Hjælp Hijac

for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

skrevet af karise-larry

Logfile of HijackThis v1.99.1
Scan saved at 12:14:50, on 14-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Razer\Copperhead\razerhid.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Electronic Arts\EADM\Core.exe
C:\Programmer\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jesper\Skrivebord\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.safeappsoftware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [razer] C:\Programmer\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] C:\Programmer\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Registry Helper] "C:\Programmer\Registry Helper\LaunchRegistryHelper.Exe" "C:\Programmer\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Programmer\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Programmer\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.djs-netbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221218542468
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: __c00328D2 - C:\WINDOWS\system32\__c00328D2.dat (file missing)
O20 - Winlogon Notify: __c00AA65E - C:\WINDOWS\system32\__c00AA65E.dat (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Tror det er noget i den du´r du ville have ? :)

hvad er dit problem?  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) nu er jeg ikke så erfaren,
men bit comet ville jeg ikke have, afinstalleres
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) fixes
4 - HKCU\..\Run: [Registry Helper] "C:\Programmer\Registry Helper\LaunchRegistryHelper.Exe" "C:\Programmer\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Programmer\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Programmer\Disk Cleaner\DiskCleaner.Exe" /boot ville jeg afinstallerer
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) fixes
O20 - Winlogon Notify: __c00328D2 - C:\WINDOWS\system32\__c00328D2.dat (file missing)
O20 - Winlogon Notify: __c00AA65E - C:\WINDOWS\system32\__c00AA65E.dat (file missing)
nu er jeg ikke helt erfaren så der kommer nok en og kommeterer yderligere.
og så selvfølgelig pokerprogrammet er meget giftigt, hvis det er virus du har.

Mit problem pt er:
Jeg har overhovede ikke nok fps når jeg spiller computer. F.eks har jeg spillet warhammer online beta, hvor jeg kører med laveste opløsning osv, og jeg lagger rundt som bare fa´en. Fps problemer, aner ikke hvorfor, men går ud fra et eller andet suger mit system.
Jeg har ingen anelse om hvad jeg skal gøre, da jeg heller ikke kan formatere min computer.

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Brug denne og så ny log.

Reinelt - tjek lige at der gøres som du beder om :)

br0ndum - hvad er specs på din pc?

Specs ? :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:46, on 14-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Razer\Copperhead\razerhid.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Electronic Arts\EADM\Core.exe
C:\Programmer\Razer\Copperhead\razerofa.exe
C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jesper\Skrivebord\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.safeappsoftware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [razer] C:\Programmer\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] C:\Programmer\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Registry Helper] "C:\Programmer\Registry Helper\LaunchRegistryHelper.Exe" "C:\Programmer\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Programmer\Disk Cleaner\LaunchDiskCleaner.Exe" "C:\Programmer\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.djs-netbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221218542468
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: __c00328D2 - C:\WINDOWS\system32\__c00328D2.dat (file missing)
O20 - Winlogon Notify: __c00AA65E - C:\WINDOWS\system32\__c00AA65E.dat (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6742 bytes

specs = specifikationer

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind og fortæl hvordan computeren kører nu ?

Er pt ved at køre det program fromsej gav link til.
Specs:

Asrock 775Dual-880 VSTA S-775
Intel P4 3000MHz 64 bit S-775
2GB DDR2 Ram PC4200
GeForce 8600GT
320Gb Western Digital 7200rpm 16mb SATA2

Malwarebytes' Anti-Malware 1.28
Database version: 1147
Windows 5.1.2600 Service Pack 3

14-09-2008 13:23:53
mbam-log-2008-09-14 (13-23-53).txt

Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 83310
Tid tilbagelagt: 13 minute(s), 34 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 2
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00328d2 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00aa65e (Trojan.Vundo) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\WINDOWS\system32\__c008E74E.dat (Trojan.Agent) -> Quarantined and deleted successfully.

I thought it enough. ;-)

Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

ComboFix 08-09-13.05 - Jesper 2008-09-14 13:42:41.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1617 [GMT 2:00]
Running from: C:\Documents and Settings\Jesper\Skrivebord\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\j.exe

.
(((((((((((((((((((((((((  Files Created from 2008-08-14 to 2008-09-14  )))))))))))))))))))))))))))))))
.

