[Løst][LØST] Sliter med Qhost trojan som er vrien og få bort [LØST]

[Znoken]

Noen som kan gi meg tips om hvordan jeg skal bli kvitt Qhost trojan....Har prøvd og scanne med Nod32, Superantispyware, CounterSpy, Ad-aware og Spyware Doctor pluss at jeg har kjørt CCleaner og sikkert mye annet også....Har scannet i både sikkermodus og vanlig....Håper og slippe med formatering...Legger ved combo og hijack this loggene....Håper noen vet hvordan man blir kvitt svineriet....

 

Logfile of HijackThis v1.99.1

Scan saved at 18:18:01, on 22.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

F:\o---= Programs 2007 =---o\hijackthis_199\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210707139296

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210709745984

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: LBTWlgn - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe

 

 

 

 

 

 

ComboFix 08-05-21.2 - Einar 2008-05-22 18:14:51.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2579 [GMT 2:00]

Running from: C:\Documents and Settings\Einar\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

 

2008-05-22 18:11 . 2008-05-22 18:11 <DIR> dr-h----- C:\Documents and Settings\Einar\Siste

2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d-------- C:\Programfiler\CCleaner

2008-05-22 07:37 . 2008-05-22 07:37 <DIR> d-------- C:\Programfiler\Lavasoft

2008-05-21 21:56 . 2008-05-21 22:10 <DIR> d-------- C:\Programfiler\Spyware Doctor

2008-05-21 21:56 . 2008-05-21 21:56 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\PC Tools

2008-05-21 21:56 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-21 21:56 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-21 21:56 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-21 21:56 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-21 19:09 . 2008-05-21 19:10 <DIR> d-------- C:\Programfiler\Trojan Guarder Gold Version

2008-05-21 16:23 . 2008-05-21 16:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-05-21 12:09 . 2008-05-21 12:09 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-05-21 08:17 . 2008-05-21 08:17 0 --a------ C:\WINDOWS\system32\SBRC.dat

2008-05-21 08:17 . 2008-05-21 08:17 0 --a------ C:\WINDOWS\system32\SBFC.dat

2008-05-21 08:02 . 2008-05-21 08:02 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Sunbelt Software

2008-05-21 08:02 . 2008-05-21 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sunbelt Software

2008-05-21 08:01 . 2008-05-21 08:01 <DIR> d-------- C:\Programfiler\Sunbelt Software

2008-05-21 07:31 . 2008-05-21 07:38 396 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-20 21:17 . 2008-05-20 21:17 1,733 --a------ C:\WINDOWS\TSearch.INI

2008-05-18 22:19 . 2008-05-18 22:22 <DIR> d-------- C:\Programfiler\XoftSpy

2008-05-18 20:57 . 2008-05-18 20:57 18,176 --a------ C:\WINDOWS\rundll32.vbe

2008-05-18 20:45 . 2001-10-09 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-18 20:44 . 2008-05-18 20:44 4 --a------ C:\WINDOWS\system32\hljwugsf.bin

2008-05-18 12:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-05-17 17:32 . 2008-05-19 20:40 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-17 17:28 . 2008-05-17 17:28 <DIR> d-------- C:\Programfiler\NeroInstall.bak

2008-05-17 17:27 . 2008-05-17 17:27 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Nero

2008-05-17 17:25 . 2008-05-17 17:25 <DIR> d-------- C:\Programfiler\Nero

2008-05-17 17:25 . 2008-05-17 17:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero

2008-05-17 17:25 . 2008-05-17 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero

2008-05-16 13:26 . 2008-05-16 13:26 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Media Player Classic

2008-05-16 12:32 . 2008-05-16 16:54 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-05-16 12:32 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-05-14 22:10 . 2008-05-20 21:13 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-14 22:10 . 2008-05-14 22:10 22,328 --a------ C:\Documents and Settings\Einar\Programdata\PnkBstrK.sys

