Er jeg sluppet helt af med "Windows Security Alert"?
HejSå blev det min tur til at blive ramt af noget som jeg egentligt gerne ville have været foruden.
Symptomerne var som følger: Windows' baggrundsbillede blev ændret, der blev ryddet kraftigt ud i startmenuen og på skrivebordet og jeg fik hele tiden popups med "Du er ramt af spyware. Klik her".
Så vidt jeg kunne læse mig til, var det Smitfraud, så jeg kørte Smitfraudfix og Combofix, der fik tingene tilbage til deres normale tilstand.
Jeg vil dog gerne lige være helt sikker på at der ikke er noget der ligger og putter sig et sted inden jeg logger på min netbank, så jeg vil høre om der er nogen der gider tjekke mine logs.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/06/2008 at 11:30 PM
Application Version : 4.0.1154
Core Rules Database Version : 3558
Trace Rules Database Version: 1546
Scan type : Complete Scan
Total Scan Time : 11:47:53
Memory items scanned : 184
Memory threats detected : 0
Registry items scanned : 6883
Registry threats detected : 0
File items scanned : 267978
File threats detected : 2
Adware.WhenU
C:\PROGRAMMER\DAEMON TOOLS\SETUPDTSB.EXE
Trojan.Dropper/Gen
C:\WINDOWS\SXMAOKGF.EXE
Logfile of HijackThis v1.99.1
Scan saved at 08:28:18, on 08-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Spywarefri\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmer\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programmer\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programmer\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WD NetCenter EasyLink] C:\Programmer\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe -s
O4 - HKLM\..\Run: [TrayServer] C:\Programmer\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Troels\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: MagicDisc.lnk = C:\Programmer\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmer\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmer\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173640852000
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programmer\Fælles filer\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programmer\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
ComboFix 08-09-04.09 - Troels 2008-09-08 10:43:01.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1721 [GMT 2:00]
Running from: C:\Spywarefri\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))
.
2008-09-08 10:27 . 2008-09-08 10:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-08 08:45 . 2008-09-08 08:46 <DIR> d-------- C:\Test
2008-09-05 15:14 . 2008-09-05 15:32 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-09-05 15:14 . 2008-09-05 15:14 <DIR> d-------- C:\Documents and Settings\Troels\Application Data\SUPERAntiSpyware.com
2008-09-05 15:14 . 2008-09-05 15:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-05 14:58 . 2008-09-08 08:28 <DIR> d-------- C:\Spywarefri
2008-09-05 14:51 . 2008-09-05 14:51 135,986 --a------ C:\cc_20080905_145110.reg
2008-09-05 14:10 . 2008-09-05 14:53 <DIR> d-------- C:\SmitfraudFix
2008-09-05 14:01 . 2008-09-05 14:01 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2008-09-05 14:01 . 2008-09-05 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 14:00 . 2008-09-05 13:59 1,576,605 --a------ C:\SmitfraudFix.exe
2008-09-05 13:43 . 2008-09-05 13:43 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-09-02 17:13 . 2008-09-02 17:13 <DIR> d-------- C:\Programmer\WinSCP
2008-08-18 14:25 . 2008-08-18 14:25 <DIR> d-------- C:\Programmer\MediaMonkey
2008-08-17 17:30 . 2008-08-17 17:30 <DIR> d-------- C:\Programmer\CCleaner
2008-08-16 19:48 . 2004-08-26 17:53 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-16 19:48 . 2001-10-04 17:07 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-15 16:13 . 2008-08-15 16:13 <DIR> d-------- C:\Programmer\GIMP-2.0
2008-08-15 16:13 . 2008-08-15 16:14 <DIR> d-------- C:\Documents and Settings\Troels\.gimp-2.4
2008-08-15 16:01 . 2008-08-15 16:01 <DIR> d-------- C:\Gravitation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 06:43 --------- d-----w C:\Programmer\Bonjour
2008-09-07 21:48 --------- d-----w C:\Programmer\Mozilla Thunderbird
2008-09-05 12:52 4,120 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-05 12:01 --------- d-----w C:\Programmer\Lavasoft
2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 15:19 --------- d-----w C:\Documents and Settings\Troels\Application Data\CoreFTP
2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-17 20:56 --------- d-----w C:\Programmer\MSECACHE
2008-08-17 15:39 --------- d-----w C:\Programmer\Windows Live
2008-08-16 18:14 --------- d-----w C:\Programmer\Java
2008-08-05 20:48 --------- d-----w C:\Programmer\Apple Software Update
