Så er jeg klar med de 4 første log files:
1. rootlog.********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
on 12-12-2007 18:33:21,39
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-12 18:33:22
Windows 5.0.2195 Service Pack 4
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_6993&Pid_b001&Mi_00\6&1c525841&0&0\Device Parameters]
"HWRevision?U\x2039\xec\x81\xec\xcc?"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_6993&Pid_b001&Mi_00\6&1c525841&0&0\Device Parameters]
"HWRevision?U\x2039\xec\x81\xec\xcc?"="1"
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
2. super spyware:
SUPERAntiSpyware Scan Log
Generated 12/12/2007 at 07:42 PM
Application Version : 3.6.1000
Core Rules Database Version : 3359
Trace Rules Database Version: 1358
Scan type : Complete Scan
Total Scan Time : 00:52:10
Memory items scanned : 160
Memory threats detected : 0
Registry items scanned : 6336
Registry threats detected : 5
File items scanned : 36964
File threats detected : 1
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{54195AF2-A99D-43AE-AEAB-DCE5EE69D58D}
HKCR\CLSID\{54195AF2-A99D-43AE-AEAB-DCE5EE69D58D}
HKCR\CLSID\{54195AF2-A99D-43AE-AEAB-DCE5EE69D58D}\InprocServer32
HKCR\CLSID\{54195AF2-A99D-43AE-AEAB-DCE5EE69D58D}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\VTSQP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54195AF2-A99D-43AE-AEAB-DCE5EE69D58D}
3. combofix:
ComboFix 07-12-12.3 - HANS 12-12-2007 18:36:31.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.425 [GMT 1:00]
Running from: C:\Documents and Settings\HANS\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Hans Lundqvist\Application Data\unins000.exe
C:\WINNT\cookies.ini
C:\WINNT\system32\byxwxyy.dll
C:\WINNT\system32\fccywxv.dll
C:\WINNT\system32\hgghfcb.dll
C:\WINNT\system32\mlnmp.ini
C:\WINNT\system32\mlnmp.ini2
C:\WINNT\system32\pmnlm.dll
C:\WINNT\system32\pqstv.ini
C:\WINNT\system32\pqstv.ini2
C:\WINNT\system32\tatpzqce.dllbox
.
((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))
.
2007-12-12 16:02 . 07-12-12 16:04 1,429 --a------ C:\WINNT\imsins.BAK
2007-12-12 10:59 . 07-12-12 10:59 85,568 --a------ C:\WINNT\system32\4575.tmp
2007-12-12 10:30 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 10:17 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 10:04 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 09:51 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 09:38 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 09:25 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 09:17 . 07-12-12 09:17 885,340 --ahs---- C:\WINNT\system32\vssvkssc.ini
2007-12-12 08:59 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 08:34 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-12 08:25 . 07-12-12 08:25 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-12 08:25 . 07-12-12 08:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-12 08:23 . 07-12-12 08:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 08:21 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-11 17:12 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-11 15:56 . 07-12-11 15:56 <DIR> d--h----- C:\Documents and Settings\HANS\InstallAnywhere
2007-12-11 14:36 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-11 14:23 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-11 14:10 . 07-12-12 18:46 37 d-a------ C:\WINNT\.