2008-05-14 22:09 . 2008-05-14 22:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-14 22:09 . 2008-05-20 21:13 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-05-14 22:09 . 2008-05-14 22:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-05-14 22:09 . 2008-05-14 22:09 317 --a------ C:\WINDOWS\game.ini

2008-05-14 21:58 . 2008-05-14 21:58 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-05-14 21:39 . 2008-05-20 17:26 <DIR> d-------- C:\Programfiler\Steam

2008-05-13 23:12 . 2008-05-14 00:16 <DIR> d-------- C:\Programfiler\TPTEST5

2008-05-13 23:07 . 2008-05-22 07:38 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\uTorrent

2008-05-13 23:03 . 2008-05-13 23:09 <DIR> d-------- C:\Programfiler\uTorrent

2008-05-13 21:54 . 2008-05-13 21:55 <DIR> d-------- C:\Programfiler\Windows Live

2008-05-13 21:50 . 2008-05-13 21:54 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-13 21:50 . 2008-05-13 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-05-13 21:47 . 2008-05-13 21:54 <DIR> d-------- C:\Documents and Settings\Einar\Contacts

2008-05-13 21:46 . 2008-05-13 21:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-13 21:38 . 2004-11-15 19:02 258,048 --a------ C:\WINDOWS\system32\cmdiag.cpl

2008-05-13 21:37 . 2008-05-13 21:37 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-05-13 21:37 . 2008-05-13 21:41 <DIR> d-------- C:\Programfiler\Your Uninstaller 2008

2008-05-13 21:37 . 2008-05-13 21:37 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\URSoft

2008-05-13 21:37 . 2008-05-22 07:45 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-05-13 21:36 . 2008-05-13 21:40 <DIR> d-------- C:\Programfiler\Unlocker

2008-05-13 21:36 . 2008-05-13 21:36 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Desktopicon

2008-05-13 21:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-13 21:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-13 21:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-13 21:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-13 21:32 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LogiShrd

2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Logitech

2008-05-13 21:29 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-13 21:29 . 2008-05-13 21:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-05-13 21:29 . 2008-05-13 21:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Programfiler\Logitech

2008-05-13 21:28 . 2008-05-13 21:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\InstallShield

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logitech

2008-05-13 21:28 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-05-13 21:28 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll

2008-05-13 21:28 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-05-13 21:28 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-05-13 21:28 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll

2008-05-13 21:26 . 2008-05-13 21:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-13 21:25 . 2007-11-07 05:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys

2008-05-13 21:25 . 2007-11-07 05:40 106,496 --a------ C:\WINDOWS\system32\atinppt2.ax

2008-05-13 21:25 . 2005-12-03 00:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod

2008-05-13 21:24 . 2008-05-13 21:25 <DIR> d-------- C:\Programfiler\ATI Technologies

2008-05-13 21:24 . 2008-05-13 21:24 <DIR> d-------- C:\ATI

2008-05-13 21:24 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-13 21:23 . 2008-05-13 21:23 <DIR> d-------- C:\WINDOWS\Drivers

2008-05-13 21:23 . 2003-10-15 13:59 55,552 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys

2008-05-13 21:23 . 2003-10-15 13:59 41,856 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys

2008-05-13 21:18 . 2007-10-12 16:31 1,953,792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe

2008-05-13 21:18 . 2007-10-12 16:31 139,264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll

2008-05-13 21:17 . 2008-05-13 21:18 <DIR> d-------- C:\WINDOWS\JM

2008-05-13 21:17 . 2007-10-12 16:31 43,648 -ra------ C:\WINDOWS\system32\drivers\jraid.sys

2008-05-13 21:17 . 2007-10-12 16:31 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys

2008-05-13 21:13 . 2008-05-13 21:13 592 --a------ C:\WINDOWS\chgkey.vbs

2008-05-13 21:12 . 2008-05-13 21:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-05-13 21:12 . 2008-05-13 21:11 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-05-13 21:12 . 2008-05-13 21:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-05-13 21:11 . 2008-05-18 20:45 <DIR> d-------- C:\Programfiler\ESET