2008-09-14 13:22 . 2008-09-14 13:41    <DIR>    d--------    C:\Programmer\nLite
2008-09-14 13:07 . 2008-09-14 13:09    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-09-14 13:07 . 2008-09-14 13:07    <DIR>    d--------    C:\Documents and Settings\Jesper\Application Data\Malwarebytes
2008-09-14 13:07 . 2008-09-14 13:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 13:07 . 2008-09-10 00:04    38,528    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 13:07 . 2008-09-10 00:03    17,200    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 12:47 . 2008-09-14 12:47    <DIR>    d--------    C:\WINDOWS\nview
2008-09-14 12:47 . 2008-05-16 14:01    446,464    --a------    C:\WINDOWS\system32\nvudisp.exe
2008-09-14 12:47 . 2008-09-14 12:48    186,097    --a------    C:\WINDOWS\system32\nvapps.xml
2008-09-14 12:47 . 2008-05-16 14:01    18,070    --a------    C:\WINDOWS\system32\nvdisp.nvu
2008-09-14 12:46 . 2008-05-16 11:48    446,464    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2008-09-14 12:34 . 2008-09-14 12:34    <DIR>    d--------    C:\Programmer\PC Drivers HeadQuarters
2008-09-14 12:34 . 2008-09-14 12:34    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-14 10:32 . 2008-09-14 10:32    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-09-14 01:39 . 2008-09-14 01:39    <DIR>    d--------    C:\Programmer\Electronic Arts
2008-09-14 01:39 . 2008-09-14 01:39    <DIR>    d--------    C:\ProgramData
2008-09-13 13:05 . 2008-09-14 01:34    <DIR>    d--------    C:\Documents and Settings\Jesper\Contacts
2008-09-12 18:45 . 2008-09-12 18:45    <DIR>    d--------    C:\WINDOWS\VentriloMix
2008-09-12 18:45 . 2008-09-12 18:45    <DIR>    d--------    C:\Programmer\VentriloMix
2008-09-12 15:42 . 2008-09-12 15:42    <DIR>    d--------    C:\Programmer\SystemRequirementsLab
2008-09-12 15:42 . 2008-09-12 15:42    <DIR>    d--------    C:\Documents and Settings\Jesper\Application Data\SystemRequirementsLab
2008-09-12 14:00 . 2008-04-14 18:05    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2008-09-12 13:54 . 2008-09-12 13:54    <DIR>    d--------    C:\WINDOWS\system32\da
2008-09-12 13:54 . 2008-09-12 13:54    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-09-12 13:39 . 2008-09-12 13:39    <DIR>    d--------    C:\Programmer\MSXML 4.0
2008-09-12 13:36 . 2008-04-11 21:05    691,712    -----c---    C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-12 13:36 . 2008-05-01 16:36    331,776    -----c---    C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-12 13:36 . 2008-06-14 19:35    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-12 13:36 . 2008-05-08 16:02    203,136    -----c---    C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-12 13:22 . 2007-07-30 19:18    34,136    --a------    C:\WINDOWS\system32\wucltui.dll.mui
2008-09-12 13:22 . 2007-07-30 19:19    25,944    --a------    C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-12 13:22 . 2007-07-30 19:19    25,944    --a------    C:\WINDOWS\system32\wuapi.dll.mui
2008-09-12 13:22 . 2007-07-30 19:18    20,824    --a------    C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-11 22:12 . 2008-09-11 22:13    <DIR>    d--------    C:\WINDOWS\NV22483980.TMP
2008-09-11 22:11 . 2008-09-11 22:11    <DIR>    d--------    C:\Programmer\Nvidia
2008-09-11 16:06 . 2007-05-16 16:45    3,497,832    --a------    C:\WINDOWS\system32\d3dx9_34.dll
2008-09-11 16:04 . 2008-09-11 16:04    <DIR>    d--------    C:\directx
2008-09-10 23:04 . 2008-09-10 23:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avg7
2008-09-10 21:05 . 2008-09-10 21:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-10 20:48 . 2008-09-12 13:54    <DIR>    d--------    C:\WINDOWS\system32\da-dk
2008-09-10 20:43 . 2007-08-13 18:54    33,792    --a--c---    C:\WINDOWS\system32\dllcache\custsat.dll
2008-08-24 15:09 . 2008-08-24 15:09    21,840    --a------    C:\WINDOWS\system32\SIntfNT.dll
2008-08-24 15:09 . 2008-08-24 15:09    17,212    --a------    C:\WINDOWS\system32\SIntf32.dll
2008-08-24 15:09 . 2008-08-24 15:09    12,067    --a------    C:\WINDOWS\system32\SIntf16.dll
2008-08-24 14:25 . 2008-08-24 14:25    94,208    --a------    C:\WINDOWS\DIIUnin.exe
2008-08-24 14:25 . 2008-08-24 15:09    30,068    --a------    C:\WINDOWS\DIIUnin.dat
2008-08-24 14:25 . 2008-08-24 14:25    2,829    --a------    C:\WINDOWS\DIIUnin.pif
2008-08-24 14:04 . 2008-08-24 14:04    86,528    --a------    C:\WINDOWS\bnetunin.exe
2008-08-24 14:04 . 2008-08-24 14:14    66,936    --ahs----    C:\WINDOWS\dlinfo_0.drv
2008-08-24 14:04 . 2008-08-24 14:04    61,440    --a------    C:\WINDOWS\diabunin.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 23:39    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-09-13 10:33    ---------    d-----w    C:\Programmer\mIRC
2008-09-13 10:31    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\Skype
2008-09-13 08:57    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\skypePM
2008-09-12 13:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2008-09-12 13:52    ---------    d-----w    C:\Programmer\DivX
2008-09-12 12:01    ---------    d-----w    C:\Programmer\MSN Messenger
2008-09-11 05:28    ---------    d-----w    C:\Programmer\PokerStars
2008-09-10 19:02    ---------    d-----w    C:\Programmer\Elaborate Bytes
2008-09-10 18:49    ---------    d-----w    C:\Programmer\Fælles filer\Teleca Shared
2008-08-03 05:58    ---------    d-----w    C:\Programmer\Java
2008-07-07 20:29    253,952    ----a-w    C:\WINDOWS\system32\es.dll
2008-06-24 16:44    74,240    ----a-w    C:\WINDOWS\system32\mscms.dll
2008-06-23 16:33    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48    246,784    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-02-21 07:03    32    ----a-w    C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="C:\Programmer\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\Programmer\Razer\Copperhead\razerhid.exe" [2005-09-06 155648]
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2006-11-21 35328]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26049:TCP"= 26049:TCP:BitComet 26049 TCP
"26049:UDP"= 26049:UDP:BitComet 26049 UDP

