Er blevet hacked, formoder at det er en keylogger.

Hent "Malwarebytes' Anti-Malware" her: http://www.besttechie.net/tools/mbam-setup.exe
Installer og start programmet, opdater, lav "fuld systemskanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://www.techsupportforum.com/sectools/sUBs/dds

eller her: http://download.bleepingcomputer.com/sUBs/dds.scr

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.

OBS - DDS skal gemmes på på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på *.exe filen - Kør som Administrator.

Malwarebytes' Anti-Malware 1.34
Database version: 1766
Windows 6.0.6001 Service Pack 1

17-02-2009 11:55:22
mbam-log-2009-02-17 (11-55-22).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objekter skannet: 202818
Tid tilbagelagt: 1 hour(s), 37 minute(s), 19 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


DDS (Ver_09-02-01.01) - NTFSx86 
Run by Niclas at 11:58:57,81 on 17-02-2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.45.1030.18.3069.1421 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Niclas\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\conime.exe
C:\Users\Niclas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Niclas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Niclas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Niclas\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://www.lectio.dk/lectio/61/SkemaGenerator.aspx?type=elev&id=1491250961
uWindow Title = Internet Explorer leveret af Dell
mDefault_Page_URL = hxxp://www.google.dk/ig/dell?hl=da&client=dell-row&channel=dk&ibd=1080410
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\users\niclas\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-16 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-16 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-16 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-16 298264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\intel\intel matrix storage manager\IAANTmon.exe [2008-4-10 358936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-12-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-12-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-8-18 79360]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-12-14 1112560]

=============== Created Last 30 ================

2009-02-16 22:44    <DIR>    --d-----    c:\users\niclas\appdata\roaming\Malwarebytes
2009-02-16 22:44    15,504    a-------    c:\windows\system32\drivers\mbam.sys
2009-02-16 22:44    38,496    a-------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-16 22:44    <DIR>    --d-----    c:\programdata\Malwarebytes
2009-02-16 22:44    <DIR>    --d-----    c:\program files\Malwarebytes' Anti-Malware
2009-02-16 22:44    <DIR>    --d-----    c:\progra~2\Malwarebytes
2009-02-16 20:05    <DIR>    --d-----    c:\program files\CCleaner
2009-02-16 19:15    15,688    a-------    c:\windows\system32\lsdelete.exe
2009-02-16 19:07    64,160    a-------    c:\windows\system32\drivers\Lbd.sys
2009-02-16 19:04    <DIR>    -cd-h---    c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 19:04    <DIR>    -cd-h---    c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 19:03    <DIR>    --d-----    c:\programdata\Lavasoft
2009-02-16 19:03    <DIR>    --d-----    c:\program files\Lavasoft
2009-02-16 14:59    <DIR>    --d-h---    C:\$AVG8.VAULT$
2009-02-16 14:07    10,520    a-------    c:\windows\system32\avgrsstx.dll
2009-02-16 14:07    107,272    a-------    c:\windows\system32\drivers\avgtdix.sys
2009-02-16 14:07    325,128    a-------    c:\windows\system32\drivers\avgldx86.sys
2009-02-16 14:07    <DIR>    --d-----    c:\windows\system32\drivers\Avg
2009-02-16 14:06    <DIR>    --d-----    c:\program files\AVG
2009-02-16 14:06    <DIR>    --d-----    c:\programdata\avg8
2009-02-16 14:06    <DIR>    --d-----    c:\progra~2\avg8
2009-02-16 12:41    428,544    a-------    c:\windows\system32\EncDec.dll
2009-02-16 12:41    217,088    a-------    c:\windows\system32\psisrndr.ax
2009-02-16 12:41    293,376    a-------    c:\windows\system32\psisdecd.dll
2009-02-16 12:41    177,664    a-------    c:\windows\system32\mpg2splt.ax
2009-02-16 12:41    80,896    a-------    c:\windows\system32\MSNP.ax
2009-02-15 18:39    827,392    a-------    c:\windows\system32\wininet.dll
2009-02-15 18:39    1,383,424    a-------    c:\windows\system32\mshtml.tlb
2009-02-05 18:11    <DIR>    --d-----    c:\programdata\Office Genuine Advantage
2009-02-05 17:30    105,016    a-------    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-05 17:30    97,800    a-------    c:\windows\system32\infocardapi.dll
2009-02-05 17:30    622,080    a-------    c:\windows\system32\icardagt.exe
2009-02-05 17:30    43,544    a-------    c:\windows\system32\PresentationHostProxy.dll
2009-02-05 17:30    37,384    a-------    c:\windows\system32\infocardcpl.cpl
2009-02-05 17:30    11,264    a-------    c:\windows\system32\icardres.dll
2009-02-05 17:30    781,344    a-------    c:\windows\system32\PresentationNative_v0300.dll
2009-02-05 17:30    326,160    a-------    c:\windows\system32\PresentationHost.exe
2009-02-05 17:25    96,760    a-------    c:\windows\system32\dfshim.dll
2009-02-05 17:25    282,112    a-------    c:\windows\system32\mscoree.dll
2009-02-05 17:25    41,984    a-------    c:\windows\system32\netfxperf.dll
2009-02-05 17:25    158,720    a-------    c:\windows\system32\mscorier.dll
2009-02-05 17:25    83,968    a-------    c:\windows\system32\mscories.dll
2009-01-23 22:48    <DIR>    --d-----    c:\program files\directx
2009-01-19 20:24    <DIR>    --d-----    c:\users\niclas\appdata\roaming\Turbine
2009-01-19 20:23    2,297,552    a-------    c:\windows\system32\d3dx9_26.dll
2009-01-19 20:20    <DIR>    --d-----    c:\windows\system32\URTTEMP