2008-05-13 21:10 . 2008-05-13 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-05-13 21:10 . 2008-05-13 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-13 21:10 . 2008-05-13 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-13 21:07 . 2008-05-13 21:07 <DIR> d-------- C:\Programfiler\Realtek

2008-05-13 21:06 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-13 21:05 . 2008-05-13 21:05 <DIR> d-------- C:\Programfiler\USB 2.0 Flash Driver

2008-05-13 21:05 . 2008-05-14 22:09 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

2008-05-13 21:05 . 2008-05-13 21:07 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-05-13 21:05 . 2003-07-15 16:08 806,400 --a------ C:\WINDOWS\system32\PL2515AP.exe

2008-05-13 21:05 . 2002-09-18 15:32 28,672 --a------ C:\WINDOWS\system32\PL2515.exe

2008-05-13 21:05 . 2003-05-07 09:58 7,114 --a------ C:\WINDOWS\system32\drivers\PL2515.sys

2008-05-13 21:05 . 2002-09-17 09:44 3,973 --a------ C:\WINDOWS\system32\PL2515.dll

2008-05-13 21:04 . 2008-05-13 23:07 <DIR> dr------- C:\Documents and Settings\Einar\Start-meny

2008-05-13 21:04 . 2008-05-13 22:45 <DIR> d--h----- C:\Documents and Settings\Einar\Skrivere

2008-05-13 21:04 . 2008-05-22 18:13 <DIR> d-------- C:\Documents and Settings\Einar\Skrivebord

2008-05-13 21:04 . 2008-05-21 21:56 <DIR> dr-h----- C:\Documents and Settings\Einar\Programdata

2008-05-13 21:04 . 2008-05-17 02:27 <DIR> dr------- C:\Documents and Settings\Einar\Mine dokumenter

2008-05-13 21:04 . 2008-05-13 20:56 <DIR> d--h----- C:\Documents and Settings\Einar\Maler

2008-05-13 21:04 . 2008-05-22 18:15 <DIR> d--h----- C:\Documents and Settings\Einar\Lokale innstillinger

2008-05-13 21:04 . 2008-05-16 19:36 <DIR> dr------- C:\Documents and Settings\Einar\Favoritter

2008-05-13 21:04 . 2008-05-13 22:45 <DIR> d--h----- C:\Documents and Settings\Einar\AndrMask

2008-05-13 21:04 . 2008-05-22 18:11 <DIR> d-------- C:\Documents and Settings\Einar

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata

2008-05-13 21:03 . 2008-05-22 18:15 <DIR> d--h----- C:\Documents and Settings\NetworkService\Lokale innstillinger

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d--hs---- C:\Documents and Settings\NetworkService

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata

2008-05-13 21:03 . 2008-05-22 18:15 <DIR> d--h----- C:\Documents and Settings\LocalService\Lokale innstillinger

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d--hs---- C:\Documents and Settings\LocalService

2008-05-13 21:03 . 2008-05-13 21:03 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 05:24 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-05-20 06:21 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-05-17 15:47 --------- d-----w C:\Documents and Settings\Einar\Programdata\ImgBurn

2008-05-13 21:26 716,122 ----a-w C:\WINDOWS\system32\unins000.exe

2008-05-13 20:49 --------- d-----w C:\Documents and Settings\Einar\Programdata\teamspeak2

2008-05-13 20:45 --------- d-----w C:\Programfiler\Winamp

2008-05-13 20:45 --------- d-----w C:\Documents and Settings\Einar\Programdata\Winamp

2008-05-13 20:43 --------- d-----w C:\Programfiler\Java

2008-05-13 20:42 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-05-13 20:29 --------- d-----w C:\Programfiler\K-Lite Codec Pack

2008-05-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-13 20:19 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2008-05-13 20:19 --------- d-----w C:\Programfiler\ImgBurn

2008-05-13 20:14 --------- d-----w C:\Programfiler\Microsoft.NET

2008-05-13 20:14 --------- d-----w C:\Programfiler\Microsoft Works

2008-05-13 20:06 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-13 20:06 --------- d-----w C:\Documents and Settings\Einar\Programdata\SUPERAntiSpyware.com

