Spyware Infestation!
Jeg vil med det samme påpege, at det er første gang jeg poster på "eksperten.dk", så jeg undskylder med det samme for evt. fodfejl.Mit problem: en klassisk invasion af møg, fremprovokeret af en heftig klikken rundt på div. streaming sider...
Jeg har den gratis udgave af AVG kørende, der da også blev alarmeret, men var ikke i stand til at stille noget op.
Så nu har jeg en rød "windows-advarsel-pop-up" der hvert 10 minut popper op med en advarsel om spyware: ”Your system has been affected by the latest version of spyware.CyberlogX” og vil have mig til at installere alle mulige betalings-spyware-remover ting, samt ændre min browserstart til C:\WINDOWS\system32\spywarewarning.mht. (hvilket SUPERAntiSpy dog har sat en stopper for)
Jeg har fulgt proceduren beskrevet i artiklen http://www.eksperten.dk/artikler/1123, der forslår man præsentere sine logfiler herinde og at der så måske er nogle flinke folk, der kan hjælpe :) - det skal lige siges at windows advarslen smider en ud af kørende programmer - så jeg er ved at blive lidt desparat... Help!
Hermed 4 logfiler:
1:
Logfile of HijackThis v1.99.1
Scan saved at 18:52:31, on 28-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\aaaamonc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\Communications_Helper.exe
C:\Programmer\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\Logitech\QuickCam10\COCIManager.exe
C:\Programmer\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Administrator\Skrivebord\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.dk
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SMSERIAL] C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: GameSpot Download Manager.lnk = C:\Programmer\GameSpot\GameSpotDownloadManager_Win32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{23905058-CDAD-4D8D-93E9-B5F14FEA2D0A}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{72EA3C47-10FF-4105-9D3D-3C5275AE272A}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{78075C20-B0C2-4132-B6CF-55D8B6183D54}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{82CF603E-4246-4F23-9026-9DC0CEBB777C}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{D076084D-20BD-435B-A0A5-0AD3D5FC1B06}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9EED0BE-CAFC-41E0-87B3-80B29A009C60}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\..\{23905058-CDAD-4D8D-93E9-B5F14FEA2D0A}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{23905058-CDAD-4D8D-93E9-B5F14FEA2D0A}: NameServer = 85.255.115.38,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.38 85.255.112.152
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmer\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Network DDE DSDM NetDDEdsdmdmadmin (NetDDEdsdmdmadmin) - Unknown owner - C:\WINDOWS\system32\aaaamonc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
2:
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
28-10-2007 18:55:16,31
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 18:55:17
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:d25e8a92
"s1"=dword:cb64bd82
"s2"=dword:9ab19aa5
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:59,7f,3e,3f,51,3f,b4,76,4b,ab,b0,fe,ee,01,ac,24,7e,d8,c6,88,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f6,f4,a9,ec,cf,99,33,0c,32,b6,b7,dc,a6,69,e4,9f,f8,..
"khjeh"=hex:f6,9f,78,58,b2,d3,70,a3,b8,54,e2,c1,cd,82,10,fa,47,f6,1c,ef,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:11,60,00,32,66,e5,13,6a,ab,7a,30,38,3f,eb,8b,5c,b6,61,69,ca,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:59,7f,3e,3f,51,3f,b4,76,4b,ab,b0,fe,ee,01,ac,24,7e,d8,c6,88,26,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f6,f4,a9,ec,cf,99,33,0c,32,b6,b7,dc,a6,69,e4,9f,f8,..
"khjeh"=hex:f6,9f,78,58,b2,d3,70,a3,b8,54,e2,c1,cd,82,10,fa,47,f6,1c,ef,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:11,60,00,32,66,e5,13,6a,ab,7a,30,38,3f,eb,8b,5c,b6,61,69,ca,ee,..
