12 . 2008-03-03 17:12 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-03-03 16:50 . 2008-03-03 16:50 <DIR> d-------- C:\Programfiler\microsoft

2008-03-03 16:43 . 2008-03-03 16:43 <DIR> d-------- C:\Programfiler\iPod

2008-03-03 16:43 . 2008-03-04 15:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-03 16:43 . 2008-03-03 16:43 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-03 16:42 . 2008-03-03 16:42 <DIR> d-------- C:\Programfiler\QuickTime

2008-03-03 16:42 . 2008-03-03 16:43 <DIR> d-------- C:\Programfiler\iTunes

2008-03-03 16:42 . 2008-03-03 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-03-03 16:41 . 2008-03-03 17:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-03-03 16:41 . 2008-03-03 16:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-03-03 16:40 . 2008-03-03 16:40 <DIR> d-------- C:\Programfiler\AliveMedia

2008-03-03 16:39 . 2008-03-03 16:39 <DIR> d-------- C:\Programfiler\Safari

2008-03-03 16:39 . 2008-03-03 16:39 <DIR> d-------- C:\Programfiler\Bonjour

2008-03-03 16:39 . 2008-03-03 16:39 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-03-03 16:39 . 2008-03-03 16:43 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\Apple Computer

2008-03-03 16:39 . 2008-03-03 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-03-03 16:33 . 2008-03-03 16:40 <DIR> d-------- C:\Programfiler\Itune

2008-03-03 16:32 . 2008-03-03 16:32 <DIR> d-------- C:\Programfiler\Windows Live

2008-03-03 16:32 . 2008-03-03 16:32 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-03-03 16:31 . 2008-03-03 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-03-03 16:28 . 2004-03-16 10:58 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2008-03-03 16:27 . 2004-08-04 01:08 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys

2008-03-03 16:27 . 2004-08-04 03:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2008-03-03 16:27 . 2004-08-04 01:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys

2008-03-03 16:27 . 2004-08-04 01:07 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS

2008-03-03 16:27 . 2004-08-04 01:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys

2008-03-03 16:27 . 2004-08-04 01:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys

2008-03-03 16:27 . 2004-08-04 03:03 7,168 --a------ C:\WINDOWS\system32\hccoin.dll

2008-03-03 15:21 . 2008-03-03 15:21 <DIR> d-------- C:\Documents and Settings\Torgeir\Programdata\Symantec

2008-03-03 15:20 . 2008-03-03 15:20 <DIR> d-------- C:\Programfiler\Windows Sidebar

2008-03-03 15:19 . 2008-03-03 15:28 <DIR> d-------- C:\Programfiler\Symantec

2008-03-03 15:19 . 2008-03-05 15:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Symantec

2008-03-03 15:19 . 2008-03-03 15:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-03-03 15:19 . 2008-03-03 15:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-03-03 15:19 . 2008-03-03 15:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-03-03 15:19 . 2008-03-03 15:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-03-03 15:16 . 2008-03-05 18:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Symantec Shared

2008-03-03 14:51 . 2008-03-03 17:09 <DIR> d-------- C:\Programfiler\Norton

2008-03-03 14:44 . 2008-03-03 14:44 <DIR> d--h----- C:\Documents and Settings\Torgeir\AndrMask

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> dr-h----- C:\WINDOWS\system32\config\systemprofile\Siste

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Mine dokumenter

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> dr------- C:\WINDOWS\system32\config\systemprofile\Favoritter

2008-03-03 14:43 . 2008-03-03 14:43 <DIR> d-------- C:\SYSPREP

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> d--hs---- C:\Documents and Settings\Torgeir\UserData

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> dr------- C:\Documents and Settings\Torgeir\Start-meny

2008-03-03 14:43 . 2008-03-05 17:52 <DIR> d-------- C:\Documents and Settings\Torgeir\Skrivebord

2008-03-03 14:43 . 2008-03-05 17:27 <DIR> dr-h----- C:\Documents and Settings\Torgeir\Programdata

2008-03-03 14:43 . 2008-03-05 16:28 <DIR> dr------- C:\Documents and Settings\Torgeir\Mine dokumenter

2008-03-03 14:43 . 2008-03-03 23:22 <DIR> d--h----- C:\Documents and Settings\Torgeir\Maler

2008-03-03 14:43 . 2008-03-03 19:05 <DIR> d--h----- C:\Documents and Settings\Torgeir\Lokale innstillinger

2008-03-03 14:43 . 2008-03-03 15:13 <DIR> dr------- C:\Documents and Settings\Torgeir\Favoritter

2008-03-03 14:42 . 2008-03-03 14:42 12,646 --a------ C:\WINDOWS\system32\wpa.bak

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-04 23:22 --------- d-----w C:\Documents and Settings\Torgeir\Programdata\OpenOffice.org2

2008-03-03 21:30 --------- d-----w C:\Programfiler\VIA

2008-03-03 21:22 --------- d-----w C:\Programfiler\HighMAT CD Writing Wizard

2008-03-03 21:22 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-03-03 21:22 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-03-03 21:09 --------- d-----w C:\Programfiler\Realtek

2008-03-03 15:26 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-01-15 07:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-01-15 03:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-01-12 16:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2007-12-14 09:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-25 05:51 316784 --a------ C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-03-03 15:26 116088 --a------ C:\PROGRA~1\FELLES~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-25 05:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]

"SUPERAntiSpyware"="D:\Ting\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

"SpybotSD TeaTimer"="D:\spytbots programs\SDD\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2006-04-07 10:45 53248 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\S3Trayp.exe]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"osCheck"="C:\Programfiler\Norton\osCheck.exe" [2007-08-25 06:53 714608]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 09:34 16143872 C:\WINDOWS\RTHDCPL.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 21:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Ting\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

D:\Ting\SASWINLO.dll 2007-04-19 12:41 294912 D:\Ting\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

 

R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 01:07]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R2 SQLWriter;SQL Server VSS Writer;"C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]

R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-05-22 19:42]

R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-10 02:27]

 

*Newly Created Service* - COMHOST

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

Contents of the 'Scheduled Tasks' folder

"2008-03-03 14:39:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2008-03-03 18:00:04 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør full systemskanning - Torgeir.job"

- C:\Programfiler\Norton\Norton AntiVirus\Navw32.exec/TASK:

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-05 18:43:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-03-05 18:43:33

.

2008-03-04 12:49:14 --- E O F ---

Lenke til kommentar
Loggen viser ingen infiserte filer, så jeg tror ikke at PC-en har virus lengre.

Er det noe som tilsier at du fortsatt har ett eller annet på PC-en?

 

Nei, Tror jeg er ganske "Clean" nå ja. Men merket noe nå som er helt jævlig, Nesten verre en virusene selv..

 

JEG HAR MISTA ALL MUSIKKEN !!!!!!!

FAEN JEG HADDE JO HELVETE ME 4000SANGER!!!

 

lol..

 

Tror det kan være spybotene eller et eller annet???????

 

Noen måte å få tilbake dette på?????

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...