2007-12-11 13:21 . 07-12-12 08:54 884,726 --ahs---- C:\WINNT\system32\jphqyaev.ini
2007-12-11 10:09 . 07-12-12 17:59 37 --a------ C:\WINNT\E
2007-12-11 09:16 . 07-12-11 09:16 37 --a------ C:\WINNT\Q
2007-12-10 20:12 . 07-12-11 19:32 744,338 ---h----- C:\WINNT\ShellIconCache
2007-12-10 20:09 . 07-12-12 12:32 <DIR> d-------- C:\Program Files\MSN Messenger
2007-12-10 18:00 . 07-12-12 15:59 37 --a------ C:\WINNT\u
2007-12-10 17:41 . 07-12-10 17:41 <DIR> d-------- C:\Documents and Settings\HANS\Application Data\Kerio
2007-12-10 17:29 . 07-12-10 17:29 37 --a------ C:\WINNT\r007
2007-12-10 17:28 . 07-12-10 17:28 37 --a------ C:\WINNT\p
2007-12-10 17:27 . 07-12-10 17:45 <DIR> d-a------ C:\WINNT\system32\PAV
2007-12-10 17:27 . 06-02-22 10:50 70,656 --a------ C:\WINNT\system32\drivers\PAVDRV50.SYS
2007-12-10 17:27 . 05-09-27 12:13 45,056 --a------ C:\WINNT\system32\avldr.dll
2007-12-10 17:26 . 07-12-10 17:26 <DIR> d-a------ C:\Program Files\Panda Software
2007-12-10 15:53 . 05-07-26 12:39 66,048 --a------ C:\WINNT\system32\drivers\kvpndrv.sys
2007-12-10 14:04 . 07-12-10 14:04 28,672 --a------ C:\WINNT\system32\drivers\CO_Mon.sys
2007-12-10 13:28 . 07-12-12 12:44 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-12-10 13:28 . 07-12-10 13:28 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-10 13:28 . 04-04-27 04:40 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-12-10 13:28 . 07-12-11 08:09 4,212 --ah----- C:\WINNT\system32\zllictbl.dat
2007-12-10 13:27 . 07-12-12 18:42 <DIR> d-a------ C:\WINNT\Internet Logs
2007-12-10 12:18 . 07-12-11 12:19 896,342 --ahs---- C:\WINNT\system32\ivxktpks.ini
2007-12-09 12:08 . 07-12-10 12:48 <DIR> d-------- C:\Program Files\Helper
2007-12-09 12:08 . 07-12-09 12:17 57,856 --a------ C:\pgdxf.exe
2007-12-09 12:08 . 07-12-09 12:08 37,043 --a------ C:\WINNT\g12071093.exe
2007-12-09 12:08 . 07-12-09 12:17 2 --a------ C:\-1610351773
2007-12-09 10:45 . 07-12-09 10:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-09 10:43 . 07-12-09 10:43 <DIR> d-------- C:\Documents and Settings\HANS\Application Data\Yahoo!
2007-12-09 10:41 . 07-12-11 08:34 54,156 --ah----- C:\WINNT\QTFont.qfn
2007-12-09 10:41 . 07-12-09 10:41 1,409 --a------ C:\WINNT\QTFont.for
2007-12-09 10:35 . 07-12-09 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-09 09:37 . 07-12-09 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\e-Safekey
2007-12-08 15:29 . 07-12-08 15:30 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-12-07 19:40 . 07-12-07 19:40 <DIR> d-------- C:\WINNT\winsxs
2007-12-07 18:51 . 07-12-07 18:57 <DIR> d-------- C:\CrashLogs
2007-12-07 18:36 . 07-12-07 18:49 <DIR> d-------- C:\Documents and Settings\HANS\Application Data\OfficeUpdate12
2007-12-07 18:35 . 07-12-07 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-12-07 18:08 . 07-12-07 18:26 <DIR> d-------- C:\Documents and Settings\HANS\Application Data\VoipBuster
2007-12-07 18:08 . 99-10-12 15:57 68,912 --a------ C:\WINNT\system32\drivers\USBAUDIO.sys
2007-12-07 18:08 . 99-10-12 15:57 68,912 --a--c--- C:\WINNT\system32\dllcache\usbaudio.sys
2007-12-07 18:07 . 07-12-12 10:45 <DIR> d-------- C:\Program Files\VoipBusterMate
2007-12-07 18:07 . 07-12-07 18:07 <DIR> d-------- C:\Program Files\VoipBuster.com
2007-12-07 16:20 . 07-12-07 16:56 1,279 --a------ C:\WINNT\mozver.dat
2007-12-07 14:10 . 07-12-07 14:10 <DIR> d-a------ C:\WINNT\system32\html
2007-12-07 14:10 . 07-12-07 14:10 <DIR> d-a------ C:\WINNT\system32\
02007-12-07 14:10 . 07-12-07 14:10 <DIR> d-a------ C:\WINNT\system32\-1
2007-12-07 13:46 . 07-12-07 13:46 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2007-12-07 13:40 . 03-01-10 16:21 2,953,216 --a------ C:\WINNT\system32\wmploc.dll
2007-12-07 13:39 . 07-12-07 13:39 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-12-07 13:36 . 07-10-31 02:17 2,109,440 -----c--- C:\WINNT\system32\dllcache\wmvcore.dll
2007-12-07 12:46 . 07-12-07 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-07 12:43 . 07-12-07 12:43 24 ---hs---- C:\WINNT\S2AF2A0A5.tmp
