[Løst][LØST] Sliter med Qhost trojan som er vrien og få bort [LØST]

Znoken · 22. mai 2008

Noen som kan gi meg tips om hvordan jeg skal bli kvitt Qhost trojan....Har prøvd og scanne med Nod32, Superantispyware, CounterSpy, Ad-aware og Spyware Doctor pluss at jeg har kjørt CCleaner og sikkert mye annet også....Har scannet i både sikkermodus og vanlig....Håper og slippe med formatering...Legger ved combo og hijack this loggene....Håper noen vet hvordan man blir kvitt svineriet....

Logfile of HijackThis v1.99.1

Scan saved at 18:18:01, on 22.05.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Windows Live\Messenger\msnmsgr.exe

C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Eset\nod32krn.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Windows Live\Messenger\usnsvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

F:\o---= Programs 2007 =---o\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1210707139296

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210709745984

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programfiler\Fellesfiler\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FELLES~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: LBTWlgn - c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programfiler\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programfiler\Spyware Doctor\pctsSvc.exe

ComboFix 08-05-21.2 - Einar 2008-05-22 18:14:51.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2579 [GMT 2:00]

Running from: C:\Documents and Settings\Einar\Skrivebord\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

2008-05-22 18:11 . 2008-05-22 18:11 <DIR> dr-h----- C:\Documents and Settings\Einar\Siste

2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d-------- C:\Programfiler\CCleaner

2008-05-22 07:37 . 2008-05-22 07:37 <DIR> d-------- C:\Programfiler\Lavasoft

2008-05-21 21:56 . 2008-05-21 22:10 <DIR> d-------- C:\Programfiler\Spyware Doctor

2008-05-21 21:56 . 2008-05-21 21:56 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\PC Tools

2008-05-21 21:56 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-05-21 21:56 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-05-21 21:56 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-05-21 21:56 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-05-21 19:09 . 2008-05-21 19:10 <DIR> d-------- C:\Programfiler\Trojan Guarder Gold Version

2008-05-21 16:23 . 2008-05-21 16:23 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-05-21 12:09 . 2008-05-21 12:09 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-05-21 08:17 . 2008-05-21 08:17 0 --a------ C:\WINDOWS\system32\SBRC.dat

2008-05-21 08:17 . 2008-05-21 08:17 0 --a------ C:\WINDOWS\system32\SBFC.dat

2008-05-21 08:02 . 2008-05-21 08:02 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Sunbelt Software

2008-05-21 08:02 . 2008-05-21 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sunbelt Software

2008-05-21 08:01 . 2008-05-21 08:01 <DIR> d-------- C:\Programfiler\Sunbelt Software

2008-05-21 07:31 . 2008-05-21 07:38 396 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-20 21:17 . 2008-05-20 21:17 1,733 --a------ C:\WINDOWS\TSearch.INI

2008-05-18 22:19 . 2008-05-18 22:22 <DIR> d-------- C:\Programfiler\XoftSpy

2008-05-18 20:57 . 2008-05-18 20:57 18,176 --a------ C:\WINDOWS\rundll32.vbe

2008-05-18 20:45 . 2001-10-09 14:00 4,224 --a------ C:\WINDOWS\system32\beep.sys

2008-05-18 20:44 . 2008-05-18 20:44 4 --a------ C:\WINDOWS\system32\hljwugsf.bin

2008-05-18 12:01 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-05-17 17:32 . 2008-05-19 20:40 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-17 17:28 . 2008-05-17 17:28 <DIR> d-------- C:\Programfiler\NeroInstall.bak

2008-05-17 17:27 . 2008-05-17 17:27 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Nero

2008-05-17 17:25 . 2008-05-17 17:25 <DIR> d-------- C:\Programfiler\Nero

2008-05-17 17:25 . 2008-05-17 17:26 <DIR> d-------- C:\Programfiler\Fellesfiler\Nero

2008-05-17 17:25 . 2008-05-17 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero

2008-05-16 13:26 . 2008-05-16 13:26 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Media Player Classic

2008-05-16 12:32 . 2008-05-16 16:54 <DIR> d-------- C:\WINDOWS\system32\Adobe

2008-05-16 12:32 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-05-14 22:10 . 2008-05-20 21:13 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-14 22:10 . 2008-05-14 22:10 22,328 --a------ C:\Documents and Settings\Einar\Programdata\PnkBstrK.sys

2008-05-14 22:09 . 2008-05-14 22:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-14 22:09 . 2008-05-20 21:13 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-05-14 22:09 . 2008-05-14 22:15 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-05-14 22:09 . 2008-05-14 22:09 317 --a------ C:\WINDOWS\game.ini

