Er al snavs væk , Gennemgang af hijackthis log ønskes

Der skal ryddes mere op..

Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

derudover skal du hente:
Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Tænkte jo nok der fortsat var snavs på maskinen.

SuperAntiSpyware fandt intet på C: drevet, men nogle cookies på mit backup drev (gamle filer) som jeg nu har slettet.

Herunder følger loggen fra combofix.

ComboFix 07-10-12.4 - Familien 2007-10-14 12:41:20.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1413 [GMT 2:00]
Running from: C:\Documents and Settings\Familien\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Familien\Application Data\inst.exe
C:\Programmer\myglobalsearch
C:\WINNT\bobsaver.exe
C:\WINNT\bobsaver.scr
C:\WINNT\t\

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


(((((((((((((((((((((((((  Files Created from 2007-09-14 to 2007-10-14  )))))))))))))))))))))))))))))))
.

2007-10-14 12:38    51,200    --a------    C:\WINNT\NirCmd.exe
2007-10-14 09:03    <DIR>    d--------    C:\Documents and Settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2007-10-14 09:02    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-14 09:02    <DIR>    d--------    C:\Documents and Settings\Familien\Application Data\SUPERAntiSpyware.com
2007-10-14 08:58    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-13 18:48    <DIR>    d--------    C:\Documents and Settings\Familien\Application Data\DVDFab
2007-10-13 16:27    <DIR>    d--------    C:\Documents and Settings\All Users.WINNT\Application Data\vsosdk
2007-10-13 15:55    <DIR>    d--------    C:\Programmer\DVDFab Platinum 3
2007-10-13 15:55    <DIR>    d--------    C:\Documents and Settings\Familien\Application Data\Vso
2007-10-13 15:55    47,360    --a------    C:\WINNT\system32\drivers\pcouffin.sys
2007-10-13 15:55    47,360    --a------    C:\Documents and Settings\Familien\Application Data\pcouffin.sys
2007-10-12 12:33    <DIR>    d--------    C:\Programmer\MSECache
2007-10-10 11:34    155,648    --a------    C:\WINNT\system32\NeroCheck.exe
2007-10-10 11:34    89,184    ---------    C:\WINNT\system32\drivers\imagedrv.sys
2007-10-10 07:40    527,389    -----c---    C:\WINNT\system32\dllcache\kodakimg.exe
2007-10-10 07:40    448,029    -----c---    C:\WINNT\system32\dllcache\oieng400.dll
2007-10-10 07:40    74,781    -----c---    C:\WINNT\system32\dllcache\kodakprv.exe
2007-10-10 07:40    38,941    -----c---    C:\WINNT\system32\dllcache\jpeg2x32.dll
2007-10-10 07:40    33,307    -----c---    C:\WINNT\system32\dllcache\tifflt.dll
2007-10-06 16:54    <DIR>    d--------    C:\Programmer\Casalus
2007-09-30 18:27    <DIR>    d---s----    C:\Programmer\Xfire
2007-09-30 18:27    <DIR>    d--------    C:\Documents and Settings\Familien\Application Data\Xfire
2007-09-30 17:16    <DIR>    d--------    C:\Programmer\Firaxis Games
2007-09-28 17:59    100,360    -ra------    C:\WINNT\system32\drivers\se3emgmt.sys
2007-09-28 17:59    98,568    -ra------    C:\WINNT\system32\drivers\se3eobex.sys
2007-09-28 17:58    108,552    -ra------    C:\WINNT\system32\drivers\se3emdm.sys
2007-09-28 17:58    83,080    -ra------    C:\WINNT\system32\drivers\se3ebus.sys
2007-09-28 17:58    15,112    -ra------    C:\WINNT\system32\drivers\se3emdfl.sys
2007-09-28 17:58    12,424    -ra------    C:\WINNT\system32\drivers\se3ewhnt.sys
2007-09-28 17:58    12,424    -ra------    C:\WINNT\system32\drivers\se3ewh.sys
2007-09-28 17:58    12,424    -ra------    C:\WINNT\system32\drivers\se3ecmnt.sys
2007-09-28 17:58    12,424    -ra------    C:\WINNT\system32\drivers\se3ecm.sys
2007-09-28 17:33    <DIR>        C:\Programmer\Fælles filer\Sony Ericsson Shared
2007-09-16 08:58    <DIR>    d--------    C:\ProgramData
2007-09-16 08:58    3,084    --a------    C:\WINNT\system32\ealregsnapshot1.reg