2008-05-13 20:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-13 18:59 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-05-13 18:58 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-05-13 18:56 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-05-07 16:53 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-05-07 16:50 992,256 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-05-07 16:50 818,688 ----a-w C:\WINDOWS\system32\wininet.dll

2008-05-07 16:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-05-07 16:50 26,112 ----a-w C:\WINDOWS\system32\idndl.dll

2008-05-07 16:50 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-05-07 16:50 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll

2008-05-07 16:50 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2008-05-07 16:49 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2008-05-07 16:49 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2008-05-07 16:49 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2008-05-07 16:49 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2008-05-07 16:49 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2008-05-07 16:49 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2008-05-07 16:49 17,408 ----a-w C:\WINDOWS\system32\corpol.dll

2008-04-14 09:22 74,752 ----a-w C:\WINDOWS\system32\storprop.dll

2008-04-14 09:22 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

2008-04-14 09:22 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll

2008-04-14 09:21 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll

2008-04-14 09:21 20,992 ----a-w C:\WINDOWS\system32\bthci.dll

2008-04-14 08:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 08:34 1,246,067 ----a-r C:\WINDOWS\SET3.tmp

2008-04-14 08:28 16,825 ----a-r C:\WINDOWS\SET8.tmp

2008-04-14 08:28 1,088,840 ----a-r C:\WINDOWS\SET4.tmp

2008-04-14 07:39 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin

2008-04-14 07:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 07:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 07:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 07:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 07:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 07:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 07:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 07:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 07:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 07:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 06:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 06:56 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 06:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 06:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 06:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 06:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 06:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 06:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 06:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 06:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 06:48 77,312 ----a-w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 06:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 06:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 06:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 06:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 06:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 06:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 06:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 06:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 06:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 06:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 06:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 06:37 68,976 ----a-w C:\WINDOWS\system32\mmsystem.dll

2008-04-14 06:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 12:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 12:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 11:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

2008-04-13 11:45 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

2008-04-13 11:45 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys

2008-04-13 11:45 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys

2008-04-13 11:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

2008-04-13 11:39 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-04-13 11:39 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-04-13 11:39 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys

2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2008-05-13 22:03 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-05-13 21:11 949376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-05-13 21:28:52 789008]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\sander1997\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\sander1997\\counter-strike source\\hl2.exe"=

 

R3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2005-05-23 09:30]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 23:51]

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-18 20:19:54 C:\WINDOWS\Tasks\XoftSpy.job"

- C:\Programfiler\XoftSpy\XoftSpy.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 18:15:50

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-22 18:16:18

ComboFix-quarantined-files.txt 2008-05-22 16:16:14

 

Pre-Run: 31,709,343,744 byte ledig

Post-Run: 31,700,598,784 byte ledig

 

303 --- E O F --- 2008-05-20 06:21:20

 

 

Endret 22. mai 2008 av Znoken

[norbat]

Avinstaller Combofix ved å skrive combofix /u fra kjør-feltet (start->kjør)

 

Last ned ny combofix som du kjører, post loggen.

Fortell også hvilket program som finner trojaneren og hvor den skal ligge

[Znoken]

 

ComboFix 08-05-21.2 - Einar 2008-05-22 19:05:10.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2612 [GMT 2:00]

Running from: C:\Documents and Settings\Einar\Skrivebord\ComboFix.exe

* Resident AV is active

 

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

 

2008-05-22 18:11 . 2008-05-22 18:31 <DIR> dr-h----- C:\Documents and Settings\Einar\Siste

2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d-------- C:\Programfiler\CCleaner

2008-05-22 07:37 . 2008-05-22 07:37 <DIR> d-------- C:\Programfiler\Lavasoft

2008-05-21 21:56 . 2008-05-21 22:10 <DIR> d-------- C:\Programfiler\Spyware Doctor