S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Programmer\Protector Plus\PPDrv.sys [ ]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 19020]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Registry Helper - C:\Programmer\Registry Helper\LaunchRegistryHelper.Exe
HKCU-Run-Disk Cleaner - C:\Programmer\Disk Cleaner\LaunchDiskCleaner.Exe
HKLM-Run-NBKeyScan - C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jesper\Application Data\Mozilla\Firefox\Profiles\mv9iin1v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.safeappsoftware.com/|http://www.google.com/firefox
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 13:43:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-14 13:44:33
ComboFix-quarantined-files.txt  2008-09-14 11:44:28

Pre-Run: 600,162,304 byte ledig
Post-Run: 2,738,311,168 byte ledig

152    --- E O F ---    2008-09-12 23:46:29

Hvad tænkte du nok ? :) Og var det den her fil du ville kigge på

jeg går ud fra du følger mine råd. jeg kan ikke set det er sket noget endnu.

Reinelt >> No offence, men der er sket masser, Vundo er blevet fjernet af Malwarebytes, den ryger ikke fordi man fixer de to O20 linier, der skal andre midler til, HJT er faktisk næsten overflødig i dag.

br0ndum >> Dette tænkte jeg nok - (Trojan.Vundo) -

Din log er ren, er problemet løst?

fromsej tak for info, hvad anbefaler du istedet?

Jeg vil påstå at disse 3 for det meste vil være nok:
Combofix
Ccleaner
Malwarebytes

Kan lige genstarte og teste computeren. Men pt kan jeg ikke teste mit spil før imorgen, kan"trojan.vundo - gå hen og "ødelægge" min fps ?

Ja, den kan sagtens have været årsagen.

Jeg vil give John ret, først Ccleaner til lige at rydde ud i midlertidige internetfiler m.m. derefter Malwarebytes fuld scanning og fjern hvad den finder, til sidst Combofix, her skal man ikke lege med noget selv, men lade en kompetent gennemse loggen.

Skulle den være helt iorden nu så ? :)
Jeg er som i kan høre helt lost jo.

Ja, jeg har ikke noget at udsætte på logfilerne, så hvis du synes problemet er løst, så er den iorden.

Har lige kørt en Ccleaner, så er jeg ved at scanne den med Malwarebytes, så kører jeg lige en combofix og smider en log herud.
Med hensyn til teste min fps, må jeg vente til imorgen, da jeg hidtil kun har spillet en beta, og kan først spille spillet igen fra imorgen. Ved ik lige helt hvordan jeg evt ellers kan teste den.
Har i en nem freeware Firewall og Antivirus man kan hente ?

ComboFix 08-09-13.05 - Jesper 2008-09-14 15:14:12.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1555 [GMT 2:00]
Running from: C:\Documents and Settings\Jesper\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-08-14 to 2008-09-14  )))))))))))))))))))))))))))))))
.

