Jeg kan jo ikke komme ind i kontrolpanel, men har fjernet FiksDinPC med Ccleaner. Desuden vedlægger jeg så en bunke logfiler fra artikel 1123
rootlog:
******************************** ROOTCHK-(28-12-07)-LOG, by ejvindh
12-01-2008 16:27:34,62
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-12 16:27:37
Windows 5.1.2600 Service Pack 2
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
detected NTDLL code modification:
ZwOpenFile
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:00,32,fc,9e,c2,a9,c0,6d,0e,3a,c6,51,83,0a,0b,21,bf,24,35,85,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,eb,0c,d3,66,d2,3a,ed,49,8d,40,88,17,1e,c4,ee,9f,..
"khjeh"=hex:e9,11,ec,81,16,72,b5,8f,4f,b9,ff,6e,eb,f3,5a,3b,83,1d,0d,e5,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b8,00,5a,32,69,83,f4,a8,e1,9c,7e,5e,59,6b,a1,db,e7,a1,42,e7,01,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:00,32,fc,9e,c2,a9,c0,6d,0e,3a,c6,51,83,0a,0b,21,bf,24,35,85,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a9,eb,0c,d3,66,d2,3a,ed,49,8d,40,88,17,1e,c4,ee,9f,..
"khjeh"=hex:e9,11,ec,81,16,72,b5,8f,4f,b9,ff,6e,eb,f3,5a,3b,83,1d,0d,e5,c7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b8,00,5a,32,69,83,f4,a8,e1,9c,7e,5e,59,6b,a1,db,e7,a1,42,e7,01,..
detected NTDLL code modification:
ZwOpenFile
scanning hidden registry entries ...
detected NTDLL code modification:
ZwOpenFile
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
combofix:
ComboFix 08-01-11.1 - Inge Andersen 2008-01-12 17:15:26.1 - NTFSx86
Running from: C:\Documents and Settings\Inge Andersen\Dokumenter\virus osv\ComboFix.exe
.
The following files were disabled during the run:C:\Programmer\Spyware Doctor\klg.dat
C:\Programmer\Spyware Doctor\klg.dat
C:\Programmer\Spyware Doctor\klg.dat
C:\Programmer\Spyware Doctor\klg.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Inge Andersen\Application Data\setup_dk[1].exe
.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.
2008-01-12 17:09 . 2000-08-31 08:00 60,928 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 14:17 . 2008-01-12 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 14:16 . 2008-01-12 16:39 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-01-12 14:16 . 2008-01-12 14:16 <DIR> d-------- C:\Documents and Settings\Inge Andersen\Application Data\SUPERAntiSpyware.com
2008-01-12 14:15 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-11 22:42 . 2008-01-11 22:42 <DIR> d-------- C:\Programmer\CCleaner
2008-01-11 15:42 . 2008-01-11 15:44 <DIR> d-------- C:\e1c1e80afe1d6b18ce6b
2008-01-10 22:40 . 2008-01-10 22:40 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-01-07 15:09 . 2008-01-07 15:09 <DIR> d-------- C:\Programmer\Grid Ante
2007-12-30 21:08 . 2007-12-30 21:08 <DIR> d-------- C:\Documents and Settings\Inge Andersen\Application Data\Logitech
2007-12-30 21:07 . <DIR> C:\Programmer\Fælles filer\LogiShared
2007-12-30 21:07 . 2007-12-30 21:07 <DIR> d-------- C:\Documents and Settings\Inge Andersen\Application Data\Leadertech
2007-12-30 21:04 . 2007-12-30 21:04 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-30 21:04 . 2007-12-30 21:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-30 21:03 . 2007-12-30 21:03 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-30 21:03 . 2007-04-11 15:33 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-12-30 21:03 . 2007-04-11 15:33 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-12-30 21:03 . 2007-04-11 15:32 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-12-30 21:03 . 2007-04-11 15:32 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-12-30 21:03 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-12-30 21:03 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-12-30 21:03 . 2007-04-11 15:32 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-12-30 21:02 . 2007-12-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-30 21:02 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-12-30 21:02 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-12-30 21:02 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-12-30 21:02 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-12-30 21:01 . 2007-12-30 21:01 <DIR> d-------- C:\Programmer\Logitech
2007-12-30 21:01 . <DIR> C:\Programmer\Fælles filer\Logitech
2007-12-30 21:01 . 2007-12-30 21:01 <DIR> d-------- C:\Documents and Settings\Inge Andersen\Application Data\InstallShield
2007-12-30 21:01 . 2007-12-30 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-29 16:37 . 2007-12-29 16:37 111 --a------ C:\WINDOWS\system32\data.bat
2007-12-29 16:37 . 2007-12-29 16:37 83 --a------ C:\WINDOWS\system32\data.vbs
2007-12-27 21:21 . 2007-12-27 21:33 69,456 --a------ C:\WINDOWS\hpoins05.dat
2007-12-27 21:21 . 2004-12-14 19:35 19,696 --------- C:\WINDOWS\hpomdl05.dat
2007-12-25 00:46 . 2004-08-26 17:53 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-25 00:46 . 2004-08-26 17:53 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-25 00:46 . 2001-10-04 16:35 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-12-25 00:46 . 2001-10-04 16:35 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 16:22 --------- d-----w C:\Programmer\Spyware Doctor
2008-01-12 16:21 8,419,360 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-12 16:20 99,716 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-12 13:08 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2008-01-12 13:07 --------- d-----w C:\Programmer\Yahoo!