2007-12-07 12:42 . 07-12-07 12:42 <DIR> d-------- C:\Program Files\SlySoft
2007-12-03 15:09 . 07-12-03 15:09 <DIR> d-------- C:\Documents and Settings\HANS\Application Data\Alien Skin
2007-11-30 16:23 . 07-11-30 16:23 97,216 --a------ C:\WINNT\system32\drivers\AnyDVD.sys
2007-11-26 10:58 . 07-12-10 15:22 <DIR> d-------- C:\Program Files\Google
2007-11-22 18:24 . 07-11-22 18:24 <DIR> d-------- C:\Documents and Settings\HANS\Application Data\Apple Computer
2007-11-22 18:17 . 07-12-12 12:33 <DIR> d-------- C:\Program Files\QuickTime
2007-11-22 18:17 . 07-11-22 18:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 17:31 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-12 15:57 --------- d-----w C:\Documents and Settings\HANS\Application Data\IBP
2007-12-12 11:34 --------- d-----w C:\Program Files\SmartFTP Client 2.0
2007-12-12 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-12 07:13 7,524 ----a-w C:\Program Files\hijackthis.log
2007-12-11 14:27 --------- d-----w C:\Program Files\Opera
2007-12-11 08:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-10 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 09:45 --------- d-----w C:\Program Files\Yahoo!
2007-12-07 13:32 --------- d-----w C:\Program Files\SummaSummarum
2007-12-07 12:46 58,000 ----a-w C:\WINNT\system32\drivers\cdr4_2K.sys
2007-12-07 12:46 57,344 ----a-w C:\WINNT\uneng.exe
2007-12-07 12:46 23,420 ----a-w C:\WINNT\system32\drivers\cdralw2k.sys
2007-11-10 07:15 --------- d-----w C:\Documents and Settings\HANS\Application Data\Ahead
2007-11-10 07:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-10-31 09:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-31 09:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-31 09:43 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-24 08:25 --------- d-----w C:\Program Files\EasyPHP1-8
2007-10-23 12:54 --------- d-----w C:\Documents and Settings\HANS\Application Data\Creative
2007-10-23 07:08 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-22 15:46 --------- d-----w C:\Program Files\ATI Technologies
2007-10-22 09:57 524,288 ----a-w C:\WINNT\opuc.dll
2007-10-22 05:54 --------- d-----w C:\Program Files\Common Files\Vbox
2007-10-21 08:40 --------- d-----w C:\Documents and Settings\HANS\Application Data\SUPERAntiSpyware.com
2007-10-21 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-21 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-21 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-21 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT
2007-10-21 08:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\Talkback
2007-10-21 08:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\AVG7
2007-10-21 08:35 --------- d-----w C:\Documents and Settings\Default User\Application Data\AdobeUM
2007-10-21 08:23 --------- d---a-w C:\Documents and Settings\Hans Lundqvist\Application Data\Leadertech
2007-10-21 08:23 --------- d---a-w C:\Documents and Settings\Hans Lundqvist\Application Data\Creative
2007-10-21 08:23 --------- d---a-w C:\Documents and Settings\Hans Lundqvist\Application Data\AdobeUM
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Lavasoft
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Jasc
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Image Zone Express
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\IBP
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\CoffeeCup Software
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\AVG7
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Apple Computer
2007-10-21 08:23 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\AI Internet Solutions
2007-10-21 08:22 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Microsoft Web Folders
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Talkback
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\SUPERAntiSpyware.com
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\SpamPal
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\SPAMfighter
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\SmartFTP