2008-05-21 21:56 . 2008-05-21 21:56 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\PC Tools

2008-05-21 21:56 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-21 21:56 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-21 21:56 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-21 21:56 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-21 19:09 . 2008-05-21 19:10 <DIR> d-------- C:\Programfiler\Trojan Guarder Gold Version

2008-05-21 16:23 . 2008-05-21 16:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-05-21 12:09 . 2008-05-21 12:09 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-05-21 08:17 . 2008-05-21 08:17 0 --a------ C:\WINDOWS\system32\SBRC.dat

2008-05-21 08:17 . 2008-05-21 08:17 0 --a------ C:\WINDOWS\system32\SBFC.dat

2008-05-21 08:02 . 2008-05-21 08:02 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Sunbelt Software

2008-05-21 08:02 . 2008-05-21 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sunbelt Software

2008-05-21 08:01 . 2008-05-21 08:01 <DIR> d-------- C:\Programfiler\Sunbelt Software

2008-05-21 07:31 . 2008-05-21 07:38 396 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-20 21:17 . 2008-05-20 21:17 1,733 --a------ C:\WINDOWS\TSearch.INI

2008-05-18 22:19 . 2008-05-18 22:22 <DIR> d-------- C:\Programfiler\XoftSpy

2008-05-18 20:57 . 2008-05-18 20:57 18,176 --a------ C:\WINDOWS\rundll32.vbe

2008-05-18 20:45 . 2001-10-09 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-18 20:44 . 2008-05-18 20:44 4 --a------ C:\WINDOWS\system32\hljwugsf.bin

2008-05-18 12:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-05-17 17:32 . 2008-05-19 20:40 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-17 17:28 . 2008-05-17 17:28 <DIR> d-------- C:\Programfiler\NeroInstall.bak

2008-05-17 17:27 . 2008-05-17 17:27 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Nero

2008-05-17 17:25 . 2008-05-17 17:25 <DIR> d-------- C:\Programfiler\Nero

2008-05-17 17:25 . 2008-05-17 17:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero

2008-05-17 17:25 . 2008-05-17 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero

2008-05-16 13:26 . 2008-05-16 13:26 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Media Player Classic

2008-05-16 12:32 . 2008-05-16 16:54 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-05-16 12:32 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-05-14 22:10 . 2008-05-20 21:13 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-14 22:10 . 2008-05-14 22:10 22,328 --a------ C:\Documents and Settings\Einar\Programdata\PnkBstrK.sys

2008-05-14 22:09 . 2008-05-14 22:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-14 22:09 . 2008-05-20 21:13 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-05-14 22:09 . 2008-05-14 22:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-05-14 22:09 . 2008-05-14 22:09 317 --a------ C:\WINDOWS\game.ini

2008-05-14 21:58 . 2008-05-14 21:58 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-05-14 21:39 . 2008-05-20 17:26 <DIR> d-------- C:\Programfiler\Steam

2008-05-13 23:12 . 2008-05-14 00:16 <DIR> d-------- C:\Programfiler\TPTEST5

2008-05-13 23:07 . 2008-05-22 07:38 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\uTorrent

2008-05-13 23:03 . 2008-05-13 23:09 <DIR> d-------- C:\Programfiler\uTorrent

2008-05-13 21:54 . 2008-05-13 21:55 <DIR> d-------- C:\Programfiler\Windows Live

2008-05-13 21:50 . 2008-05-13 21:54 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-13 21:50 . 2008-05-13 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-05-13 21:47 . 2008-05-13 21:54 <DIR> d-------- C:\Documents and Settings\Einar\Contacts

2008-05-13 21:46 . 2008-05-13 21:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-13 21:38 . 2004-11-15 19:02 258,048 --a------ C:\WINDOWS\system32\cmdiag.cpl

2008-05-13 21:37 . 2008-05-13 21:37 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-05-13 21:37 . 2008-05-13 21:41 <DIR> d-------- C:\Programfiler\Your Uninstaller 2008

2008-05-13 21:37 . 2008-05-13 21:37 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\URSoft

