Trojan virus i computeren?

Hvilket anti-viruspogram bruger du. Det skal jo være den der giver dig besked om eventuelle virusser. Hvis der bare tilfældigt dukker en besked som denne op af den blå luft, så lyder det mere som noget spyware der prøver at lokke dig ind på en skummel hjemmeside. Og så er det først at det går galt.

1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

3)Følg denne vejledning:  http://www.malwarecheck.dk/forum/viewtopic.php?t=9

4)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vi skal se logs fra punkt 2 - 3 - 4

Hej
Nu har jeg kørt punkt 1 og 2 og da den så genstartede efter punkt 2, kan min computer ikke starte op mere? Den bliver ved med at stå ud i dos og køre.
Det lykkedes mig at få computeren op at køre i fejlsikret tilstand.
Hvad gør jeg nu?
På forhånd tak.

DEt lyder ikke godt..

Når du starter op, hvor du kan gå i fejlsikret, så gå ind i den der hedder sidste kendte fungerende konfiguration

jep det fungerede... Pyha...
Skal jeg fortsætte fra hvor jeg slap?
Det lille vindue med den der advarsel kommer ikke mere.

Ja, jeg vil gerne se en hijackthid og combofix(punkt 3 og 4)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:47, on 11-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.dk/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dk.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\da-dk\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - https://games.danskespil.dk/DTCF/img/trans.gif

--
End of file - 9836 bytes

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
11-11-2007 11:03:30,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 11:03:31
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c6,eb,b9,4b,f3,bd,af,0c,ac,1e,5b,30,d1,b0,de,4c,35,b4,b7,93,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3e,ba,ca,ea,27,c9,c4,7b,ba,b8,71,26,be,ed,c4,ef,b0,..
"khjeh"=hex:f0,42,85,8f,c0,a2,d7,ca,b1,9d,a1,2f,12,a8,de,82,40,95,a1,e3,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:21,b3,2b,c5,b1,49,d6,96,4b,67,ef,95,5b,38,ed,c8,9c,82,15,30,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c6,eb,b9,4b,f3,bd,af,0c,ac,1e,5b,30,d1,b0,de,4c,35,b4,b7,93,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3e,ba,ca,ea,27,c9,c4,7b,ba,b8,71,26,be,ed,c4,ef,b0,..
"khjeh"=hex:f0,42,85,8f,c0,a2,d7,ca,b1,9d,a1,2f,12,a8,de,82,40,95,a1,e3,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:21,b3,2b,c5,b1,49,d6,96,4b,67,ef,95,5b,38,ed,c8,9c,82,15,30,72,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:aa9cb312
"s1"=dword:189b9256
"s2"=dword:83627755
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:c6,eb,b9,4b,f3,bd,af,0c,ac,1e,5b,30,d1,b0,de,4c,35,b4,b7,93,a9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,3e,ba,ca,ea,27,c9,c4,7b,ba,b8,71,26,be,ed,c4,ef,b0,..
"khjeh"=hex:f0,42,85,8f,c0,a2,d7,ca,b1,9d,a1,2f,12,a8,de,82,40,95,a1,e3,99,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:21,b3,2b,c5,b1,49,d6,96,4b,67,ef,95,5b,38,ed,c8,9c,82,15,30,72,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

ComboFix 07-11-08.1 - HP_Administrator 2007-11-11 11:05:31.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.498 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Desktop\internet.lnk
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-10-11 to 2007-11-11  )))))))))))))))))))))))))))))))
.

2007-11-11 11:04    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-11-10 23:21    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-11-10 23:21    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-11-10 23:21    <DIR>    d--------    C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2007-11-10 23:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-10 23:15    7,916    --a------    C:\cc_20071110_2315.reg
2007-11-10 23:14    256,440    --a------    C:\cc_20071110_2314.reg
2007-11-10 23:09    <DIR>    d--------    C:\Program Files\CCleaner
2007-11-10 16:06    401,720    --a------    C:\Program Files\HJTrenamed.exe
2007-11-05 16:52    <DIR>    d--------    C:\Program Files\4U Computing
2007-11-05 16:52    573,440    --a------    C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-11-05 16:52    491,520    --a------    C:\WINDOWS\system32\NCTAudioFile.dll
2007-11-05 16:52    286,720    --a------    C:\WINDOWS\system32\NCTWMAFile2.dll
2007-11-05 16:52    168,448    --a------    C:\WINDOWS\system32\NCTAudioPlayer.dll
2007-11-05 16:52    143,872    --a------    C:\WINDOWS\system32\NCTWMAFile.dll
2007-11-05 16:49    <DIR>    d--------    C:\Program Files\WMA-MP3.com
2007-11-05 16:48    <DIR>    d--------    C:\Program Files\Common Files\Download Manager
2007-11-04 09:00    <DIR>    d--------    C:\Santana - Ultimate Santana (2007) - Rock [www.torrentazos.com]
2007-11-04 09:00    <DIR>    d--------    C:\Boyz II Men - Motown Hitsville USA (2007) - R&B [www.torrentazos.com]
2007-11-03 20:53    <DIR>    d--------    C:\Westlife - Back Home (2007) - Pop [www.torrentazos.com]
2007-11-03 20:52    <DIR>    d--------    C:\Timbaland-Present_Shock_Value_(Deluxe_Edition)-2CD-2007-SMO
2007-11-03 20:52    <DIR>    d--------    C:\Take That - Shine [2007][mpeg SkidVid]
2007-11-03 20:52    <DIR>    d--------    C:\Sheryl_Crow-Hits_And_Rarities-(Advance)-2CD-2007-404
2007-11-03 19:43    <DIR>    d--------    C:\Shakira - Pure Intuation (The best of collection) (2007).www.lokotorrents.com
2007-10-29 19:27    <DIR>    d--------    C:\Take That - Never Forget (The Ultimate Collection) [2005] [Pop] [www.file24ever.com]
2007-10-14 12:41    <DIR>    d--------    C:\Program Files\Ratajik Software
2007-10-14 01:48    <DIR>    d--------    C:\Transformers[2007]DvDrip[Eng]-aXXo
2007-10-13 13:41    <DIR>    d--------    C:\Program Files\Jewel Quest
2007-10-13 11:34    <DIR>    d--------    C:\Program Files\PuzzleExpress
2007-10-13 11:34    <DIR>    d--------    C:\Program Files\MagicInlay
2007-10-13 11:33    <DIR>    d--------    C:\Program Files\PuzzleInlay
2007-10-13 01:44    <DIR>    d--------    C:\Gamehouse

