hijackthis log, cd drev fryser

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten >> display (Windows Display Diver) << stop den hvis den kører, højreklik på den, klik på Egenskaber og vælg Starttype Deaktiveret.
---------------------------------------
Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

File::
C:\WINNT\display.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog, samt den nye combofixlog.

Men umiddelbart vil jeg mene at drevet er defekt.

Ups, du har ikke kørt Combofix, hent den her:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Følg anvisningerne.

Så blev jeg endelig færdig, det var jo en ordentlig smøre, og skulle også have en bid mad med de gamle, selv helte skal jo spise ;)

SUPERAntiSpyware Scan Log
Generated 02/22/2008 at 08:44 PM

Application Version : 3.5.1016

Core Rules Database Version : 3407
Trace Rules Database Version: 1399

Scan type      : Complete Scan
Total Scan Time : 00:31:41

Memory items scanned      : 145
Memory threats detected  : 0
Registry items scanned    : 4152
Registry threats detected : 0
File items scanned        : 24732
File threats detected    : 146

Adware.Tracking Cookie
    C:\Documents and Settings\kts\Cookies\kts@ehg-chrysler.hitbox[2].txt
    C:\Documents and Settings\kts\Cookies\kts@media.adrevolver[2].txt
    C:\Documents and Settings\kts\Cookies\kts@saxocom.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1071887355[2].txt
    C:\Documents and Settings\kts\Cookies\kts@hitbox[1].txt
    C:\Documents and Settings\kts\Cookies\kts@adtech[2].txt
    C:\Documents and Settings\kts\Cookies\kts@1072674847[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1066551392[1].txt
    C:\Documents and Settings\kts\Cookies\kts@cracks[2].txt
    C:\Documents and Settings\kts\Cookies\kts@eas.apm.emediate[2].txt
    C:\Documents and Settings\kts\Cookies\kts@adserv.starforge-studios[1].txt
    C:\Documents and Settings\kts\Cookies\kts@bluestreak[1].txt
    C:\Documents and Settings\kts\Cookies\kts@3.adbrite[1].txt
    C:\Documents and Settings\kts\Cookies\kts@coopdev.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@data4.perf.overture[2].txt
    C:\Documents and Settings\kts\Cookies\kts@freefind[2].txt
    C:\Documents and Settings\kts\Cookies\kts@1067806006[1].txt
    C:\Documents and Settings\kts\Cookies\kts@bannere.fyens[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1066448979[1].txt
    C:\Documents and Settings\kts\Cookies\kts@bs.serving-sys[2].txt
    C:\Documents and Settings\kts\Cookies\kts@amaena[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ehg-dig.hitbox[2].txt
    C:\Documents and Settings\kts\Cookies\kts@edsa.122.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ad.ofir[2].txt
    C:\Documents and Settings\kts\Cookies\kts@clicktorrent[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ad.yieldmanager[1].txt
    C:\Documents and Settings\kts\Cookies\kts@cgi-bin[1].txt
    C:\Documents and Settings\kts\Cookies\kts@doubleclick[2].txt
    C:\Documents and Settings\kts\Cookies\kts@ads2.jubii[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1069384766[1].txt
    C:\Documents and Settings\kts\Cookies\kts@casalemedia[2].txt
    C:\Documents and Settings\kts\Cookies\kts@indextools[1].txt
    C:\Documents and Settings\kts\Cookies\kts@82763522[2].txt
    C:\Documents and Settings\kts\Cookies\kts@1067849426[1].txt
    C:\Documents and Settings\kts\Cookies\kts@eas4.emediate[2].txt
    C:\Documents and Settings\kts\Cookies\kts@mediaplex[2].txt
    C:\Documents and Settings\kts\Cookies\kts@go.winantivirus[1].txt