2008-05-13 21:37 . 2008-05-22 07:45 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-05-13 21:36 . 2008-05-13 21:40 <DIR> d-------- C:\Programfiler\Unlocker

2008-05-13 21:36 . 2008-05-13 21:36 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Desktopicon

2008-05-13 21:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-13 21:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-13 21:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-13 21:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-13 21:32 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LogiShrd

2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Logitech

2008-05-13 21:29 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-13 21:29 . 2008-05-13 21:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-05-13 21:29 . 2008-05-13 21:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Programfiler\Logitech

2008-05-13 21:28 . 2008-05-13 21:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\InstallShield

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logitech

2008-05-13 21:28 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-05-13 21:28 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll

2008-05-13 21:28 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-05-13 21:28 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-05-13 21:28 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll

2008-05-13 21:26 . 2008-05-13 21:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-13 21:25 . 2007-11-07 05:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys

2008-05-13 21:25 . 2007-11-07 05:40 106,496 --a------ C:\WINDOWS\system32\atinppt2.ax

2008-05-13 21:25 . 2005-12-03 00:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod

2008-05-13 21:24 . 2008-05-13 21:25 <DIR> d-------- C:\Programfiler\ATI Technologies

2008-05-13 21:24 . 2008-05-13 21:24 <DIR> d-------- C:\ATI

2008-05-13 21:24 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-13 21:23 . 2008-05-13 21:23 <DIR> d-------- C:\WINDOWS\Drivers

2008-05-13 21:23 . 2003-10-15 13:59 55,552 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys

2008-05-13 21:23 . 2003-10-15 13:59 41,856 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys

2008-05-13 21:18 . 2007-10-12 16:31 1,953,792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe

2008-05-13 21:18 . 2007-10-12 16:31 139,264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll

2008-05-13 21:17 . 2008-05-13 21:18 <DIR> d-------- C:\WINDOWS\JM

2008-05-13 21:17 . 2007-10-12 16:31 43,648 -ra------ C:\WINDOWS\system32\drivers\jraid.sys

2008-05-13 21:17 . 2007-10-12 16:31 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys

2008-05-13 21:13 . 2008-05-13 21:13 592 --a------ C:\WINDOWS\chgkey.vbs

2008-05-13 21:12 . 2008-05-13 21:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-05-13 21:12 . 2008-05-13 21:11 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-05-13 21:12 . 2008-05-13 21:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-05-13 21:11 . 2008-05-18 20:45 <DIR> d-------- C:\Programfiler\ESET

2008-05-13 21:10 . 2008-05-13 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-05-13 21:10 . 2008-05-13 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-13 21:10 . 2008-05-13 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-13 21:07 . 2008-05-13 21:07 <DIR> d-------- C:\Programfiler\Realtek

2008-05-13 21:06 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-13 21:05 . 2008-05-13 21:05 <DIR> d-------- C:\Programfiler\USB 2.0 Flash Driver

2008-05-13 21:05 . 2008-05-14 22:09 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

2008-05-13 21:05 . 2008-05-13 21:07 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-05-13 21:05 . 2003-07-15 16:08 806,400 --a------ C:\WINDOWS\system32\PL2515AP.exe

2008-05-13 21:05 . 2002-09-18 15:32 28,672 --a------ C:\WINDOWS\system32\PL2515.exe

2008-05-13 21:05 . 2003-05-07 09:58 7,114 --a------ C:\WINDOWS\system32\drivers\PL2515.sys

2008-05-13 21:05 . 2002-09-17 09:44 3,973 --a------ C:\WINDOWS\system32\PL2515.dll

2008-05-13 21:04 . 2008-05-13 23:07 <DIR> dr------- C:\Documents and Settings\Einar\Start-meny

2008-05-13 21:04 . 2008-05-13 22:45 <DIR> d--h----- C:\Documents and Settings\Einar\Skrivere

2008-05-13 21:04 . 2008-05-22 19:04 <DIR> d-------- C:\Documents and Settings\Einar\Skrivebord

