SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 06/19/2008 at 01:22 PM
Application Version : 4.15.1000
Core Rules Database Version : 3485
Trace Rules Database Version: 1476
Scan type : Quick Scan
Total Scan Time : 00:00:00
Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 0
Registry threats detected : 0
File items scanned : 9
File threats detected : 0
************************************
Logfile of HijackThis v1.99.1
Scan saved at 21:59:03, on 19-06-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\AccessManager\Client\sygman.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\ClipX\clipx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Documents and Settings\smedbjki\Desktop\Trojan.Packed.NsAnti\alternativ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://gjintranet/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gjintranetR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.30.34:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intranet.royalscandinavia.com;195.51.205.174;
www.royalscandinavia.com;<local>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: Customize Menu -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Fill Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://gjintranet
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {54F9FB2D-8187-46A8-ACE6-3288150DE2A6} (eLectaWebLaunch Control) -
http://support.e-lecta.com/binaries/ActiveX/6000/eLectaWebLaunch6.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207340343062O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: NavLogon - c:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: gnab_device - - C:\WINDOWS\system32\GNabcoms.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - c:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
*************************************************
ComboFix 08-06-16.5 - SMEDBJKI 2008-06-19 22:02:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1433 [GMT 2:00]
Running from: C:\Documents and Settings\smedbjki\Desktop\Trojan.Packed.NsAnti\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Program Files\3
C:\Program Files\3\3Connect\3ConnectGettingStarted.pdf
C:\Program Files\3\3Connect\3ConnectGettingStarted.txt
C:\Program Files\3\3Connect\3ConnectHelp.chm
C:\Program Files\3\3Connect\3ConnectUserGuide.pdf
C:\Program Files\3\3Connect\AceDb.encrypt
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\3\3Connect\BlacklistedProcesses.xml
C:\Program Files\3\3Connect\capicom.dll
C:\Program Files\3\3Connect\CiscoApiWrapper.dll
C:\Program Files\3\3Connect\Config.encrypt
C:\Program Files\3\3Connect\Config.xml
C:\Program Files\3\3Connect\Config_23806.encrypt
C:\Program Files\3\3Connect\Config_23806.xml
C:\Program Files\3\3Connect\Config_24002.encrypt
C:\Program Files\3\3Connect\Config_24002.xml
C:\Program Files\3\3Connect\Config_Default.encrypt
C:\Program Files\3\3Connect\Config_Default.xml
C:\Program Files\3\3Connect\ConfigAup.encrypt
C:\Program Files\3\3Connect\ConfigAup.xml
C:\Program Files\3\3Connect\DeviceInstaller.exe
C:\Program Files\3\3Connect\HuaweiCardReset.exe
C:\Program Files\3\3Connect\HuaweiE220.dll
C:\Program Files\3\3Connect\HuaweiE620.dll
C:\Program Files\3\3Connect\ImportConfiguration.exe
C:\Program Files\3\3Connect\LanDevice.dll
C:\Program Files\3\3Connect\Logger.dll
C:\Program Files\3\3Connect\mfc80u.dll
C:\Program Files\3\3Connect\Microsoft.VC80.CRT.manifest
C:\Program Files\3\3Connect\Microsoft.VC80.MFC.manifest
C:\Program Files\3\3Connect\modemcust.cfg
C:\Program Files\3\3Connect\modeminfo.cfg
C:\Program Files\3\3Connect\Modems\Huawei Modems.exe
C:\Program Files\3\3Connect\msvcp80.dll
C:\Program Files\3\3Connect\msvcr80.dll
C:\Program Files\3\3Connect\NetworkCodes.cfg
C:\Program Files\3\3Connect\OperatorList.xml
C:\Program Files\3\3Connect\OptGlobetrotterGTMax72.dll
C:\Program Files\3\3Connect\Res.dll
C:\Program Files\3\3Connect\Skins\FlashSkin\gui.swf
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
C:\Program Files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
C:\Program Files\3\3Connect\Sms.xml
C:\Program Files\3\3Connect\SmsApp2.dll
C:\Program Files\3\3Connect\SocketMgr.dll
C:\Program Files\3\3Connect\SoftOpt.encrypt
C:\Program Files\3\3Connect\Strings.txt
C:\Program Files\3\3Connect\SysConfig.dat
C:\Program Files\3\3Connect\SystemInfo.txt
C:\Program Files\3\3Connect\Update\ConfigAup.encrypt
C:\Program Files\3\3Connect\Update\ConfigAup.xml
C:\Program Files\3\3Connect\Wilog.exe
C:\Program Files\3\3Connect\WWanDevice.dll
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\fool1.dll