==================== Find3M  ====================

2009-02-16 19:14    502,090    a-------    c:\windows\system32\perfh006.dat
2009-02-16 19:14    96,202    a-------    c:\windows\system32\perfc006.dat
2008-12-31 17:04    691,560    a-------    c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04    528,744    a-------    c:\windows\system32\OGAVerify.exe
2008-12-31 17:04    502,120    a-------    c:\windows\system32\OGAAddin.dll
2008-12-24 12:50    143,360    a-------    c:\windows\inf\infstrng.dat
2008-12-24 12:50    51,200    a-------    c:\windows\inf\infpub.dat
2008-12-24 12:50    86,016    a-------    c:\windows\inf\infstor.dat
2008-12-11 01:33    200,704    a-------    c:\windows\system32\dtu100.dll
2008-12-11 01:33    86,016    a-------    c:\windows\system32\dpl100.dll
2008-12-09 03:28    593,920    a-------    c:\windows\system32\dpuGUI11.dll
2008-12-09 03:28    344,064    a-------    c:\windows\system32\dpus11.dll
2008-12-09 03:28    294,912    a-------    c:\windows\system32\dpu11.dll
2008-12-09 03:28    57,344    a-------    c:\windows\system32\dpv11.dll
2008-09-08 19:23    3,739,136    a-------    c:\users\niclas\WAR Europe Downloader.exe
2008-08-18 14:53    174    a--sh---    c:\program files\desktop.ini
2008-08-18 14:42    665,600    a-------    c:\windows\inf\drvindex.dat
2008-08-10 13:46    56    a---h---    c:\programdata\ezsidmv.dat
2008-08-10 13:46    56    a---h---    c:\progra~2\ezsidmv.dat
2006-11-21 05:46    300,302    a-------    c:\windows\inf\perflib\0406\perfi.dat
2006-11-21 05:46    300,302    a-------    c:\windows\inf\perflib\0406\perfh.dat
2006-11-21 05:46    36,364    a-------    c:\windows\inf\perflib\0406\perfd.dat
2006-11-21 05:46    36,364    a-------    c:\windows\inf\perflib\0406\perfc.dat
2006-11-02 10:20    287,440    a-------    c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20    287,440    a-------    c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20    30,674    a-------    c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20    30,674    a-------    c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:59:43,62 ===============

Bruger du ingen antivirus? DDS plejer at skrive hvilken av der er på maskinen. Jeg kan sagtens se AVG, men er den aktiv?

