log fil fra HijackThis

Yffer Pyffer - der er jo mere end et par stykker *S*

Ved du eks. hvad dette er  -> O23 - Service: ZZZsvc_lich - Unknown owner - C:\lich.exe

Følg proceduren herfra ->

http://www.eksperten.dk/artikler/1123

nej, har ingen anelse om hvad det er... jeg prøver at følge ovenstående procedure..

... det er bare én af de mere end mistænkelige elementer ...

nu har jeg fuldt proceduren fra start til slut... så vil ligge en masse logfiler op her nedenunder...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:28, on 06-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\SCARDSVR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\EmvSmartCardReader\SmartMON.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\Fælles filer\Aminova\WordSeeker\WordSeeker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Dell\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmartMon] C:\Programmer\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB002" /M "Stylus CX3200"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [ErrorSmart] C:\Programmer\ErrorSmart\ErrorSmart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: ZZZsvc_lich - Unknown owner - C:\lich.exe

--
End of file - 9545 bytes





Rootchk logfilen :

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
06-12-2007 21:21:26,88

Driver Driver (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.
Driver symavc32 (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.
Driver SysLibrary (visible) is present. Run SDFIX by AndyManchesta or COMBOFIX by sUBs.
Driver symavc32 (visible) is present. A rootkit scan is recommended.

********************************* ROOTCHK-LOG-end


catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 21:21:29
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0






Combo fix logfil:

ComboFix 07-12-02.6 - Nick 2007-12-06 21:27:13.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.186 [GMT 1:00]Running from: C:\Documents and Settings\Nick\Skrivebord\virus\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nick\Application Data\Install.dat
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\vx.tll

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSUPDATE
-------\LEGACY_SYMAVC32
-------\Driver
-------\symavc32
-------\SysLibrary


(((((((((((((((((((((((((  Files Created from 2007-11-06 to 2007-12-06  )))))))))))))))))))))))))))))))
.

