Super antispyware gemte ikke en log, hvorfor er jeg ikke klar over! Men de andre kommer her.
********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
11-12-2007 20:23:00,34
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-11 20:23:01
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
ComboFix 07-12-09.1 - Anders 2007-12-11 20:27:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.90 [GMT 1:00]
Running from: C:\Download\AntiSpywareprog\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\jkkji.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.
2007-12-10 19:19 . 2007-12-10 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-10 19:11 . 2007-12-11 20:20 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-12-10 19:11 . 2007-12-10 19:11 <DIR> d-------- C:\Documents and Settings\Anders\Application Data\SUPERAntiSpyware.com
2007-12-10 19:11 . 2007-12-10 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-10 18:58 . 2007-12-10 18:58 <DIR> d-------- C:\Programmer\CCleaner
2007-12-10 17:18 . 2005-06-06 18:31 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2007-12-10 17:18 . 2005-06-06 17:39 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2007-12-10 17:18 . 2005-06-06 18:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2007-12-10 17:18 . 2005-06-06 18:31 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2007-12-10 17:18 . 2007-12-11 20:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2007-12-10 17:18 . 2005-06-06 18:31 <DIR> d-------- C:\Documents and Settings\Administrator\Foretrukne
2007-12-10 17:18 . 2005-06-06 18:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenter
2007-12-10 17:18 . 2005-06-06 18:31 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2007-12-10 17:10 . 2007-12-10 18:34 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-10 16:45 . 2007-12-10 16:45 <DIR> d-------- C:\Programmer\Lavasoft
2007-12-10 16:45 . 2007-12-10 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-10 16:44 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-09 18:17 . 2007-12-10 17:21 <DIR> d-------- C:\Ny mappe
2007-12-08 21:52 . 2007-08-20 11:00 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-08 21:52 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-08 21:52 . 2007-03-08 06:09 1,015,808 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-08 21:52 . 2007-08-20 11:00 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-08 21:52 . 2007-08-20 11:00 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-08 21:52 . 2007-08-20 11:00 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-08 21:52 . 2007-08-20 11:00 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-08 21:52 . 2007-08-20 11:00 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-08 21:52 . 2007-08-17 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-08 21:51 . 2007-12-08 21:52 <DIR> d-------- C:\WINDOWS\system32\da-dk
2007-12-08 21:46 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 19:10 --------- d-----w C:\Programmer\Webshots
2007-12-11 19:10 --------- d-----w C:\Programmer\SpywareGuard
2007-12-11 19:10 --------- d-----w C:\Programmer\QuickTime
2007-12-11 19:10 --------- d-----w C:\Programmer\MSN Messenger
2007-12-11 19:10 --------- d-----w C:\Programmer\iTunes
2007-12-11 19:10 --------- d-----w C:\Programmer\Fælles filer\Teleca Shared
2007-12-11 19:10 --------- d-----w C:\Programmer\Fælles filer\Sony Ericsson Shared
2007-12-11 19:10 --------- d-----w C:\Programmer\D-Tools
2007-12-10 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 17:06 --------- d-----w C:\Programmer\SpywareBlaster
2007-12-07 21:12 --------- d-----w C:\Documents and Settings\Anders\Application Data\uTorrent
2007-12-07 18:03 --------- d-----w C:\Programmer\uTorrent
2007-12-07 16:49 --------- d-----w C:\Programmer\eMule
2007-10-22 17:40 --------- d-----w C:\Programmer\Java
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 15:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-03-04 04:02 C:\WINDOWS\mixer.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-26 16:53 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-26 16:53 C:\WINDOWS\system32\rundll32.exe]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 16:05]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"APVXDWIN"="C:\Programmer\Panda Software\Panda Antivirus 2007\APVXDWIN.exe" [2006-09-13 06:59]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-07-10 08:18]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 09:14]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 11:13 45056 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfeddc]
khfeddc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkji.dll
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 18:39:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Anders\LOKALE~1\Temp\phgelmxb.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-11 20:37:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-11 20:41:26 - machine was rebooted
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 19:31:50, on 12-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE
C:\Programmer\QuickTime\QTTask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\programmer\panda software\panda antivirus 2007\WebProxy.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\Webshots\webshots.scr
C:\Programmer\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Ny mappe\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: CD-MENU.LNK = D:\MENU.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://webnode1.xstream.dk/radiostationer/rawflow/204/Rawflow.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) -
http://f010.mail.jubii.dk/app/uploader/FileUploader.cabO16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_06) -
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{8D4F81E3-4595-426B-80A6-08943118F6C4}: NameServer = 212.242.40.3,212.242.40.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: khfeddc - khfeddc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmer\Panda Software\Panda Antivirus 2007\PsImSvc.exe