2008-08-05 10:28 --------- d-----w C:\Documents and Settings\Troels\Application Data\Canon
2008-08-01 09:47 --------- d-----w C:\Programmer\iTunes
2008-08-01 09:47 --------- d-----w C:\Programmer\iPod
2008-07-20 14:05 --------- d-----w C:\Programmer\QuickTime
2008-07-18 18:39 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-09 03:05 9,200 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-09 03:05 9,072 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-09 03:05 43,872 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-07-09 03:05 129,520 ------w C:\WINDOWS\system32\pxafs.dll
2008-07-09 03:05 120,568 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-07-09 03:05 118,256 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:33 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-05_15.11.06.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-05 13:14:15 34,304 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 94208]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-12 5724184]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 15360]
"Google Update"="C:\Documents and Settings\Troels\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 385024]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SoundMAXPnP"="C:\Programmer\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="C:\Programmer\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"DU Meter"="C:\Programmer\DU Meter\DUMeter.exe" [2006-11-27 1582616]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WD NetCenter EasyLink"="C:\Programmer\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe" [2005-05-17 442368]
"TrayServer"="C:\Programmer\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe" [2006-10-04 86016]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\FLLESF~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"AppleSyncNotifier"="C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-07-30 289064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 15360]
C:\Documents and Settings\Troels\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-12 110592]
MagicDisc.lnk - C:\Programmer\MagicDisc\MagicDisc.exe [2008-02-12 546816]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl> Ý\†Ð=ŸàÛ±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\mIRC\\mirc.exe"=
"C:\\Programmer\\Last.fm\\LastFM.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programmer\\CoreFTP\\coreftp.exe"=
"C:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"=
"C:\\Programmer\\Orbitdownloader\\orbitdm.exe"=
"C:\\Programmer\\Orbitdownloader\\orbitnet.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Programmer\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Programmer\\Fælles filer\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programmer\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51 13560]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programmer\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 SNCT511;PC Camera (6005 CIF);C:\WINDOWS\system32\DRIVERS\snct511.sys [2002-11-26 229376]
S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 24635]
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01f596d5-194d-11dd-9011-001731edbcd1}]
\Shell\AutoRun\command - H:\RavMon.exe
\Shell\explore\Command - H:\RavMon.exe -e
\Shell\open\Command - H:\RavMon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfe7fbcf-cfda-11db-aa59-806d6172696f}]
\Shell\AutoRun\command - E:\ASUSACPI.exe
*Newly Created Service* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Troels\Application Data\Mozilla\Firefox\Profiles\o6uk1ra7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.dk/ig?hl=da
FF -: plugin - C:\Documents and Settings\Troels\Lokale indstillinger\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Programmer\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Programmer\Microsoft Research\HDView for Firefox\nphdview.dll
FF -: plugin - C:\Programmer\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Programmer\Photosynth\Tech Preview\nppsynth.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 10:46:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmer\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-09-08 10:51:41
ComboFix-quarantined-files.txt 2008-09-08 08:50:38
ComboFix2.txt 2008-09-08 06:50:23
ComboFix3.txt 2008-09-05 13:42:03
ComboFix4.txt 2008-09-05 13:12:07
Pre-Run: 55,009,005,568 byte ledig
Post-Run: 54,998,331,392 byte ledig
170 --- E O F --- 2008-08-29 11:39:35
Efterfølgende har jeg kørt SuperAntiSpyware igen, og denne gang finder den følgende:
Adware.Tracking Cookie
C:\Documents and Settings\Troels\Cookies\troels@bs.serving-sys[1].txt
C:\Documents and Settings\Troels\Cookies\troels@serving-sys[1].txt