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Sereniti
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\Printer Info Cache
2007-10-21 08:21 --------- d-----w C:\Documents and Settings\Hans Lundqvist\Application Data\OfficeUpdate12
2007-10-21 08:03 --------- d---a-w C:\Documents and Settings\sara\Application Data\Symantec
2007-10-21 08:03 --------- d---a-w C:\Documents and Settings\sara\Application Data\Creative
2007-10-21 08:03 --------- d-----w C:\Documents and Settings\sara\Application Data\Talkback
2007-10-21 08:03 --------- d-----w C:\Documents and Settings\sara\Application Data\Sereniti
2007-10-21 08:03 --------- d-----w C:\Documents and Settings\sara\Application Data\Lavasoft
2007-10-21 08:02 --------- d-----w C:\Documents and Settings\SYSTEM\Application Data\Talkback
2007-10-21 08:02 --------- d-----w C:\Documents and Settings\SYSTEM\Application Data\AdobeUM
2007-10-21 07:58 --------- d-----w C:\Program Files\X-Cleaner
2007-10-21 07:58 --------- d-----w C:\Program Files\Windows Journal Viewer
2007-10-21 07:58 --------- d-----w C:\Program Files\WebWriter4
2007-10-21 07:58 --------- d-----w C:\Program Files\Viewpoint
2007-10-21 07:58 --------- d-----w C:\Program Files\USBToolbox
2007-10-21 07:57 --------- d-----w C:\Program Files\Tablet
2007-10-21 07:57 --------- d-----w C:\Program Files\SourceTec
2007-10-21 07:57 --------- d-----w C:\Program Files\Snapshot Viewer
2007-10-21 07:57 --------- d-----w C:\Program Files\SmartFTP Client 2.0 Setup Files
2007-10-21 07:57 --------- d-----w C:\Program Files\Return to Castle Wolfenstein
2007-10-21 07:45 --------- d-----w C:\Program Files\PCB
2007-10-21 07:45 --------- d-----w C:\Program Files\Overland
2007-10-21 07:45 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-21 07:45 --------- d-----w C:\Program Files\Microsoft Script Debugger
2007-10-21 07:44 --------- d-----w C:\Program Files\Microsoft Data Analyzer
2007-10-21 07:44 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-10-21 07:44 --------- d-----w C:\Program Files\Maguma
2007-10-21 07:44 --------- d-----w C:\Program Files\Logitech
2007-10-21 07:43 --------- d-----w C:\Program Files\Java
2007-10-21 07:41 --------- d-----w C:\Program Files\ITEKSOFT
2007-10-21 07:41 --------- d-----w C:\Program Files\inKline Global
2007-10-21 07:41 --------- d-----w C:\Program Files\IFBIN
2007-10-21 07:41 --------- d-----w C:\Program Files\IBP 8
2007-10-21 07:41 --------- d-----w C:\Program Files\hp deskjet 930c series
2007-10-21 07:39 --------- d-----w C:\Program Files\GroupMail 5
2007-10-21 07:39 --------- d-----w C:\Program Files\Galax_Sync
2007-10-21 07:39 --------- d-----w C:\Program Files\FireTune
2007-10-21 07:32 --------- d-----w C:\Program Files\Eidos Interactive
2007-10-21 07:31 --------- d-----w C:\Program Files\directx
2007-10-21 07:31 --------- d-----w C:\Program Files\DeKnop
2007-10-21 07:30 --------- d-----w C:\Program Files\Creative
2007-10-21 07:30 --------- d-----w C:\Program Files\backups
2007-10-21 07:30 --------- d-----w C:\Program Files\Audacity
2007-10-21 07:30 --------- d-----w C:\Program Files\Apple Software Update
2007-10-21 07:30 --------- d-----w C:\Program Files\Apperson
2007-10-21 07:30 --------- d-----w C:\Program Files\Apache Software Foundation
2007-10-21 07:30 --------- d-----w C:\Program Files\AOL Security Toolbar
2007-10-21 07:30 --------- d-----w C:\Program Files\Ahead
2007-10-21 07:29 --------- d-----w C:\Program Files\E-Color
2007-10-21 07:29 --------- d-----w C:\Program Files\Actinic v8
2007-10-21 07:18 --------- d-----w C:\Documents and Settings\HANS\Application Data\ATI
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54195AF2-A99D-43AE-AEAB-DCE5EE69D58D}]
C:\WINNT\system32\vtsqp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ab8a650-77f5-4956-82c7-3ee7c4aeaa5a}]
C:\WINNT\system32\hwerbdoa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartFTP Drop]
@={EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}
[HKEY_CLASSES_ROOT\CLSID\{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD}]