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 07:13    ---------    d-----w    C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
2007-10-14 07:01    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-13 19:55    ---------    d-----w    C:\Programmer\Mah Jong Quest
2007-10-13 19:55    ---------    d-----w    C:\Programmer\Disc2Phone
2007-10-13 19:55    ---------    d-----w    C:\Programmer\BPFTP Server
2007-10-13 19:52    ---------    d-----w    C:\Documents and Settings\Familien\Application Data\Azureus
2007-10-13 19:52    ---------    d-----w    C:\Documents and Settings\Familien\Application Data\AVG7
2007-10-13 19:35    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-10-13 19:34    ---------    d-----w    C:\Programmer\Mollys Musikmaskine
2007-10-13 19:30    ---------    d-----w    C:\Programmer\Tetris Master
2007-10-13 19:18    ---------    d-----w    C:\Programmer\Roxio
2007-10-13 19:17    ---------    d---a-w    C:\Programmer\Fælles filer
2007-10-13 19:16    ---------    d-----w    C:\Programmer\Fælles filer\Roxio Shared
2007-10-13 19:16    ---------    d-----w    C:\Programmer\Fælles filer\InstallShield
2007-10-13 19:13    ---------    d-----w    C:\Documents and Settings\All Users.WINNT\Application Data\Roxio
2007-10-13 19:01    ---------    d-----w    C:\Programmer\Pixeline
2007-10-13 19:00    ---------    d-----w    C:\Programmer\eGames
2007-10-13 18:59    ---------    d-----w    C:\Programmer\Railroad Tycoon 3
2007-10-13 18:50    ---------    d-----w    C:\Programmer\Ashampoo
2007-10-13 18:49    ---------    d-----w    C:\Documents and Settings\Familien\Application Data\Ashampoo Photo Commander 4
2007-10-13 18:17    ---------    d-----w    C:\Programmer\TuneUp Utilities 2006
2007-10-13 11:20    ---------    d---a-w    C:\Documents and Settings\All Users.WINNT\Application Data\avg7
2007-10-12 15:31    ---------    d-----w    C:\Programmer\BitComet
2007-10-12 10:34    ---------    d---a-w    C:\Programmer\Fælles filer\Microsoft Shared
2007-10-10 09:34    ---------    d-----w    C:\Programmer\Ahead
2007-09-30 16:32    ---------    d-----w    C:\Documents and Settings\Familien\Application Data\My Games
2007-09-30 12:56    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2007-09-30 12:42    ---------    d-----w    C:\Programmer\The Learning Company
2007-09-30 12:15    ---------    d-----w    C:\Programmer\Mindscape
2007-09-30 12:10    ---------    d-----w    C:\Programmer\SolSuite
2007-09-30 12:08    ---------    d-----w    C:\Programmer\SQLXL
2007-09-30 12:06    ---------    d-----w    C:\Programmer\Easy Icon Maker
2007-09-30 12:05    ---------    d-----w    C:\Programmer\Electronic Arts
2007-09-28 16:02    ---------    d-----w    C:\Documents and Settings\Familien\Application Data\Teleca
2007-09-28 15:38    ---------    d-----w    C:\Programmer\Fælles filer\Teleca Shared
2007-09-28 15:33    ---------    d-----w    C:\Programmer\Sony Ericsson
2007-09-28 15:33    ---------    d-----w    C:\Documents and Settings\All Users.WINNT\Application Data\Teleca
2007-09-28 15:33    ---------    d-----w    C:\Documents and Settings\All Users.WINNT\Application Data\Sony Ericsson
2007-09-17 09:02    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2007-09-17 06:27    ---------    d-----w    C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft Help
2007-09-16 23:07    6,853,088    ----a-w    C:\WINNT\system32\drivers\nv4_mini.sys
2007-09-16 17:01    ---------    d-----w    C:\Programmer\UseNeXT
2007-09-13 14:01    ---------    d-----w    C:\Documents and Settings\All Users.WINNT\Application Data\VUG
2007-09-13 13:56    ---------    d-----w    C:\Programmer\Superstar Rivals
2007-09-13 13:56    ---------    d-----w    C:\Programmer\Fælles filer\Vivendi Universal
2007-09-04 18:42    359,808    ----a-w    C:\WINNT\system32\drivers\tcpip.sys
2007-07-07 20:23    1,817,529    ----a-w    C:\Programmer\123freesolitaire.exe
2006-08-24 19:03    66,080    ----a-w    C:\Documents and Settings\Familien\Application Data\GDIPFONTCACHEV1.DAT
2006-01-28 17:52    271    --sh--w    C:\Programmer\desktop.ini
2006-01-28 17:52    22,029    ---ha-w    C:\Programmer\folder.htt
2005-09-09 18:55    7,155,864    ----a-w    C:\Programmer\NGhost10.msi
2005-09-09 18:55    4,588,454    ----a-w    C:\Programmer\setup.exe
2005-09-09 18:55    37,766,164    ----a-w    C:\Programmer\Data1.cab
2005-09-09 18:55    35    ----a-w    C:\Programmer\SCSSDist.ini
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINNT\system32\nwiz.exe]
"Easy-PrintToolBox"="C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-14 09:03]
"OSSelectorReinstall"="C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINNT\KHALMNPR.Exe]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" []
"LVCOMSX"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe" []
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2007-09-17 01:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2006-03-02 14:00]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 22:02]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users.WINNT\Menuen Start\Programmer\Start\
Adobe Acrobat Speed Launcher.lnk - C:\WINNT\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-09-17 22:31:10]
Adobe Acrobat Synchronizer.lnk - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50]
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-01-29 01:36:35]
BTTray.lnk - C:\Programmer\Belkin\Bluetooth-software\BTTray.exe [2005-08-24 15:06:54]
CAMEDIA Master.lnk - C:\Programmer\OLYMPUS\CAMEDIA Master Pro\CM_camera.exe [2006-02-06 21:39:34]
Logitech SetPoint.lnk - C:\Programmer\Logitech\SetPoint\SetPoint.exe [2007-06-02 18:23:35]
SnagIt 8.lnk - C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe [2006-03-14 08:01:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Synchronization Manager"=mobsync.exe /logon