2007-12-06 15:47 . 2007-12-06 15:47    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 15:46 . 2007-12-06 15:59    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-12-06 15:46 . 2007-12-06 15:46    <DIR>    d--------    C:\Documents and Settings\Nick\Application Data\SUPERAntiSpyware.com
2007-12-06 15:03 . 2007-12-06 15:03    <DIR>    d--------    C:\Programmer\Trend Micro
2007-12-06 14:42 . 2007-12-06 14:42    <DIR>    d--------    C:\Programmer\CCleaner
2007-12-06 14:26 . 2007-12-06 14:26    <DIR>    d--------    C:\Documents and Settings\Nick\Application Data\ErrorSmart
2007-12-06 14:25 . 2007-12-06 14:26    <DIR>    d--------    C:\Programmer\ErrorSmart
2007-12-06 14:08 . 2007-12-06 14:08    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    dr-------    C:\Documents and Settings\Administrator\Foretrukne
2007-12-06 14:07 . 2005-02-18 15:23    <DIR>    dr-------    C:\Documents and Settings\Administrator\Dokumenter
2007-12-06 14:07 . 2005-02-18 15:23    <DIR>    d--------    C:\Documents and Settings\Administrator\Bluetooth Software
2007-12-06 14:07 . 2005-02-18 15:25    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-06 14:07 . 2005-02-18 15:32    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2007-12-06 12:45 . 2007-12-06 12:45    <DIR>    d--------    C:\Documents and Settings\Nick\Application Data\TrojanHunter
2007-12-06 11:02 . 2007-12-06 11:12    <DIR>    d--------    C:\Programmer\TrojanHunter 5.0
2007-12-06 07:58 . 2007-12-06 08:01    <DIR>    d--------    C:\Programmer\SPYWAREfighter
2007-12-06 07:58 .     <DIR>        C:\Programmer\Fælles filer\Application
2007-12-05 23:52 . 2007-12-05 23:52    0    --a------    C:\WINDOWS\SYSTEM32\lich.dat
2007-12-05 23:51 . 2007-12-06 15:55    <DIR>    d--------    C:\Programmer\Helper
2007-12-05 23:51 . 2007-12-05 23:51    32,997    --a------    C:\lich.exe
2007-12-05 23:50 . 2007-12-05 23:50    <DIR>    d--------    C:\Program Files
2007-12-05 23:50 . 2007-12-05 23:50    15    --a------    C:\WINDOWS\SYSTEM32\dllgh8jkd1q8.exe
2007-12-05 23:49 . 2007-12-06 21:40    18,944    --a------    C:\WINDOWS\SYSTEM32\wowfx.dll
2007-11-23 16:26 . 2007-11-24 23:45    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2007-11-23 16:26 . 2007-11-23 16:26    1,409    --a------    C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 20:38    8,576    ----a-w    C:\lich.sys
2007-12-06 14:46    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-06 11:51    ---------    d-----w    C:\Documents and Settings\Nick\Application Data\AVG7
2007-12-06 07:00    ---------    d-----w    C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-06 06:54    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2007-11-10 19:51    ---------    d-----w    C:\Documents and Settings\Nick\Application Data\LimeWire
2007-10-25 16:43    8,472,064    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmer\Apoint\Apoint.exe" [2004-09-13 12:33]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"bacstray"="BacsTray.exe" [2003-05-14 19:37 C:\WINDOWS\SYSTEM32\BacsTray.exe]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" [2004-10-07 20:44]
"DVDLauncher"="C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"UpdateManager"="C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" []
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01]
"Aminova WordSeeker"="C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-25 14:10]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2006-09-25 13:54]
"SmartMon"="C:\Programmer\EmvSmartCardReader\SmartMON.exe" [2006-01-03 15:23]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-07-30 17:50]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2003-07-07 08:50]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-09-23 19:25]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]
"THGuard"="C:\Programmer\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"ErrorSmart"="C:\Programmer\ErrorSmart\ErrorSmart.exe" [2007-10-25 21:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 14:10]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BTTray.lnk - C:\Programmer\Dell\Bluetooth Software\BTTray.exe [2004-04-08 23:23:40]
Digital Line Detect.lnk - C:\Programmer\Digital Line Detect\DLG.exe [2005-02-18 15:20:31]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders    msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Programmer\QuickTime\qttask.exe -atboottime
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
            C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"
S2 ZZZsvc_lich;ZZZsvc_lich;C:\lich.exe
S3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys
S3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
S3 ZZZdrv_lich;ZZZdrv_lich;\??\C:\lich.sys

.
Contents of the 'Scheduled Tasks' folder
"2006-10-25 10:21:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-06 20:42:01 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Programmer\ErrorSmart\ErrorSmart.ex
- C:\Programmer\ErrorSmart
"2007-12-06 14:47:26 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 21:40:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 21:43:20 - machine was rebooted
.
    --- E O F ---




SuperAntiSpyware logfil:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2007 at 05:26 PM

Application Version : 3.7.1018

Core Rules Database Version : 3356
Trace Rules Database Version: 1355

Scan type      : Complete Scan
Total Scan Time : 00:55:40

Memory items scanned      : 201
Memory threats detected  : 0
Registry items scanned    : 5867
Registry threats detected : 0
File items scanned        : 42922
File threats detected    : 13

Adware.Tracking Cookie
    C:\Documents and Settings\Nick\Cookies\nick@ad.bolddk[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@doubleclick[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@ehg-adidas.hitbox[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@hitbox[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@imrworldwide[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@porn.gonzo-movies[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@pornorama[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@streamsex[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@track.adform[1].txt
    C:\Documents and Settings\Nick\Cookies\nick@tradedoubler[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@video.pornorama[2].txt
    C:\Documents and Settings\Nick\Cookies\nick@www.pornorama[2].txt

DET VAR ALT...

håber på et godt svar... ;o)

en lille update..
hvis jeg prøvar at anvende Internet Explorer, så kommer der en programfejl frem: iexplore.exe angående en hukommelse der ikke kan læses.. og dernæst meldes det op at  internet explorer har fundet en fejl og afsluttes...


håber nogen kan hjælpe... på forhånd tak...