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
3:
ComboFix 07-10-28.2 - Administrator 2007-10-28 18:57:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1431 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kernel32.exe
C:\WINDOWS\system32\nvrssk.dll
C:\WINDOWS\system32\nvrssl.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.
2007-10-28 18:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 17:32 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-10-28 17:32 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-28 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-28 17:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-28 17:24 <DIR> d-------- C:\Programmer\CCleaner
2007-10-28 13:07 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-10-28 01:25 49,664 -r-hs---- C:\WINDOWS\system32\aaaamonc.exe
2007-10-28 01:23 7,168 --a------ C:\Documents and Settings\Administrator\1.exe
2007-10-27 16:15 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-27 16:15 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-27 16:15 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-27 16:12 <DIR> d-------- C:\Programmer\Electronic Arts
2007-10-27 15:25 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-25 22:09 <DIR> d-------- C:\Programmer\GameSpot
2007-10-20 11:40 <DIR> d-------- C:\Programmer\Fælles filer\Logitech
2007-10-20 11:39 <DIR> d-------- C:\Programmer\Logitech
2007-10-20 11:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-10-20 00:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2007-10-20 00:03 <DIR> d-------- C:\Programmer\Skype
2007-10-20 00:03 <DIR> d-------- C:\Programmer\Fælles filer\Skype
2007-10-20 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-18 19:41 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-10-18 19:41 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-18 19:41 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-10-18 19:41 48,640 --a--c--- C:\WINDOWS\system32\dllcache\stream.sys
2007-10-18 19:41 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-18 19:41 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-09 20:38 <DIR> d-------- C:\WINDOWS\pss
2007-10-09 20:32 <DIR> d-------- C:\Programmer\AdVantage
2007-10-09 20:31 <DIR> d-------- C:\Programmer\Webteh
2007-10-09 20:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
2007-10-09 20:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BSplayer
2007-10-08 23:33 <DIR> d-------- C:\Genveje
2007-10-08 23:31 <DIR> d-------- C:\WEBBANK
2007-10-08 23:04 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-08 23:04 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-08 15:53 <DIR> d-------- C:\Spil ISO
2007-10-08 15:46 <DIR> d-------- C:\Documents and Settings\Administrator\cbt
2007-10-08 15:45 <DIR> d-------- C:\WINDOWS\Sun
2007-10-08 15:45 <DIR> d-------- C:\Programmer\Java
2007-10-08 15:44 <DIR> d-------- C:\Programmer\Fælles filer\Java
2007-10-08 15:43 668 --a------ C:\WINDOWS\mozver.dat
2007-10-08 15:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-08 15:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-10-08 14:06 <DIR> d-------- C:\ETUCE
2007-10-08 12:12 <DIR> d-a------ C:\Microsoft Photo Story 3
2007-10-08 10:27 <DIR> d-------- C:\Programmer\Broadcom
2007-10-08 10:27 160,256 --a------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-10-08 10:27 160,256 --a--c--- C:\WINDOWS\system32\dllcache\b57xp32.sys
2007-10-08 00:30 <DIR> d-------- C:\Video
2007-10-07 22:34 <DIR> d-------- C:\Programmer\Sierra Entertainment
2007-10-07 18:10 <DIR> d-------- C:\Programmer\SEGA
2007-10-07 18:04 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-10-07 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Bioshock
2007-10-07 18:04 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-07 17:44 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-07 17:44 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-07 17:44 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-07 17:44 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-07 17:44 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-10-07 16:38 <DIR> d-------- C:\Programmer\2K Games
2007-10-07 16:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-10-07 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield Installation Information
2007-10-07 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Firaxis Games
2007-10-07 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-10-07 15:19 <DIR> d-------- C:\Ordbøger