R0 ALiAGP;ALi AGP Bus Filter Driver;C:\WINNT\system32\DRIVERS\ALiAGP.sys
R0 snapman;Acronis Snapshots Manager;C:\WINNT\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINNT\system32\DRIVERS\timntr.sys
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R1 c2scsi;c2scsi;C:\WINNT\system32\drivers\c2scsi.sys
R2 MsDtsServer;SQL Server Integration Services;"C:\Programmer\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"
R2 SMTPSVC;SMTP (Simple Mail Transport Protocol);C:\WINNT\system32\inetsrv\inetinfo.exe
R2 SQLWriter;SQL Server VSS Writer;"C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
R2 tifsfilter;Acronis True Image FS Filter;C:\WINNT\system32\DRIVERS\tifsfilt.sys
R3 AEXPAM;Philips SmartManage Service;C:\WINNT\system32\Drivers\aexpamdrv.sys
R3 ALI5261;ALi Based Ethernet NT Driver;C:\WINNT\system32\DRIVERS\ALILAN.SYS
S3 BT2KNDFL;Driver til Bluetooth LAN-access-server - Filter;C:\WINNT\system32\DRIVERS\bt2kndfl.sys
S3 DbgProxy;Visual Studio Debugger Proxy Service;"C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\dbgproxy.exe"
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 jnv4_mib;jnv4_mib;\??\C:\DOCUME~1\Familien\LOKALE~1\Temp\jnv4_mib.sys
S3 mtv2a3;Panasonic DVC Composite Device(231D);C:\WINNT\system32\DRIVERS\mtv2a3.sys
S3 mtwc3;Panasonic DVC Web Camera Device(231D);C:\WINNT\system32\DRIVERS\mtwc3.sys
S3 rcvpn;SonicWALL VPN Adapter;C:\WINNT\system32\DRIVERS\rcvpn.sys
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Programmer\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe"
S3 se3ebus;Sony Ericsson Device 062 (WDM);C:\WINNT\system32\DRIVERS\se3ebus.sys
S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\se3emdfl.sys
S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\se3emdm.sys
S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\se3emgmt.sys
S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\se3eobex.sys
S3 usbhub20;Understøttlese af USB 2.0-rodhub;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 Z550bus;Sony Ericsson Z550  driver (WDM);C:\WINNT\system32\DRIVERS\Z550bus.sys
S3 Z550mdfl;Sony Ericsson Z550 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\Z550mdfl.sys
S3 Z550mdm;Sony Ericsson Z550 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\Z550mdm.sys
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Programmer\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80
S4 UPnPService;UPnPService;C:\Programmer\Fælles filer\MAGIX Shared\UPnPService\UPnPService.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-13 18:38:38 C:\WINNT\Tasks\1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 12:49:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2007-10-14 12:53:17 - machine was rebooted
.
    --- E O F ---