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: ZZZsvc_lich - Unknown owner - C:\lich.exe

-- Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\shell.exe
C:\WINDOWS\SYSTEM32\lich.dat
C:\lich.exe
C:\lich.sys
C:\WINDOWS\SYSTEM32\dllgh8jkd1q8.exe
C:\WINDOWS\SYSTEM32\wowfx.dll

Driver::
ZZZsvc_lich
ZZZdrv_lich

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

-- Lav også en  ny logfil med Hijackthis, som du lægger herind til gennemsyn.

hej ejvindh..

når jeg åbner Hijackthis, og vælger "do a system scan only" kommer linierne F2 og 07 ikke frem (de to linier du beskrev oven over) skal jeg gøre ovenstående bare uden at vælge de to andre...??

Ja...

så er det følgende to logfiler:


ComboFix 07-12-02.6 - Nick 2007-12-08 17:24:33.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.134 [GMT 1:00]
Running from: C:\Documents and Settings\Nick\Skrivebord\virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nick\Skrivebord\virus\CFScript.txt
* Created a new restore point

FILE
C:\lich.exe
C:\lich.sys
C:\WINDOWS\shell.exe
C:\WINDOWS\SYSTEM32\dllgh8jkd1q8.exe
C:\WINDOWS\SYSTEM32\lich.dat
C:\WINDOWS\SYSTEM32\wowfx.dll
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\lich.exe
C:\lich.sys
C:\WINDOWS\SYSTEM32\dllgh8jkd1q8.exe
C:\WINDOWS\SYSTEM32\lich.dat

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ZZZSVC_LICH
-------\ZZZdrv_lich
-------\ZZZsvc_lich


(((((((((((((((((((((((((  Files Created from 2007-11-08 to 2007-12-08  )))))))))))))))))))))))))))))))
.

2007-12-06 15:47 . 2007-12-06 15:47    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-06 15:46 . 2007-12-06 21:47    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-12-06 15:46 . 2007-12-06 15:46    <DIR>    d--------    C:\Documents and Settings\Nick\Application Data\SUPERAntiSpyware.com
2007-12-06 15:03 . 2007-12-06 15:03    <DIR>    d--------    C:\Programmer\Trend Micro
2007-12-06 14:42 . 2007-12-06 14:42    <DIR>    d--------    C:\Programmer\CCleaner
2007-12-06 14:26 . 2007-12-06 14:26    <DIR>    d--------    C:\Documents and Settings\Nick\Application Data\ErrorSmart
2007-12-06 14:25 . 2007-12-06 14:26    <DIR>    d--------    C:\Programmer\ErrorSmart
2007-12-06 14:08 . 2007-12-06 14:08    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\AVG7
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2007-12-06 14:07 . 2007-12-06 21:43    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    dr-------    C:\Documents and Settings\Administrator\Foretrukne
2007-12-06 14:07 . 2005-02-18 15:23    <DIR>    dr-------    C:\Documents and Settings\Administrator\Dokumenter
2007-12-06 14:07 . 2005-02-18 15:23    <DIR>    d--------    C:\Documents and Settings\Administrator\Bluetooth Software
2007-12-06 14:07 . 2005-02-18 15:25    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-06 14:07 . 2005-02-18 15:32    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-06 14:07 . 2005-02-18 14:56    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2007-12-06 12:45 . 2007-12-06 12:45    <DIR>    d--------    C:\Documents and Settings\Nick\Application Data\TrojanHunter
2007-12-06 11:02 . 2007-12-06 11:12    <DIR>    d--------    C:\Programmer\TrojanHunter 5.0
2007-12-06 07:58 . 2007-12-06 08:01    <DIR>    d--------    C:\Programmer\SPYWAREfighter
2007-12-06 07:58 .     <DIR>        C:\Programmer\Fælles filer\Application
2007-12-05 23:51 . 2007-12-06 15:55    <DIR>    d--------    C:\Programmer\Helper
2007-12-05 23:50 . 2007-12-05 23:50    <DIR>    d--------    C:\Program Files
2007-11-23 16:26 . 2007-11-24 23:45    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2007-11-23 16:26 . 2007-11-23 16:26    1,409    --a------    C:\WINDOWS\QTFont.for

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 14:46    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-06 11:51    ---------    d-----w    C:\Documents and Settings\Nick\Application Data\AVG7
2007-12-06 07:00    ---------    d-----w    C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-06 06:54    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2007-11-10 19:51    ---------    d-----w    C:\Documents and Settings\Nick\Application Data\LimeWire
.