2007-10-07 15:15 <DIR> d-------- C:\DANTYSK
2007-10-07 15:14 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-07 15:14 <DIR> d-------- C:\DANENG
2007-10-07 15:14 398,416 --------- C:\WINDOWS\system\VBRUN300.DLL
2007-10-07 15:14 80,304 --------- C:\WINDOWS\system\TWAVBX.DLL
2007-10-07 15:14 35,712 --------- C:\WINDOWS\system\TWAOPS01.DLL
2007-10-07 15:14 29,696 --------- C:\WINDOWS\system\WIN32CMI.DLL
2007-10-07 15:14 28,496 --------- C:\WINDOWS\system\TWARSC01.DLL
2007-10-07 15:14 20,480 --------- C:\WINDOWS\system\TWAOPS32.DLL
2007-10-07 15:14 19,456 --------- C:\WINDOWS\system\TWAVER32.EXE
2007-10-07 15:14 7,968 --------- C:\WINDOWS\system\TWACALL.EXE
2007-10-07 15:14 7,437 --------- C:\WINDOWS\system\TWADST10.EXE
2007-10-07 15:04 <DIR> d-------- C:\Programmer\MSBuild
2007-10-07 15:04 <DIR> d-------- C:\Programmer\Microsoft Works
2007-10-07 15:04 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-10-07 15:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-07 15:00 <DIR> dr-h----- C:\MSOCache
2007-10-07 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-07 14:56 <DIR> d-------- C:\MOffice
2007-10-07 14:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-07 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-07 14:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-07 14:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-10-07 14:25 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2007-10-07 14:17 <DIR> d-------- C:\Programmer\DAEMON Tools
2007-10-07 14:17 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2007-10-07 14:08 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-07 14:08 96,256 --a------ C:\WINDOWS\system32\drivers\sptd4125.sys
2007-10-07 14:06 <DIR> d-------- C:\Programmer\Fælles filer\Adobe Systems Shared
2007-10-07 14:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-07 14:05 <DIR> d-------- C:\Programmer\Fælles filer\Adobe
2007-10-07 14:02 <DIR> d-------- C:\Programmer\K-Lite Codec Pack
2007-10-07 14:01 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 00:25 49,664 --sh--r C:\WINDOWS\system32\aaaamonc.exe
2007-10-25 21:09 5,806 ----a-w C:\Programmer\install.log
2007-10-07 19:19 --------- d-----w C:\Programmer\Fælles filer\SpeechEngines
2007-10-07 19:19 --------- d-----w C:\Programmer\Fælles filer\ODBC
2007-10-07 15:20 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-07 12:28 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-10-07 11:27 --------- d-----w C:\Programmer\microsoft frontpage
2007-10-07 11:25 --------- d-----w C:\Programmer\Onlinetjenester
2007-10-07 11:24 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2007-10-07 11:24 --------- d-----w C:\Programmer\Fælles filer\MSSoap
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 10:19]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 10:17]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 13:49 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 18:05]
"nwiz"="nwiz.exe" [2007-04-28 18:05 C:\WINDOWS\system32\nwiz.exe]
"SMSERIAL"="C:\Programmer\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 16:31]
"Acrobat Assistant 7.0"="C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-12-10 15:57]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 07:49]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 08:46]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 09:34]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-09-13 12:31]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-28 18:50]
C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\
GameSpot Download Manager.lnk - C:\Programmer\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-13 01:34:50]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
"C:\Programmer\AdVantage\AdVantage.exe"
R2 NetDDEdsdmdmadmin;Network DDE DSDM NetDDEdsdmdmadmin;C:\WINDOWS\system32\aaaamonc.exe srv
*Newly Created Service* - SASDIFSV
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 19:16:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-28 19:17:40 - machine was rebooted
.
--- E O F ---
4:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/28/2007 at 06:07 PM
Application Version : 3.7.1018
Core Rules Database Version : 3332
Trace Rules Database Version: 1333
Scan type : Complete Scan
Total Scan Time : 00:26:03
Memory items scanned : 169
Memory threats detected : 0
Registry items scanned : 5399
Registry threats detected : 0
File items scanned : 17994
File threats detected : 1
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