2008-05-14 21:58 . 2008-05-14 21:58 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-05-14 21:39 . 2008-05-20 17:26 <DIR> d-------- C:\Programfiler\Steam

2008-05-13 23:12 . 2008-05-14 00:16 <DIR> d-------- C:\Programfiler\TPTEST5

2008-05-13 23:07 . 2008-05-22 07:38 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\uTorrent

2008-05-13 23:03 . 2008-05-13 23:09 <DIR> d-------- C:\Programfiler\uTorrent

2008-05-13 21:54 . 2008-05-13 21:55 <DIR> d-------- C:\Programfiler\Windows Live

2008-05-13 21:50 . 2008-05-13 21:54 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-05-13 21:50 . 2008-05-13 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-05-13 21:47 . 2008-05-13 21:54 <DIR> d-------- C:\Documents and Settings\Einar\Contacts

2008-05-13 21:46 . 2008-05-13 21:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-05-13 21:38 . 2004-11-15 19:02 258,048 --a------ C:\WINDOWS\system32\cmdiag.cpl

2008-05-13 21:37 . 2008-05-13 21:37 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2008-05-13 21:37 . 2008-05-13 21:41 <DIR> d-------- C:\Programfiler\Your Uninstaller 2008

2008-05-13 21:37 . 2008-05-13 21:37 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\URSoft

2008-05-13 21:37 . 2008-05-22 07:45 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-05-13 21:36 . 2008-05-13 21:40 <DIR> d-------- C:\Programfiler\Unlocker

2008-05-13 21:36 . 2008-05-13 21:36 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Desktopicon

2008-05-13 21:32 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-13 21:32 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-13 21:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-13 21:32 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-13 21:32 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-13 21:30 . 2008-05-13 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LogiShrd

2008-05-13 21:29 . 2008-05-13 21:29 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\Logitech

2008-05-13 21:29 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-13 21:29 . 2008-05-13 21:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-05-13 21:29 . 2008-05-13 21:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Programfiler\Logitech

2008-05-13 21:28 . 2008-05-13 21:40 <DIR> d-------- C:\Programfiler\Fellesfiler\Logishrd

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Documents and Settings\Einar\Programdata\InstallShield

2008-05-13 21:28 . 2008-05-13 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Logitech

2008-05-13 21:28 . 2008-01-09 12:26 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll

2008-05-13 21:28 . 2008-01-09 12:27 170,512 --a------ C:\WINDOWS\system32\kemutb.dll

2008-05-13 21:28 . 2008-01-09 12:28 141,840 --a------ C:\WINDOWS\system32\KemUtil.dll

2008-05-13 21:28 . 2008-01-09 12:28 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll

2008-05-13 21:28 . 2008-01-09 12:28 76,304 --a------ C:\WINDOWS\system32\KemXML.dll

2008-05-13 21:26 . 2008-05-13 21:26 0 --a------ C:\WINDOWS\ativpsrm.bin

2008-05-13 21:25 . 2007-11-07 05:40 169,856 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys

2008-05-13 21:25 . 2007-11-07 05:40 106,496 --a------ C:\WINDOWS\system32\atinppt2.ax

2008-05-13 21:25 . 2005-12-03 00:49 64,352 --a------ C:\WINDOWS\system32\drivers\ativmc01.cod

2008-05-13 21:24 . 2008-05-13 21:25 <DIR> d-------- C:\Programfiler\ATI Technologies

2008-05-13 21:24 . 2008-05-13 21:24 <DIR> d-------- C:\ATI

2008-05-13 21:24 . 2008-03-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-05-13 21:23 . 2008-05-13 21:23 <DIR> d-------- C:\WINDOWS\Drivers

2008-05-13 21:23 . 2003-10-15 13:59 55,552 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys

2008-05-13 21:23 . 2003-10-15 13:59 41,856 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys

2008-05-13 21:18 . 2007-10-12 16:31 1,953,792 -r------- C:\WINDOWS\system32\JMRaidSetup.exe

2008-05-13 21:18 . 2007-10-12 16:31 139,264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll

2008-05-13 21:17 . 2008-05-13 21:18 <DIR> d-------- C:\WINDOWS\JM

2008-05-13 21:17 . 2007-10-12 16:31 43,648 -ra------ C:\WINDOWS\system32\drivers\jraid.sys

2008-05-13 21:17 . 2007-10-12 16:31 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys

2008-05-13 21:13 . 2008-05-13 21:13 592 --a------ C:\WINDOWS\chgkey.vbs

2008-05-13 21:12 . 2008-05-13 21:11 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2008-05-13 21:12 . 2008-05-13 21:11 298,104 --a------ C:\WINDOWS\system32\imon.dll