2008-05-13 21:04 . 2008-05-21 21:56 <DIR> dr-h----- C:\Documents and Settings\Einar\Programdata

2008-05-13 21:04 . 2008-05-17 02:27 <DIR> dr------- C:\Documents and Settings\Einar\Mine dokumenter

2008-05-13 21:04 . 2008-05-13 20:56 <DIR> d--h----- C:\Documents and Settings\Einar\Maler

2008-05-13 21:04 . 2008-05-22 19:06 <DIR> d--h----- C:\Documents and Settings\Einar\Lokale innstillinger

2008-05-13 21:04 . 2008-05-16 19:36 <DIR> dr------- C:\Documents and Settings\Einar\Favoritter

2008-05-13 21:04 . 2008-05-13 22:45 <DIR> d--h----- C:\Documents and Settings\Einar\AndrMask

2008-05-13 21:04 . 2008-05-22 18:11 <DIR> d-------- C:\Documents and Settings\Einar

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata

2008-05-13 21:03 . 2008-05-22 19:06 <DIR> d--h----- C:\Documents and Settings\NetworkService\Lokale innstillinger

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d--hs---- C:\Documents and Settings\NetworkService

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata

2008-05-13 21:03 . 2008-05-22 19:06 <DIR> d--h----- C:\Documents and Settings\LocalService\Lokale innstillinger

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d--hs---- C:\Documents and Settings\LocalService

2008-05-13 21:03 . 2008-05-13 21:03 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 05:24 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-05-20 06:21 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-05-17 15:47 --------- d-----w C:\Documents and Settings\Einar\Programdata\ImgBurn

2008-05-13 21:26 716,122 ----a-w C:\WINDOWS\system32\unins000.exe

2008-05-13 20:49 --------- d-----w C:\Documents and Settings\Einar\Programdata\teamspeak2

2008-05-13 20:45 --------- d-----w C:\Programfiler\Winamp

2008-05-13 20:45 --------- d-----w C:\Documents and Settings\Einar\Programdata\Winamp

2008-05-13 20:43 --------- d-----w C:\Programfiler\Java

2008-05-13 20:42 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-05-13 20:29 --------- d-----w C:\Programfiler\K-Lite Codec Pack

2008-05-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-13 20:19 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2008-05-13 20:19 --------- d-----w C:\Programfiler\ImgBurn

2008-05-13 20:14 --------- d-----w C:\Programfiler\Microsoft.NET

2008-05-13 20:14 --------- d-----w C:\Programfiler\Microsoft Works

2008-05-13 20:06 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-13 20:06 --------- d-----w C:\Documents and Settings\Einar\Programdata\SUPERAntiSpyware.com

2008-05-13 20:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-13 18:59 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-05-13 18:58 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-05-13 18:56 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-05-07 16:53 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-05-07 16:50 992,256 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-05-07 16:50 818,688 ----a-w C:\WINDOWS\system32\wininet.dll

2008-05-07 16:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-05-07 16:50 26,112 ----a-w C:\WINDOWS\system32\idndl.dll

2008-05-07 16:50 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-05-07 16:50 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll

2008-05-07 16:50 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2008-05-07 16:49 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2008-05-07 16:49 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2008-05-07 16:49 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2008-05-07 16:49 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2008-05-07 16:49 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2008-05-07 16:49 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2008-05-07 16:49 17,408 ----a-w C:\WINDOWS\system32\corpol.dll

2008-04-14 09:22 74,752 ----a-w C:\WINDOWS\system32\storprop.dll

2008-04-14 09:22 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

2008-04-14 09:22 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll

2008-04-14 09:21 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll

2008-04-14 09:21 20,992 ----a-w C:\WINDOWS\system32\bthci.dll

2008-04-14 08:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 08:34 1,246,067 ----a-r C:\WINDOWS\SET3.tmp