    C:\Documents and Settings\kts\Cookies\kts@adbrite[2].txt
    C:\Documents and Settings\kts\Cookies\kts@adfair[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ads.dk-kogebogen[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ehg-nokiafin.hitbox[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1072372789[1].txt
    C:\Documents and Settings\kts\Cookies\kts@adserver.banneradministration[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1070926688[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ads.expedia[1].txt
    C:\Documents and Settings\kts\Cookies\kts@brightcove.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@centrebet.advertserve[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ads.arto[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ad.zanox[1].txt
    C:\Documents and Settings\kts\Cookies\kts@fastclick[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ads.beamfile[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ads.estart[2].txt
    C:\Documents and Settings\kts\Cookies\kts@advertising[1].txt
    C:\Documents and Settings\kts\Cookies\kts@apmebf[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1071125370[2].txt
    C:\Documents and Settings\kts\Cookies\kts@advertstream[1].txt
    C:\Documents and Settings\kts\Cookies\kts@adrevolver[1].txt
    C:\Documents and Settings\kts\Cookies\kts@banners2.battleon[1].txt
    C:\Documents and Settings\kts\Cookies\kts@kaboose.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@outrider.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ad1.emediate[2].txt
    C:\Documents and Settings\kts\Cookies\kts@banners.battleon[2].txt
    C:\Documents and Settings\kts\Cookies\kts@indexstats[1].txt
    C:\Documents and Settings\kts\Cookies\kts@1071700744[2].txt
    C:\Documents and Settings\kts\Cookies\kts@netmediagroup[1].txt
    C:\Documents and Settings\kts\Cookies\kts@politiken.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@dk.drivecleaner[1].txt
    C:\Documents and Settings\kts\Cookies\kts@tacoda[2].txt
    C:\Documents and Settings\kts\Cookies\kts@server.cpmstar[2].txt
    C:\Documents and Settings\kts\Cookies\kts@hit.stat[2].txt
    C:\Documents and Settings\kts\Cookies\kts@mtg.banneradministration[1].txt
    C:\Documents and Settings\kts\Cookies\kts@statcounter[1].txt
    C:\Documents and Settings\kts\Cookies\kts@gyldendalbogklub.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@microsoftwlmessengermkt.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@mtrack[1].txt
    C:\Documents and Settings\kts\Cookies\kts@online.adservicemedia[2].txt
    C:\Documents and Settings\kts\Cookies\kts@cgi-bin[3].txt
    C:\Documents and Settings\kts\Cookies\kts@tribalfusion[2].txt
    C:\Documents and Settings\kts\Cookies\kts@e2.emediate[2].txt
    C:\Documents and Settings\kts\Cookies\kts@questionmarket[1].txt
    C:\Documents and Settings\kts\Cookies\kts@valueclick[1].txt
    C:\Documents and Settings\kts\Cookies\kts@stat.novasol[1].txt
    C:\Documents and Settings\kts\Cookies\kts@sonofon.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@kanoodle[2].txt
    C:\Documents and Settings\kts\Cookies\kts@media.hotels[1].txt
    C:\Documents and Settings\kts\Cookies\kts@perf.overture[1].txt
    C:\Documents and Settings\kts\Cookies\kts@track.adform[1].txt
    C:\Documents and Settings\kts\Cookies\kts@mtgnewmedia[1].txt
    C:\Documents and Settings\kts\Cookies\kts@overture[2].txt
    C:\Documents and Settings\kts\Cookies\kts@stat.onestat[2].txt
    C:\Documents and Settings\kts\Cookies\kts@stat.inleadmedia[1].txt