2008-05-13 21:12 . 2008-05-13 21:11 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2008-05-13 21:11 . 2008-05-18 20:45 <DIR> d-------- C:\Programfiler\ESET

2008-05-13 21:10 . 2008-05-13 21:10 <DIR> d-------- C:\WINDOWS\system32\Lang

2008-05-13 21:10 . 2008-05-13 21:10 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-05-13 21:10 . 2008-05-13 21:10 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-05-13 21:07 . 2008-05-13 21:07 <DIR> d-------- C:\Programfiler\Realtek

2008-05-13 21:06 . 2008-04-13 11:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-13 21:05 . 2008-05-13 21:05 <DIR> d-------- C:\Programfiler\USB 2.0 Flash Driver

2008-05-13 21:05 . 2008-05-14 22:09 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

2008-05-13 21:05 . 2008-05-13 21:07 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield

2008-05-13 21:05 . 2003-07-15 16:08 806,400 --a------ C:\WINDOWS\system32\PL2515AP.exe

2008-05-13 21:05 . 2002-09-18 15:32 28,672 --a------ C:\WINDOWS\system32\PL2515.exe

2008-05-13 21:05 . 2003-05-07 09:58 7,114 --a------ C:\WINDOWS\system32\drivers\PL2515.sys

2008-05-13 21:05 . 2002-09-17 09:44 3,973 --a------ C:\WINDOWS\system32\PL2515.dll

2008-05-13 21:04 . 2008-05-13 23:07 <DIR> dr------- C:\Documents and Settings\Einar\Start-meny

2008-05-13 21:04 . 2008-05-13 22:45 <DIR> d--h----- C:\Documents and Settings\Einar\Skrivere

2008-05-13 21:04 . 2008-05-22 18:13 <DIR> d-------- C:\Documents and Settings\Einar\Skrivebord

2008-05-13 21:04 . 2008-05-21 21:56 <DIR> dr-h----- C:\Documents and Settings\Einar\Programdata

2008-05-13 21:04 . 2008-05-17 02:27 <DIR> dr------- C:\Documents and Settings\Einar\Mine dokumenter

2008-05-13 21:04 . 2008-05-13 20:56 <DIR> d--h----- C:\Documents and Settings\Einar\Maler

2008-05-13 21:04 . 2008-05-22 18:15 <DIR> d--h----- C:\Documents and Settings\Einar\Lokale innstillinger

2008-05-13 21:04 . 2008-05-16 19:36 <DIR> dr------- C:\Documents and Settings\Einar\Favoritter

2008-05-13 21:04 . 2008-05-13 22:45 <DIR> d--h----- C:\Documents and Settings\Einar\AndrMask

2008-05-13 21:04 . 2008-05-22 18:11 <DIR> d-------- C:\Documents and Settings\Einar

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d---s---- C:\WINDOWS\system32\Microsoft

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d-------- C:\Documents and Settings\NetworkService\Programdata

2008-05-13 21:03 . 2008-05-22 18:15 <DIR> d--h----- C:\Documents and Settings\NetworkService\Lokale innstillinger

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d--hs---- C:\Documents and Settings\NetworkService

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata

2008-05-13 21:03 . 2008-05-22 18:15 <DIR> d--h----- C:\Documents and Settings\LocalService\Lokale innstillinger

2008-05-13 21:03 . 2008-05-13 21:03 <DIR> d--hs---- C:\Documents and Settings\LocalService

2008-05-13 21:03 . 2008-05-13 21:03 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-21 05:24 --------- d-----w C:\Programfiler\SUPERAntiSpyware

2008-05-20 06:21 --------- d-----w C:\Programfiler\Microsoft Silverlight

2008-05-17 15:47 --------- d-----w C:\Documents and Settings\Einar\Programdata\ImgBurn

2008-05-13 21:26 716,122 ----a-w C:\WINDOWS\system32\unins000.exe

2008-05-13 20:49 --------- d-----w C:\Documents and Settings\Einar\Programdata\teamspeak2

2008-05-13 20:45 --------- d-----w C:\Programfiler\Winamp

2008-05-13 20:45 --------- d-----w C:\Documents and Settings\Einar\Programdata\Winamp

2008-05-13 20:43 --------- d-----w C:\Programfiler\Java

2008-05-13 20:42 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-05-13 20:29 --------- d-----w C:\Programfiler\K-Lite Codec Pack

2008-05-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-13 20:19 --------- d-----w C:\Programfiler\Teamspeak2_RC2