Der er ikke tegn på en keylogger men du kan prøve det her:


Hent og GEM Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
eller her:

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Start notesblok og kopier indholdet mellem de stiplede linier ind og gem filen i samme mappe hvor Combofix

ligger med navnet CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt
--------------

Killall::

Snapshot::

DDS::
mRun: [<NO NAME>]

-------------

Da Combofix kan konflikte med din antivirus er det vigtigt at du deaktiverer den.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.malwarecheck.dk/billeder/CFScriptB-4_da.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du

bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt

som ligger her C:\ Combofix txt

Indholdet af denne fil må du gerne lægge herind.

ComboFix 09-02-15.01 - Niclas 2009-02-17 17:06:46.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.3069.1865 [GMT 1:00]
Kører fra: c:\users\Niclas\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Niclas\Desktop\CFScript.txt
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-01-17 til 2009-02-17  )))))))))))))))))))))))))))))))))))
.

2009-02-16 22:44 . 2009-02-16 22:44    <DIR>    d--------    c:\users\Niclas\AppData\Roaming\Malwarebytes
2009-02-16 22:44 . 2009-02-16 22:44    <DIR>    d--------    c:\programdata\Malwarebytes
2009-02-16 22:44 . 2009-02-16 22:44    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2009-02-16 22:44 . 2009-02-11 10:19    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-16 22:44 . 2009-02-11 10:19    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-02-16 20:05 . 2009-02-16 20:05    <DIR>    d--------    c:\program files\CCleaner
2009-02-16 19:15 . 2009-02-16 19:07    15,688    --a------    c:\windows\System32\lsdelete.exe
2009-02-16 19:07 . 2009-02-16 19:06    64,160    --a------    c:\windows\System32\drivers\Lbd.sys
2009-02-16 19:04 . 2009-02-16 19:04    <DIR>    d--h-c---    c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 19:03 . 2009-02-16 19:07    <DIR>    d--------    c:\programdata\Lavasoft
2009-02-16 19:03 . 2009-02-16 19:03    <DIR>    d--------    c:\program files\Lavasoft
2009-02-16 14:59 . 2009-02-17 12:18    <DIR>    d--h-----    C:\$AVG8.VAULT$
2009-02-16 14:07 . 2009-02-17 17:02    <DIR>    d--------    c:\windows\System32\drivers\Avg
2009-02-16 14:07 . 2009-02-16 14:07    325,128    --a------    c:\windows\System32\drivers\avgldx86.sys
2009-02-16 14:07 . 2009-02-16 14:07    107,272    --a------    c:\windows\System32\drivers\avgtdix.sys
2009-02-16 14:07 . 2009-02-16 14:07    10,520    --a------    c:\windows\System32\avgrsstx.dll
2009-02-16 14:06 . 2009-02-16 14:06    <DIR>    d--------    c:\programdata\avg8
2009-02-16 14:06 . 2009-02-16 14:06    <DIR>    d--------    c:\program files\AVG
2009-02-16 12:41 . 2008-12-05 05:32    428,544    --a------    c:\windows\System32\EncDec.dll
2009-02-16 12:41 . 2008-12-05 05:32    293,376    --a------    c:\windows\System32\psisdecd.dll
2009-02-16 12:41 . 2008-12-05 05:31    217,088    --a------    c:\windows\System32\psisrndr.ax
2009-02-16 12:41 . 2008-12-05 05:31    177,664    --a------    c:\windows\System32\mpg2splt.ax
2009-02-16 12:41 . 2008-12-05 05:31    80,896    --a------    c:\windows\System32\MSNP.ax
2009-02-15 18:39 . 2009-01-15 04:36    1,383,424    --a------    c:\windows\System32\mshtml.tlb
2009-02-15 18:39 . 2009-01-15 07:11    827,392    --a------    c:\windows\System32\wininet.dll
2009-02-05 18:11 . 2009-02-05 18:11    <DIR>    d--------    c:\programdata\Office Genuine Advantage
2009-02-05 17:30 . 2008-06-20 02:14    781,344    --a------    c:\windows\System32\PresentationNative_v0300.dll
2009-02-05 17:30 . 2008-06-20 02:14    622,080    --a------    c:\windows\System32\icardagt.exe
2009-02-05 17:30 . 2008-06-20 02:14    326,160    --a------    c:\windows\System32\PresentationHost.exe
2009-02-05 17:30 . 2008-06-20 02:14    105,016    --a------    c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-05 17:30 . 2008-06-20 02:14    97,800    --a------    c:\windows\System32\infocardapi.dll
2009-02-05 17:30 . 2008-06-20 02:14    43,544    --a------    c:\windows\System32\PresentationHostProxy.dll
2009-02-05 17:30 . 2008-06-20 02:14    37,384    --a------    c:\windows\System32\infocardcpl.cpl
2009-02-05 17:30 . 2008-06-20 02:14    11,264    --a------    c:\windows\System32\icardres.dll
2009-02-05 17:25 . 2008-07-27 19:03    282,112    --a------    c:\windows\System32\mscoree.dll
2009-02-05 17:25 . 2008-07-27 19:03    158,720    --a------    c:\windows\System32\mscorier.dll
2009-02-05 17:25 . 2008-07-27 19:03    96,760    --a------    c:\windows\System32\dfshim.dll
2009-02-05 17:25 . 2008-07-27 19:03    83,968    --a------    c:\windows\System32\mscories.dll
2009-02-05 17:25 . 2008-07-27 19:03    41,984    --a------    c:\windows\System32\netfxperf.dll
2009-01-23 22:48 . 2009-01-23 22:48    <DIR>    d--------    c:\program files\directx
2009-01-19 20:24 . 2009-01-19 20:24    <DIR>    d--------    c:\users\Niclas\AppData\Roaming\Turbine
2009-01-19 20:23 . 2005-05-26 15:34    2,297,552    --a------    c:\windows\System32\d3dx9_26.dll
2009-01-19 20:20 . 2009-01-19 20:20    <DIR>    d--------    c:\windows\System32\URTTEMP