07-12-05 00:41 472376 --a------ C:\Program Files\SmartFTP Client 2.0\sfShellTools.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [05-03-21 15:13 C:\WINNT\system32\CTFMON.EXE]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07-03-12 12:49 ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-03-08 09:17 ]
"VoipStunt"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" []
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [07-11-30 16:28 ]
"VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" [07-06-21 12:26 ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 16:40 ]
"MSNAgent"="C:\WINNT\g12071093.exe" [07-12-09 12:08 ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 11:05 C:\WINNT\system32\mobsync.exe]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05-01-12 14:54 ]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [05-12-28 11:39 ]
"NvCplDaemon"="RUNDLL32.exe" [99-12-07 13:00 C:\WINNT\system32\rundll32.exe]
"nwiz"="nwiz.exe" [06-08-11 14:43 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [99-12-07 13:00 C:\WINNT\system32\rundll32.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [05-02-22 21:21 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-02-16 10:54 ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-10-10 19:51 ]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [06-09-13 07:59 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-09-06 16:14 ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [05-02-22 21:21 ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 11:05 ]
C:\Documents and Settings\HANS\Start Menu\Programs\Startup\
VoipBusterMate.lnk - C:\Program Files\VoipBusterMate\VoipBusterMate.exe [2006-07-24 10:36:40]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-02-22 21:21:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 05:05:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 05-09-27 12:13 45056 C:\WINNT\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tatpzqce]
tatpzqce.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
winzzc32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINNT\system32\pmnlm.dll
R0 viamraid;viamraid;C:\WINNT\system32\DRIVERS\viamraid.sys
R0 viaagp1;VIA AGP Filter;C:\WINNT\system32\DRIVERS\viaagp1.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 agony;agony;\??\C:\Documents and Settings\HANS\Desktop\wininit.sys
S3 kvpndev;Kerio VPN adapter;C:\WINNT\system32\DRIVERS\kvpndrv.sys
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 08:00:01 C:\WINNT\Tasks\backup.job"
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-12 18:46:14
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\WINNT\system32\NavLogon.dll
.
Completion time: 2007-12-12 18:47:23 - machine was rebooted
.
2007-12-12 15:04:42 --- E O F ---
4. hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:46, on 12-12-2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
c:\program files\panda software\panda antivirus 2007\WebProxy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\g12071093.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\VoipBusterMate\VoipBusterMate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINNT\system32\HPZipm12.exe
C:\Documents and Settings\HANS\Desktop\HiJackThis(2).exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {a5aaea4c-7ee3-7c28-6594-5f77056a8ba7} - {7ab8a650-77f5-4956-82c7-3ee7c4aeaa5a} - C:\WINNT\system32\hwerbdoa.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSNAgent] C:\WINNT\g12071093.exe
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: VoipBusterMate.lnk = VoipBusterMate\VoipBusterMate.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192814038750O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO20 - Winlogon Notify: tatpzqce - tatpzqce.dll (file missing)
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTSvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus 2007\pavsrv50.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus 2007\PsImSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 8483 bytes
vender lige tilbage med prevx.com
Ny bruger
Nybegynder
Opret
Preview