2008-05-13 20:19 --------- d-----w C:\Programfiler\ImgBurn

2008-05-13 20:14 --------- d-----w C:\Programfiler\Microsoft.NET

2008-05-13 20:14 --------- d-----w C:\Programfiler\Microsoft Works

2008-05-13 20:06 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-13 20:06 --------- d-----w C:\Documents and Settings\Einar\Programdata\SUPERAntiSpyware.com

2008-05-13 20:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-05-13 18:59 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-05-13 18:58 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-05-13 18:56 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-05-07 16:53 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll

2008-05-07 16:50 992,256 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-05-07 16:50 818,688 ----a-w C:\WINDOWS\system32\wininet.dll

2008-05-07 16:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll

2008-05-07 16:50 26,112 ----a-w C:\WINDOWS\system32\idndl.dll

2008-05-07 16:50 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll

2008-05-07 16:50 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll

2008-05-07 16:50 156,160 ----a-w C:\WINDOWS\system32\msls31.dll

2008-05-07 16:49 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll

2008-05-07 16:49 71,680 ----a-w C:\WINDOWS\system32\admparse.dll

2008-05-07 16:49 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll

2008-05-07 16:49 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

2008-05-07 16:49 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll

2008-05-07 16:49 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll

2008-05-07 16:49 17,408 ----a-w C:\WINDOWS\system32\corpol.dll

2008-04-14 09:22 74,752 ----a-w C:\WINDOWS\system32\storprop.dll

2008-04-14 09:22 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

2008-04-14 09:22 29,184 ----a-w C:\WINDOWS\system32\sdhcinst.dll

2008-04-14 09:21 30,208 ----a-w C:\WINDOWS\system32\bthserv.dll

2008-04-14 09:21 20,992 ----a-w C:\WINDOWS\system32\bthci.dll

2008-04-14 08:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 08:34 1,246,067 ----a-r C:\WINDOWS\SET3.tmp

2008-04-14 08:28 16,825 ----a-r C:\WINDOWS\SET8.tmp

2008-04-14 08:28 1,088,840 ----a-r C:\WINDOWS\SET4.tmp

2008-04-14 07:39 1,804 ----a-w C:\WINDOWS\system32\Dcache.bin

2008-04-14 07:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 07:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 07:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 07:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 07:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 07:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 07:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 07:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 07:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 07:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 07:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 06:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 06:56 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 06:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 06:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 06:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 06:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 06:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 06:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 06:49 79,360 ----a-w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 06:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 06:48 77,312 ----a-w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 06:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 06:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 06:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 06:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 06:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 06:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 06:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 06:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 06:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 06:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 06:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 06:37 68,976 ----a-w C:\WINDOWS\system32\mmsystem.dll

2008-04-14 06:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-13 12:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 12:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 11:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys

2008-04-13 11:45 56,576 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

2008-04-13 11:45 52,864 ----a-w C:\WINDOWS\system32\drivers\DMusic.sys

2008-04-13 11:45 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys

2008-04-13 11:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

2008-04-13 11:39 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys

2008-04-13 11:39 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2008-04-13 11:39 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys

2008-04-13 10:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 10:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 10:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 10:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 10:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 10:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 10:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 10:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:22 15360]

"msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2008-05-13 22:03 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-05-13 21:11 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-05-13 21:28:52 789008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\sander1997\\half-life 2 deathmatch\\hl2.exe"=

"C:\\Programfiler\\Steam\\SteamApps\\sander1997\\counter-strike source\\hl2.exe"=

R3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2005-05-23 09:30]

S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 23:51]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]

C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\srv32.exe

.

Contents of the 'Scheduled Tasks' folder

"2008-05-18 20:19:54 C:\WINDOWS\Tasks\XoftSpy.job"

- C:\Programfiler\XoftSpy\XoftSpy.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-22 18:15:50

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-22 18:16:18

ComboFix-quarantined-files.txt 2008-05-22 16:16:14

Pre-Run: 31,709,343,744 byte ledig

Post-Run: 31,700,598,784 byte ledig

303 --- E O F --- 2008-05-20 06:21:20

Endret 22. mai 2008 av Znoken

norbat · 22. mai 2008

Avinstaller Combofix ved å skrive combofix /u fra kjør-feltet (start->kjør)

Last ned ny combofix som du kjører, post loggen.

Fortell også hvilket program som finner trojaneren og hvor den skal ligge

Znoken · 22. mai 2008

ComboFix 08-05-21.2 - Einar 2008-05-22 19:05:10.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2612 [GMT 2:00]

Running from: C:\Documents and Settings\Einar\Skrivebord\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))

.

2008-05-22 18:11 . 2008-05-22 18:31 <DIR> dr-h----- C:\Documents and Settings\Einar\Siste