    C:\Documents and Settings\kts\Cookies\kts@partypoker[2].txt
    C:\Documents and Settings\kts\Cookies\kts@servlet[7].txt
    C:\Documents and Settings\kts\Cookies\kts@mscracks[1].txt
    C:\Documents and Settings\kts\Cookies\kts@statse.webtrendslive[1].txt
    C:\Documents and Settings\kts\Cookies\kts@qxl.banneradministration[2].txt
    C:\Documents and Settings\kts\Cookies\kts@eyewonder[1].txt
    C:\Documents and Settings\kts\Cookies\kts@server.iad.liveperson[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.clickmanage[2].txt
    C:\Documents and Settings\kts\Cookies\kts@revsci[2].txt
    C:\Documents and Settings\kts\Cookies\kts@sdi-media[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ilead.itrack[1].txt
    C:\Documents and Settings\kts\Cookies\kts@pulz.banneradministration[1].txt
    C:\Documents and Settings\kts\Cookies\kts@sexnoveller[1].txt
    C:\Documents and Settings\kts\Cookies\kts@stats1.reliablestats[2].txt
    C:\Documents and Settings\kts\Cookies\kts@stat.postdanmark[2].txt
    C:\Documents and Settings\kts\Cookies\kts@ncom.banneradministration[2].txt
    C:\Documents and Settings\kts\Cookies\kts@praisexposed[1].txt
    C:\Documents and Settings\kts\Cookies\kts@sdimediagroup[1].txt
    C:\Documents and Settings\kts\Cookies\kts@medialine[2].txt
    C:\Documents and Settings\kts\Cookies\kts@saftigsex[1].txt
    C:\Documents and Settings\kts\Cookies\kts@serving-sys[1].txt
    C:\Documents and Settings\kts\Cookies\kts@drm[2].txt
    C:\Documents and Settings\kts\Cookies\kts@tdc.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@viastream.player.mtgnewmedia[2].txt
    C:\Documents and Settings\kts\Cookies\kts@specificclick[2].txt
    C:\Documents and Settings\kts\Cookies\kts@rezidor.112.2o7[1].txt
    C:\Documents and Settings\kts\Cookies\kts@vhost.oddcast[2].txt
    C:\Documents and Settings\kts\Cookies\kts@tdstats[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.cracks[1].txt
    C:\Documents and Settings\kts\Cookies\kts@stats.ilsemedia[1].txt
    C:\Documents and Settings\kts\Cookies\kts@sexetc[2].txt
    C:\Documents and Settings\kts\Cookies\kts@windowsmedia[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.findalt[1].txt
    C:\Documents and Settings\kts\Cookies\kts@wannafind[2].txt
    C:\Documents and Settings\kts\Cookies\kts@zedo[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.sex-kontakt[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.soundclick[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.sexnoveller[2].txt
    C:\Documents and Settings\kts\Cookies\kts@tradedoubler[2].txt
    C:\Documents and Settings\kts\Cookies\kts@winantivirus[1].txt
    C:\Documents and Settings\kts\Cookies\kts@shopica[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.burstnet[2].txt
    C:\Documents and Settings\kts\Cookies\kts@roiservice[1].txt
    C:\Documents and Settings\kts\Cookies\kts@soundclick[1].txt
    C:\Documents and Settings\kts\Cookies\kts@www.gratispornofilm[2].txt
    C:\Documents and Settings\kts\Cookies\kts@www.pornopower[2].txt
    C:\Documents and Settings\kts\Cookies\kts@burstnet[1].txt
    C:\Documents and Settings\kts\Cookies\kts@Counter[1].txt
    C:\Documents and Settings\kts\Cookies\kts@green_credit_track_2006_01[1].txt
    C:\Documents and Settings\kts\Cookies\kts@ikano_kash_track_2006_03[2].txt
    C:\Documents and Settings\kts\Cookies\kts@metatrafficDPB[1].txt
    C:\Documents and Settings\kts\Cookies\kts@tracking.dc-storm[2].txt
    C:\Documents and Settings\kts\Cookies\kts@www.bannercamp[2].txt
    C:\Documents and Settings\kts\Cookies\kts@www.bannercamp[3].txt