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-19 21:40 . 2008-06-19 21:40 <DIR> d-------- C:\Documents and Settings\Administrator.SMX9370\Application Data\SUPERAntiSpyware.com
2008-06-19 21:30 . 2008-06-19 21:30 78,237,398 --a------ C:\backup_registry_190608.reg
2008-06-19 21:23 . 2008-06-19 21:23 <DIR> d-------- C:\Program Files\CCleaner
2008-06-19 11:06 . 2008-06-19 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-19 10:46 . 2008-06-19 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-19 10:45 . 2008-06-19 10:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 10:45 . 2008-06-19 10:45 <DIR> d-------- C:\Documents and Settings\smedbjki\Application Data\SUPERAntiSpyware.com
2008-06-19 09:22 . 2008-06-15 11:38 175,808 -r-hs---- C:\bud3.bat
2008-06-17 16:00 . 2008-06-17 16:03 <DIR> d-------- C:\Install
2008-06-17 15:15 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-17 15:15 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-06-17 15:15 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-06-17 15:15 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-06-17 15:11 . 2008-06-17 15:50 <DIR> d-------- C:\!!!-DATA-
2008-06-10 20:43 . 2008-06-10 20:43 <DIR> d-------- C:\eLectaTemp
2008-06-08 20:48 . 2008-06-08 20:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 19:58 . 2008-06-05 19:58 4,483,571 --a------ C:\NetopGuestStandAlone.zip
2008-06-02 10:45 . 2008-06-02 10:45 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-05-29 10:10 . 2008-05-29 10:10 <DIR> d-------- C:\Program Files\Printer
2008-05-29 10:10 . 2008-05-29 10:10 <DIR> d-------- C:\Program Files\OEM_HostCD
2008-05-26 13:55 . 2008-06-19 11:06 <DIR> d-------- C:\Program Files\LogMeIn
2008-05-26 13:55 . 2008-05-28 12:32 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-05-26 13:55 . 2005-10-03 11:29 5,632 --a------ C:\WINDOWS\system32\LMIinit.dll.000.bak
2008-05-26 13:55 . 2008-05-26 13:55 1,024 --a------ C:\.rnd
2008-05-22 12:01 . 2008-05-22 12:01 172,619 --a------ C:\Byggetilladelse_Idr‘tsvej6.pdf
2008-05-21 15:48 . 2008-06-02 10:45 69 --a------ C:\WINDOWS\NeroDigital.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 09:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-19 09:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-06-19 08:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 08:53 --------- d-----w C:\Program Files\ZipCentral
2008-05-16 11:03 --------- d-----w C:\Program Files\HEAT
2008-05-14 19:58 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\TrueCrypt
2008-05-14 13:54 --------- d-----w C:\Program Files\GPMC
2008-05-14 13:46 --------- d-----w C:\Program Files\Microsoft Integration
2008-05-14 13:46 --------- d-----w C:\Program Files\Exchsrvr
2008-05-14 13:21 --------- d-----w C:\Program Files\CMAK
2008-05-14 12:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 12:31 --------- d-----w C:\Program Files\TextPad 4
2008-05-14 12:29 --------- d-----w C:\Program Files\Photoshop 7.0
2008-05-14 12:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-14 12:22 --------- d-----w C:\Program Files\Common Files\Wintertree
2008-05-13 14:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-05-13 14:53 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-13 14:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-13 14:51 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\Ahead
2008-05-13 14:48 --------- d-----w C:\Program Files\Nero
2008-05-13 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-09 15:22 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\PowerHouse
2008-05-08 21:16 --------- d-----w C:\Program Files\HTMLPad 2007
2008-05-08 21:16 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\Blumentals
2008-05-08 20:52 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\TuneUp Software
2008-05-08 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-05-08 20:47 --------- d-----w C:\Program Files\Java
2008-05-08 20:46 --------- d-----w C:\Program Files\Common Files\Java
2008-05-08 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\e-Safekey
2008-05-08 20:34 --------- d-----w C:\Program Files\ClipX
2008-05-08 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-08 20:29 --------- d-----w C:\Program Files\Siber Systems
2008-05-07 15:14 69,361 ----a-w C:\WINDOWS\Huawei ModemsUninstall.exe
2008-05-06 12:42 --------- d-----w C:\Program Files\ZapGrab2
2008-05-05 10:14 --------- d-----w C:\Program Files\IP VPN Remote Services
2008-04-29 18:08 --------- d-----w C:\Program Files\eLecta Live
2008-04-25 06:09 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\ICAClient
2008-04-24 10:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Birdstep Technology