2008-09-14 14:58 . 2008-09-14 14:58    <DIR>    d--------    C:\Programmer\Yahoo!
2008-09-14 14:58 . 2008-09-14 14:58    <DIR>    d--------    C:\Programmer\CCleaner
2008-09-14 14:54 . 2008-09-14 14:54    960    --a------    C:\WINDOWS\system32\ealregsnapshot1.reg
2008-09-14 13:22 . 2008-09-14 14:55    <DIR>    d--------    C:\Programmer\nLite
2008-09-14 13:07 . 2008-09-14 13:09    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-09-14 13:07 . 2008-09-14 13:07    <DIR>    d--------    C:\Documents and Settings\Jesper\Application Data\Malwarebytes
2008-09-14 13:07 . 2008-09-14 13:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 13:07 . 2008-09-10 00:04    38,528    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-14 13:07 . 2008-09-10 00:03    17,200    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 12:47 . 2008-09-14 12:47    <DIR>    d--------    C:\WINDOWS\nview
2008-09-14 12:47 . 2008-05-16 14:01    446,464    --a------    C:\WINDOWS\system32\nvudisp.exe
2008-09-14 12:47 . 2008-09-14 15:06    186,188    --a------    C:\WINDOWS\system32\nvapps.xml
2008-09-14 12:47 . 2008-05-16 14:01    18,070    --a------    C:\WINDOWS\system32\nvdisp.nvu
2008-09-14 12:46 . 2008-05-16 11:48    446,464    --a------    C:\WINDOWS\system32\NVUNINST.EXE
2008-09-14 12:34 . 2008-09-14 12:34    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-14 10:32 . 2008-09-14 10:32    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Disk Cleaner
2008-09-13 13:05 . 2008-09-14 01:34    <DIR>    d--------    C:\Documents and Settings\Jesper\Contacts
2008-09-12 18:45 . 2008-09-12 18:45    <DIR>    d--------    C:\WINDOWS\VentriloMix
2008-09-12 18:45 . 2008-09-12 18:45    <DIR>    d--------    C:\Programmer\VentriloMix
2008-09-12 15:42 . 2008-09-12 15:42    <DIR>    d--------    C:\Programmer\SystemRequirementsLab
2008-09-12 15:42 . 2008-09-12 15:42    <DIR>    d--------    C:\Documents and Settings\Jesper\Application Data\SystemRequirementsLab
2008-09-12 14:00 . 2008-04-14 18:05    221,184    --a------    C:\WINDOWS\system32\wmpns.dll
2008-09-12 13:54 . 2008-09-12 13:54    <DIR>    d--------    C:\WINDOWS\system32\da
2008-09-12 13:54 . 2008-09-12 13:54    <DIR>    d--------    C:\WINDOWS\l2schemas
2008-09-12 13:39 . 2008-09-12 13:39    <DIR>    d--------    C:\Programmer\MSXML 4.0
2008-09-12 13:36 . 2008-04-11 21:05    691,712    -----c---    C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-12 13:36 . 2008-05-01 16:36    331,776    -----c---    C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-12 13:36 . 2008-06-14 19:35    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-12 13:36 . 2008-05-08 16:02    203,136    -----c---    C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-12 13:22 . 2007-07-30 19:18    34,136    --a------    C:\WINDOWS\system32\wucltui.dll.mui
2008-09-12 13:22 . 2007-07-30 19:19    25,944    --a------    C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-12 13:22 . 2007-07-30 19:19    25,944    --a------    C:\WINDOWS\system32\wuapi.dll.mui
2008-09-12 13:22 . 2007-07-30 19:18    20,824    --a------    C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-11 22:12 . 2008-09-11 22:13    <DIR>    d--------    C:\WINDOWS\NV22483980.TMP
2008-09-11 22:11 . 2008-09-11 22:11    <DIR>    d--------    C:\Programmer\Nvidia
2008-09-11 16:06 . 2007-05-16 16:45    3,497,832    --a------    C:\WINDOWS\system32\d3dx9_34.dll
2008-09-11 16:04 . 2008-09-11 16:04    <DIR>    d--------    C:\directx
2008-09-10 23:04 . 2008-09-10 23:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Avg7
2008-09-10 21:05 . 2008-09-10 21:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-10 20:48 . 2008-09-12 13:54    <DIR>    d--------    C:\WINDOWS\system32\da-dk
2008-09-10 20:43 . 2007-08-13 18:54    33,792    --a--c---    C:\WINDOWS\system32\dllcache\custsat.dll
2008-08-24 15:09 . 2008-08-24 15:09    21,840    --a------    C:\WINDOWS\system32\SIntfNT.dll
2008-08-24 15:09 . 2008-08-24 15:09    17,212    --a------    C:\WINDOWS\system32\SIntf32.dll
2008-08-24 15:09 . 2008-08-24 15:09    12,067    --a------    C:\WINDOWS\system32\SIntf16.dll
2008-08-24 14:25 . 2008-08-24 14:25    94,208    --a------    C:\WINDOWS\DIIUnin.exe
2008-08-24 14:25 . 2008-08-24 15:09    30,068    --a------    C:\WINDOWS\DIIUnin.dat
2008-08-24 14:25 . 2008-08-24 14:25    2,829    --a------    C:\WINDOWS\DIIUnin.pif
2008-08-24 14:04 . 2008-08-24 14:04    86,528    --a------    C:\WINDOWS\bnetunin.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 13:13    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-09-14 12:55    ---------    d-----w    C:\Programmer\PokerStars
2008-09-13 10:33    ---------    d-----w    C:\Programmer\mIRC
2008-09-13 10:31    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\Skype
2008-09-13 08:57    ---------    d-----w    C:\Documents and Settings\Jesper\Application Data\skypePM
2008-09-12 13:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2008-09-12 13:52    ---------    d-----w    C:\Programmer\DivX
2008-09-12 12:01    ---------    d-----w    C:\Programmer\MSN Messenger
2008-09-10 19:02    ---------    d-----w    C:\Programmer\Elaborate Bytes
2008-09-10 18:49    ---------    d-----w    C:\Programmer\Fælles filer\Teleca Shared
2008-08-03 05:58    ---------    d-----w    C:\Programmer\Java
2008-07-07 20:29    253,952    ----a-w    C:\WINDOWS\system32\es.dll
2008-06-24 16:44    74,240    ----a-w    C:\WINDOWS\system32\mscms.dll
2008-06-23 16:33    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48    246,784    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-02-21 07:03    32    ----a-w    C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