2008-04-14 08:28 16,825 ----a-r C:\WINDOWS\SET8.tmp

2008-04-14 08:28 1,088,840 ----a-r C:\WINDOWS\SET4.tmp

2008-04-14 07:39 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin

2008-04-14 07:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 07:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 07:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 07:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 07:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 07:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 07:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 07:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 07:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 07:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 06:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 06:56 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 06:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 06:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 06:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 06:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 06:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 06:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 06:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 06:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 06:48 77,312 ----a-w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 06:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 06:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 06:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 06:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 06:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 06:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 06:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 06:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 06:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 06:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 06:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 06:37 68,976 ----a-w C:\WINDOWS\system32\mmsystem.dll

2008-04-14 06:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 12:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 12:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 11:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

2008-04-13 11:45 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

2008-04-13 11:45 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys

2008-04-13 11:45 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys

2008-04-13 11:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

2008-04-13 11:39 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-04-13 11:39 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-04-13 11:39 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys

2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2008-05-13 22:03 5724184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-05-13 21:11 949376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-05-13 21:28:52 789008]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\sander1997\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\sander1997\\counter-strike source\\hl2.exe"=

 

R3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2005-05-23 09:30]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 23:51]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-18 20:19:54 C:\WINDOWS\Tasks\XoftSpy.job"

- C:\Programfiler\XoftSpy\XoftSpy.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 19:06:33

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

C:\Documents and Settings\Einar\Lokale innstillinger\Programdata\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6CA4_4448_A444_16CC\$db_clean$ 0 bytes

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

Completion time: 2008-05-22 19:06:56

ComboFix-quarantined-files.txt 2008-05-22 17:06:53

ComboFix2.txt 2008-05-22 16:16:18

 

Pre-Run: 31,748,587,520 byte ledig

Post-Run: 31,744,589,824 byte ledig

 

303 --- E O F --- 2008-05-20 06:21:20

 

 

 

Det er nod32 som popper opp og viser at det finnes en trojaner på pc`n min.......

C:\Windows\System32\Drivers\Etc\hosts Win32/Qhost trojan

[norbat]

Vi får åpne hosts og se hva dette kan være. Kopier og lim inn det som står under i fet skrift i kjør-feltet. Hosts-fila vil åpne i notisblokk. Post innholdet:

 

notepad C:\Windows\System32\Drivers\Etc\hosts

[Znoken]

Vel jeg gjorde som du sa Norbat men det kom kun opp en blank side....Det eneste som jeg kan tenke meg nå er at nod32 kommer opp med en advarsel som muligens ikke er reell....litt rart hvis det skulle være tilfelle også da...

 

En ting jeg faktisk la merke til nå etter og ha kjørt combofix er at når jeg nå restarter pc`n så kommer ikke advarselen lenger opp....Kan det være så enkelt at Combofixen har fjernet trojaneren....

[norbat]

Advarselen fra NOD32 er nok reel - hostsfila er/var infisert. Vi tar derfor og gjøre følgende:

 

Bruk utforsker til å finne og slette følgende filer:

 

C:\WINDOWS\rundll32.vbe

C:\WINDOWS\system32\hljwugsf.bin

C:\WINDOWS\SET3.tmp

C:\WINDOWS\SET8.tmp

C:\WINDOWS\SET4.tmp

 

Last ned og pakk ut HostsXpert

Start programmet

Klikk "Make Hosts Writable?" hvis det er tilgjengelig (ikke Make ReadOnly?)

Klikk 'Restore MS Hosts File'

 

Restart pc og kjør en scan med NOD32 for å se om den finner noe

Åpne hostsfila igjen og se om den er slik den skal være (post den gjerne om du ikke vet hvordan den ser ut som standard)

Endret 22. mai 2008 av norbat

[Znoken]

Filene er slettet hostfila er som den skal og har scannet med nod32 og funnet pc`n trojaner fri igjen og kan ikke annet enn og si TUSEN TAKK for hjelpen Norbat...Du er bare konge når det gjelder virus og trojanere på pc`r og håper at vi kan ha en god hjelp fra deg i mange år...Takk igjen....