2008-04-24 09:57 --------- d-----w C:\Documents and Settings\smedbjki\Application Data\Birdstep Technology
2008-04-24 06:54 --------- d-----w C:\Program Files\Huawei Modems
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-08 22:29 160592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 10:39 149040]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="c:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-09-27 20:33 125168]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:56 143360]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-09 16:32 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-09 16:32 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-09 16:32 131072]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2007-08-14 15:32 48904]
"ClipX"="C:\Program Files\ClipX\clipx.exe" [2005-11-30 23:34 68608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 10:59 161328]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-04 10:35 1057328]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"1"= C:\Program Files\Internet Explorer\IEXPLORE.EXE
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-08-14 15:54 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.speexacm"= speexw.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2848382773-3542333892-2726771382-1703\Scripts\Logon\
0\
0]
"Script"=SCSUpdate.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2848382773-3542333892-2726771382-1703\Scripts\Logon\1\
0]
"Script"=ClientAccess.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2848382773-3542333892-2726771382-1703\Scripts\Logon\2\
0]
"Script"=MapDrivesPrinters.vbs
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AccessManager"=C:\Program Files\AccessManager\Client\AccessMgr.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\GNabcoms.exe"=
R2 AMBroker;Access Manager Configuration Service;"C:\Program Files\AccessManager\Client\AMBroker.exe" [2004-11-03 08:45]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 mdvrmng;Mobile IP Route Manager;C:\WINDOWS\system32\drivers\mdvrmng.sys [2007-05-28 17:00]
R2 MSExchangeMGMT;Microsoft Exchange Management;"C:\Program Files\Exchsrvr\bin\exmgmt.exe" [2003-06-24 09:00]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 15:46]
R2 Sygman;SSA Integration Manager;"C:\Program Files\AccessManager\Client\sygman.exe" [2004-11-03 08:48]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2002-10-11 15:49]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-10-11 15:49]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-10-11 15:49]
S3 DAPlugin;Visual Insight DA Plugin;C:\Program Files\AccessManager\Client\DAPlugin.exe [2004-11-03 08:56]
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\IP VPN Remote Services\Extranet_serv.exe" [2002-10-11 15:39]
S3 gnab_device;gnab_device;C:\WINDOWS\system32\GNabcoms.exe [2006-06-14 23:10]
S3 sp_spi_da;Visual Insight Dial Analysis;C:\Program Files\AccessManager\SMOC\spi_da.exe [2004-10-15 16:40]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-08 22:54]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13efc204-3ddc-11dd-9028-0016cff0676a}]
\Shell\AutoRun\command - E:\bud3.bat
\Shell\explore\Command - E:\bud3.bat
\Shell\open\Command - E:\bud3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13efc205-3ddc-11dd-9028-0016cff0676a}]
\Shell\AutoRun\command - E:\vg86pltx.cmd
\Shell\explore\Command - E:\vg86pltx.cmd
\Shell\open\Command - E:\vg86pltx.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{246c4a76-3248-11dd-900e-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa3076e-1c48-11dd-8fcc-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aa30770-1c48-11dd-8fcc-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5157c39c-11e3-11dd-8fb8-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3df2ace-1dd7-11dd-8fd3-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3df2ad0-1dd7-11dd-8fd3-0016cff0676a}]
\Shell\AutoRun\command - F:\.\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3082dab-1a7a-11dd-8fc8-0016cff0676a}]
\Shell\AutoRun\command - E:\bud3.bat
\Shell\explore\Command - E:\bud3.bat
\Shell\open\Command - E:\bud3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2864820-11ca-11dd-8fb7-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2864821-11ca-11dd-8fb7-0016cff0676a}]
\Shell\AutoRun\command - E:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 19:51:34 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-19 22:08:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-06-19 22:12:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 20:12:46
Pre-Run: 39,587,516,416 bytes free
Post-Run: 39,562,002,432 bytes free
324
Ny bruger
Nybegynder
Opret
Preview