2008-01-12 12:50 --------- d-----w C:\Programmer\Symantec
2008-01-11 22:50 --------- d-----w C:\Programmer\5star Free Lines
2008-01-11 22:13 --------- d-----w C:\Programmer\Norton AntiVirus
2008-01-11 22:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-11 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-07 14:09 --------- d-----w C:\Documents and Settings\Inge Andersen\Application Data\Grid Ante
2008-01-07 14:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW
2007-12-30 20:01 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-12-27 20:31 --------- d-----w C:\Programmer\HP
2007-12-07 21:30 --------- d-----w C:\Programmer\Mario Forever
2007-12-07 14:19 --------- d-----w C:\Programmer\PiX Juegos
2007-12-07 14:19 --------- d-----w C:\Documents and Settings\Inge Andersen\Application Data\.PiXJuegos
2007-11-23 21:18 --------- d-----w C:\Programmer\FiksDinPC
2007-11-23 21:18 --------- d-----w C:\Programmer\Fælles filer\FiksDinPC
2007-11-23 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-23 19:58 --------- d-----w C:\Programmer\Broadcom
2007-11-23 15:53 --------- d-----w C:\Programmer\Agnitum
2007-11-22 20:55 --------- d-----w C:\Documents and Settings\Inge Andersen\Application Data\fiksdinpc
2007-11-22 20:50 --------- d-----r C:\Documents and Settings\All Users\Application Data\fiksdinpc
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 25088]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 21:49 68856]
"acid platform"="C:\DOCUME~1\INGEAN~1\APPLIC~1\GRIDAN~1\bone default blah.exe" [2008-01-07 15:08 484352]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1330416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-04-20 19:47 167936]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-04-20 19:43 131072]
"UC_Start"="C:\Programmer\IBM\Updater\\ucstartup.exe" [2003-10-01 00:39 49152]
"UC_SMB"="" []
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 21:12 102400]
"Mouse Suite 98 Daemon"="ICO.EXE" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 49263]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-09-01 14:57 294912]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49 61440]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SDTray"="C:\Programmer\Spyware Doctor\SDTrayApp.exe" [2007-05-18 08:54 810576]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14 919016]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Hope Draw Obj Funk"="C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW\BAT COMP.exe" [2008-01-12 17:23 790016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 02:53 25088]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 16:00:01 C:\WINDOWS\Tasks\AD31C18E918A7502.job"
- c:\docume~1\ingean~1\applic~1\gridan~1\SIZE FRAG JUMP.exe
"2008-01-12 15:12:46 C:\WINDOWS\Tasks\HPpromotions psc 1600 series.job"
- C:\Programmer\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-12 17:24:24
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-12 17:27:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 16:27:05
.
2008-01-12 15:39:09 --- E O F ---
superspyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/12/2008 at 03:26 PM
Application Version : 3.7.1018
Core Rules Database Version : 3379
Trace Rules Database Version: 1373
Scan type : Complete Scan
Total Scan Time : 00:59:36
Memory items scanned : 221
Memory threats detected : 0
Registry items scanned : 6127
Registry threats detected : 0
File items scanned : 27765
File threats detected : 67
Adware.Tracking Cookie
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@1072572700[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@aa[3].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@elitehost[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@qxl.adservinginternational[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@clickbank[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@banner.cdpoker[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@710092432412044[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@click4foto[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@1066230470[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ad1.clickhype[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@www.adserver5[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@qxl.banneradministration[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@eas4.emediate[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ads1.partnerlogic[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@pacificpoker[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@005.free-counters.co[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@banners.casino[3].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@eas.apm.emediate[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ad.yieldmanager[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@hbxtracking.sueddeutsche[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ad.hbv[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ad.ofir[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@e2.emediate[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@date.ventivmedia[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ads.dk-kogebogen[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@amlocalhost.trymedia[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@cgi-bin[3].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ads2.jubii[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ad.adnet[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@clickaider[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@clicktorrent[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@mediavantage[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@adfair[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@adv.surinter[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ads.e-planning[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@bannere.fyens[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@banner.fynskemedier[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@evolnetmedia[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@partner2profit[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@1067704117[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@ad.exent[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@1070791529[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@new-pcp[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@redirect.clickshield[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@www.findalt[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@stats24[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@phpmv2[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@media.mtvnservices[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@stat.postdanmark[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@usenext[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@rambler[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@partypoker[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@shop.zanox[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@www.clash-media[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@stat.inleadmedia[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@tracking.notabenestats[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@richmedia.yahoo[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@www.torrent-finder[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@yourmedia[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@torrent-finder[1].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@adsense[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@adsense[3].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@banner.fynskemedier[2].txt
C:\Documents and Settings\Inge Andersen\Cookies\inge andersen@banner.fynskemedier[3].txt
Malware.LocusSoftware Inc/Gen
C:\PROGRAMMER\FIKSDINPC\UCOOKW.EXE
Adware.IWinGames
C:\PROGRAMMER\IWIN GAMES\IWINGAMESHOOKIE.DLL
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:28, on 11-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmer\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Inge Andersen\Dokumenter\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmer\Java\jre1.5.0_06\bin\jucheck.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://search.bearshare.com/sidebar.html?src=ssbR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UC_Start] C:\Programmer\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [FiksDinPC] C:\Programmer\FiksDinPC\SysRep.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Hope Draw Obj Funk] C:\Documents and Settings\All Users\Application Data\LICENSE FORD HOPE DRAW\BAT COMP.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [acid platform] C:\DOCUME~1\INGEAN~1\APPLIC~1\GRIDAN~1\bone default blah.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [RomeSetup.exe] C:\DOWNLO~1\ROMESE~1.EXE /r
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142627531296O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cabO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\freewin.exe (file missing)
O23 - Service: Microsoft Media - Unknown owner - C:\WINDOWS\system32\dllcache\Rtsecar.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10171 bytes