(((((((((((((((((((((((((((((  snapshot@2007-12-06_21.42.15.07  )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-06 06:58:41    17,062    ----a-r    C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
+ 2007-12-06 21:02:04    17,062    ----a-r    C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\ARPPRODUCTICON.exe
- 2007-12-06 06:58:41    57,344    ----a-r    C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
+ 2007-12-06 21:02:04    57,344    ----a-r    C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter_25790242D1754E5E9DB9631C10124E78.exe
- 2007-12-06 06:58:41    57,344    ----a-r    C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
+ 2007-12-06 21:02:04    57,344    ----a-r    C:\WINDOWS\Installer\{772BD148-E274-495C-BF15-AB9454D57563}\SpywareFighter1_25790242D1754E5E9DB9631C10124E78.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmer\Apoint\Apoint.exe" [2004-09-13 12:33]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48]
"bacstray"="BacsTray.exe" [2003-05-14 19:37 C:\WINDOWS\SYSTEM32\BacsTray.exe]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 22:10]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" [2004-10-07 20:44]
"DVDLauncher"="C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"UpdateManager"="C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" []
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01]
"Aminova WordSeeker"="C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-25 14:10]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2006-09-25 13:54]
"SmartMon"="C:\Programmer\EmvSmartCardReader\SmartMON.exe" [2006-01-03 15:23]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-07-30 17:50]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2003-07-07 08:50]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-09-23 19:25]
"spywarefighterguard"="C:\Programmer\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 14:10]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BTTray.lnk - C:\Programmer\Dell\Bluetooth Software\BTTray.exe [2004-04-08 23:23:40]
Digital Line Detect.lnk - C:\Programmer\Digital Line Detect\DLG.exe [2005-02-18 15:20:31]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
2007-10-25 21:11    18244856    --a------    C:\Programmer\ErrorSmart\ErrorSmart.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Programmer\QuickTime\qttask.exe -atboottime
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
            C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]
2007-06-08 11:52    115608    --a------    C:\Programmer\SPYWAREfighter\spftray.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
2007-09-09 09:31    1046688    --a------    C:\Programmer\TrojanHunter 5.0\THGuard.exe

R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmer\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmer\SPYWAREfighter\spfprc.exe"
S3 EMVSCARD;EMVSCARD;C:\WINDOWS\system32\Drivers\EMVSCARD.sys
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys
S3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys

.
Contents of the 'Scheduled Tasks' folder
"2006-10-25 10:21:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-12-06 20:42:01 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Programmer\ErrorSmart\ErrorSmart.ex
- C:\Programmer\ErrorSmart
"2007-12-06 20:47:02 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 17:32:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 17:34:58 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 21:43
.
    --- E O F ---








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:28, on 08-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\EmvSmartCardReader\SmartMON.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmer\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\SPYWAREfighter\spfprc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Dell\Bluetooth Software\BTTray.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bold.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Aminova WordSeeker] "C:\Programmer\Fælles filer\Aminova\WordSeeker\Controller.exe" SHORTCUT
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmartMon] C:\Programmer\EmvSmartCardReader\SmartMON.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB002" /M "Stylus CX3200"
O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmer\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmer\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Betway/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmer\Fælles filer\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmer\SPYWAREfighter\spfprc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8370 bytes

Det ser rigtig godt ud. Der er ikke mere skidt i dine logs. Kører den også bedre nu?

Lige lidt oprydning:

Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"=-
"Aminova WordSeeker"=-
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

-- Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

-- Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

-- For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

lyder jo fint...

jo tak, det kører også fint nu...

jeg vil gøre som du anbefaler oven for her en af dagene.. er rimelige presset med eksamenslæsning for tiden...

tak for hjælpen....