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 10:02    9,837    ----a-w    C:\Program Files\hijackthis.log
2007-11-10 22:22    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2007-11-09 10:02    ---------    d-----w    C:\Program Files\Tools
2007-11-09 08:19    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-11-08 22:32    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 16:19    ---------    d-----w    C:\Program Files\QuickTime
2007-10-26 22:37    ---------    d-----w    C:\Program Files\Trymedia
2007-10-26 22:36    ---------    d-----w    C:\Program Files\SymNetDrv
2007-10-24 22:07    ---------    d-----w    C:\Program Files\film & serier
2007-10-24 21:15    ---------    d-----w    C:\Program Files\LimeWire
2007-10-20 23:40    ---------    d-----w    C:\Program Files\Musik
2007-10-13 14:52    ---------    d-----w    C:\Program Files\Java
2007-09-17 15:17    ---------    d-----w    C:\Program Files\MSXML 4.0
2007-09-16 13:02    ---------    d-----w    C:\Documents and Settings\NetworkService\Application Data\Symantec
2007-09-12 20:52    ---------    d-----w    C:\Program Files\MyHeritage
2007-08-26 16:06    9,478,496    ----a-w    C:\IncrediMailSetup.exe
2007-08-22 12:55    96,256    ----a-w    C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55    665,600    ----a-w    C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55    617,984    ----a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55    55,808    ----a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55    532,480    ----a-w    C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55    474,112    ----a-w    C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55    449,024    ----a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55    39,424    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55    357,888    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55    3,064,832    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55    251,904    ----a-w    C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55    205,824    ----a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55    16,384    ----a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55    151,040    ----a-w    C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55    146,432    ----a-w    C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55    1,498,112    ----a-w    C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55    1,054,208    ----a-w    C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55    1,022,976    ----a-w    C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19    18,432    ----a-w    C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15    683,520    ----a-w    C:\WINDOWS\system32\dllcache\inetcomm.dll
2006-12-14 22:39    5,632    --sha-w    C:\Program Files\Thumbs.db
2006-07-12 16:21    774,144    ----a-w    C:\Program Files\RngInterstitial.dll
2006-04-17 13:10    164    ----a-w    C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2005-05-12 05:36    12,288    ----a-w    C:\WINDOWS\Fonts\RandFont.dll
2003-11-04 14:47    499,712    ----a-w    C:\Documents and Settings\HP_Administrator\msvcp71.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 05:56]
"ftutil2"="ftutil2.dll" [2004-06-08 06:05 C:\WINDOWS\system32\ftutil2.dll]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 08:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-04 17:03]
"nwiz"="nwiz.exe" [2005-11-04 17:03 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 C:\WINDOWS\ALCXMNTR.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-01-05 09:47]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 01:03]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-04-15 17:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-03 00:10]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-07-04 13:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 08:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
.
Contents of the 'Scheduled Tasks' folder
"2007-08-30 13:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-19 16:14:02 C:\WINDOWS\Tasks\HPCeeSchedule.job"
"2007-09-14 19:57:18 C:\WINDOWS\Tasks\Norton AntiVirus - Skan Denne computer - HP_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-11-11 09:44:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 11:08:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Jeg kan heller ikke se noget i loggen, så den må være i orden..

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 .
Hvis du har nogle spørgsmål, så spørger du bare..

Mange tak for hjælpen :-)
Går igang med at installere nogle af de programmer fra sikkerhedspakken :-)
Et lille spørgsmål tilbage skal der være flueben i deaktiver systemgendannelser hele tiden?
Og hvilken betydning har dette?
Igen tak :-)

Velbekommen..

Nej, sådan står der:

Godt set....

Det får vi lige rettet. Efter det minut skal du selvfølgelig fjerne fluebenet igen*S*

Ok, tak igen :-)