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:02, on 22-02-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINNT\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Canon\MultiPASS4\MPTBox.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe
C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\internet explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programmer\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beskyttelse mod spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


ComboFix 08-02-22.3 - kts 22-02-2008 20:56:05.2 - NTFSx86
Microsoft Windows 2000 Professional  5.0.2195.4.1252.1.1030.18.143 [GMT 1:00]
Running from: C:\Documents and Settings\kts\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-01-22 to 2008-02-22  )))))))))))))))))))))))))))))))
.

2008-02-22 20:56 . 22-02-08 20:56     16,384    --a----t-    C:\WINNT\system32\Perflib_Perfdata_430.dat
2008-02-22 19:49 . 22-02-08 20:51     <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-22 19:49 . 22-02-08 19:49     <DIR>    d--------    C:\Documents and Settings\kts\Application Data\SUPERAntiSpyware.com
2008-02-22 19:49 . 22-02-08 19:49     <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-22 19:39 . 22-02-08 19:39     <DIR>    d--------    C:\Programmer\CCleaner
2008-02-22 18:41 . 22-02-08 18:41     <DIR>    d--------    C:\Programmer\Lavasoft
2008-02-22 18:41 . 22-02-08 18:42     <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 18:49    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-22 17:06    ---------    d-----w    C:\Programmer\Trend Micro
2008-02-22 17:00    ---------    d-----w    C:\Documents and Settings\kts\Application Data\Lavasoft
2008-02-10 19:49    ---------    d-----w    C:\Documents and Settings\kts\Application Data\LimeWire
2007-12-14 10:32    12,632    ----a-w    C:\WINNT\system32\lsdelete.exe
2004-03-12 14:55    271    ---h--w    C:\Programmer\desktop.ini
2004-03-12 14:55    22,029    ---h--w    C:\Programmer\folder.htt
2002-08-23 00:00    32,528    ----a-w    C:\WINNT\inf\wbfirdma.sys
2001-11-22 13:08    712,704    ----a-w    C:\WINNT\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23-08-02 01:00  20752 C:\WINNT\system32\internat.exe]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29-04-07 14:45  68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [10-01-07 15:14  1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19-06-03 20:05  111888 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [17-11-03 19:33  3022848]
"nwiz"="nwiz.exe" [17-11-03 19:33  753664 C:\WINNT\system32\nwiz.exe]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [16-02-07 09:54  282624]
"Creative WebCam Tray"="C:\Programmer\Creative\Shared Files\CAMTRAY.EXE" [05-11-02 03:00  184320]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09-07-01 10:50  155648]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [25-09-07 01:11  132496]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [14-03-07 18:05  257088]
"pccguide.exe"="C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe" [08-03-07 02:43  3429904]
"PaperPort PTD"="C:\Programmer\Scansoft\PaperPort\pptd40nt.exe" [24-09-02 12:17  45108]
"IndexSearch"="C:\Programmer\Scansoft\PaperPort\IndexSearch.exe" [24-09-02 12:46  36864]
"SetDefPrt"="C:\Programmer\Brother\Brmfl03a\BrStDvPt.exe" [03-07-03 14:31  45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23-08-02 01:00  20752 C:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe" [19-06-03 20:05  187664]

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - D:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [20-12-06 12:55  77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 19-10-06 09:12  258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys [05-08-03 07:14 ]
R2 BrSerial;Brother Serial Driver;C:\WINNT\system32\drivers\BrSerial.sys [15-03-02 11:13 ]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINNT\system32\DRIVERS\NVxbar.sys [10-11-03 21:34 ]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINNT\system32\DRIVERS\nvcap.sys [10-11-03 21:34 ]
S3 BrUsbMdm;Brother MFC USB FaxModem driver;C:\WINNT\system32\Drivers\BrUsbMdm.sys [05-06-03 13:08 ]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINNT\system32\Drivers\BrUsbScn.sys [05-06-03 13:09 ]
S3 V0010bVd;Creative WebCam Vista #2;C:\WINNT\system32\DRIVERS\V0010bVd.sys [21-04-03 08:19 ]
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [18-06-03 16:48 ]
S4 Windows Display Diver;display;"C:\WINNT\display.exe" []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 20:57:51
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 22-02-2008 20:58:33
ComboFix-quarantined-files.txt  2008-02-22 19:58:28
ComboFix2.txt  2008-02-22 19:02:01

er det stadig itu drevet bliver næste skridt nok skradespanden, og så en bærbar :)

Afinstaller Limewire i Tilføj/Fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Åbn et Notesblokvindue, kopiér indholdet mellem de bølgede linier ind i dokumentet, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

File::
C:\WINNT\display.exe

Folder::
"C:\Documents and Settings\kts\Application Data\LimeWire"

Service::
display

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kom med den friske Combofixlog.

Et nyt drev er en "anelse" billigere end en bærbar. ;-)
Bor du i nærheden af Søndersø, kan du hente et hos mig for et par pilsnere.

undskyld min sløvhed, men som jeg skrev er det her på min mors computer, kommer hjem igen til dem søndag (imorgen) så der ordner jeg resten :)

virker stadig ikke, men tak for forsøget, hun vil alligevel hellere have en billig bærbar. Det står dig frit for at komme med at svar, så får du gerne pointene for "the effort" :)

Jeg skal ikke have point for den smule. :-)
Læg et svar og accepter dit eget svar, så her er afsluttet rigtigt.

jeg takker og bukker

Velbekomme. :-)
Husk at acceptere dit eget svar.