(((((((((((((((((((((((((((((  snapshot@2008-09-14_13.44.15.67  )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-14 12:09:54    860,160    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\ace728a080313d45bbb1be9162963af6\AspNetMMCExt.ni.dll
+ 2008-09-14 12:09:55    237,568    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e22e4a61e7fd4f4ea0a09b8664d7e36b\CustomMarshalers.ni.dll
+ 2008-09-14 12:09:54    15,360    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\329eff639eb9d14988c0afc4596f234e\dfsvc.ni.exe
+ 2008-09-14 12:09:56    880,640    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\092d7ec91901084cba492ff3643b9911\Microsoft.Build.Engine.ni.dll
+ 2008-09-14 12:09:56    81,920    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5f2d656f41e7b64fb991856119081c72\Microsoft.Build.Framework.ni.dll
+ 2008-09-14 12:09:59    1,691,648    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\76349116f13d6843bffc5dc6c871550b\Microsoft.Build.Tasks.ni.dll
+ 2008-09-14 12:10:00    163,840    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\14e6b36c0081534f848bdd0582011861\Microsoft.Build.Utilities.ni.dll
+ 2008-09-14 12:10:02    1,724,416    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9c7117bf770af846898bf7062b21609d\Microsoft.VisualBasic.ni.dll
+ 2008-09-14 12:10:06    2,310,144    ----a-w    C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\2b6063d6a1f84c47877e7957662afd82\System.Web.Mobile.ni.dll
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="C:\Programmer\Razer\Copperhead\razerhid.exe" [2005-09-06 155648]
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2006-11-21 35328]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26049:TCP"= 26049:TCP:BitComet 26049 TCP
"26049:UDP"= 26049:UDP:BitComet 26049 UDP

S3 PPDrv;Protector Plus Driver (UnRegistered);C:\Programmer\Protector Plus\PPDrv.sys [ ]
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 19020]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jesper\Application Data\Mozilla\Firefox\Profiles\mv9iin1v.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.dk/firefox
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 15:15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-14 15:15:40
ComboFix-quarantined-files.txt  2008-09-14 13:15:38
ComboFix2.txt  2008-09-14 11:44:34

Pre-Run: 2,840,403,968 byte ledig
Post-Run: 2,830,495,744 byte ledig

150    --- E O F ---    2008-09-12 23:46:29

fromsej: kan du hjælpe mig i combo spørgsmål nr http://www.eksperten.dk/spm/845154

Loggen er ren.

Reinelt, jeg kigger på det.

tak for det fromsej.