og så er der også en frisk hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:33, on 14-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Belkin\Bluetooth-software\bin\btwdins.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe
C:\Programmer\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINNT\system32\nvsvc32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINNT\system32\rundll32.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Belkin\Bluetooth-software\BTTray.exe
C:\Programmer\OLYMPUS\CAMEDIA Master Pro\CM_camera.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\khalshared\KHALMNPR.EXE
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\Programmer\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
G:\downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tv2.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programmer\Fælles filer\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] %ProgramFiles%\Messenger\msmsgs.exe /background
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BTTray.lnk = C:\Programmer\Belkin\Bluetooth-software\BTTray.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Programmer\OLYMPUS\CAMEDIA Master Pro\CM_camera.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Ebates. - file://C:\Programmer\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\Belkin\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\Belkin\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} (proXSign Class) - https://www.borgerblanketter.dk/bb/proXSign1.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174213565703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {EDAF796E-9210-4417-ADDC-2AB18E4F6C27} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmer\Fælles filer\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\Belkin\Bluetooth-software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Programmer\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programmer\Fælles filer\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: stllssvr - Unknown owner - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O24 - Desktop Component 1: (no name) - http://192.0.2.10/

--
End of file - 15578 bytes

Forresten mDNSResponder.exe er noget der bliver brugt til Itunes(hvis noget musikdeling)

Så ser det bedre ud..

Hjalp kuren??

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 .
Hvis du har nogle spørgsmål, så spørger du bare..

Ja kuren ser ud til at have hjulpet. Havde iøvrigt allerede deaktiveret systemgendannelse og efterfølgende slået det til men kun på systemdrevet

Er det iøvrigt korrekt antaget at jeg roligt kan fjerne :
O23 - Service: stllssvr - Unknown owner - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe (file missing)
og lignende med file missing fra hijackthis loggen?

Nej, det kunne man førhen, nu er det kun hvis du ikke skal bruge det program mere at du kan slette den linje..

ok. Hvad er : O23 - Service: stllssvr - Unknown owner - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe (file missing)

http://www.castlecops.com/o23list-2201.html

Noget hvor du laver cd labler med..