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 16:13    ---------    d-----w    c:\users\Niclas\AppData\Roaming\Skype
2009-02-17 16:12    ---------    d---a-w    c:\programdata\TEMP
2009-02-17 15:04    ---------    d-----w    c:\users\Niclas\AppData\Roaming\skypePM
2009-02-17 14:38    ---------    d-----w    c:\program files\Spybot - Search & Destroy
2009-02-17 14:35    ---------    d-----w    c:\programdata\Spybot - Search & Destroy
2009-02-17 12:44    ---------    d-----w    c:\program files\Steam
2009-02-16 12:45    ---------    d-----w    c:\program files\Bonjour
2009-02-16 11:38    ---------    d-----w    c:\programdata\Microsoft Help
2009-02-16 11:38    ---------    d-----w    c:\program files\Windows Mail
2009-02-16 11:34    ---------    d-----w    c:\program files\McAfee
2009-02-05 16:24    ---------    d-----w    c:\users\Niclas\AppData\Roaming\LimeWire
2009-01-19 13:49    ---------    d-----w    c:\program files\SystemRequirementsLab
2009-01-18 11:29    ---------    d-----w    c:\program files\Common Files\Steam
2009-01-13 19:15    ---------    d-----w    c:\program files\DivX
2009-01-02 14:46    ---------    d-----w    c:\program files\Common Files\Blizzard Entertainment
2008-12-27 20:20    ---------    d-----w    c:\users\Niclas\AppData\Roaming\dvdcss
2008-12-25 11:59    ---------    d-----w    c:\users\Niclas\AppData\Roaming\DivX
2008-12-24 12:03    ---------    d-----w    c:\programdata\NVIDIA
2008-12-24 11:58    ---------    d-----w    c:\program files\Common Files\Wise Installation Wizard
2008-12-24 11:58    ---------    d-----w    c:\program files\AGEIA Technologies
2008-12-23 20:25    ---------    d-----w    c:\program files\BitTorrent
2008-12-23 20:24    ---------    d-----w    c:\program files\DNA
2008-09-08 18:23    3,739,136    ----a-w    c:\users\Niclas\WAR Europe Downloader.exe
2008-08-18 13:53    174    --sha-w    c:\program files\desktop.ini
2008-08-10 12:46    56    ---ha-w    c:\programdata\ezsidmv.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-07-30 21738792]
"Google Update"="c:\users\Niclas\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-07 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2008-04-10 77824]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-06 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-10 1838592]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-12-14 244208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-10-08 155648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-16 1601304]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 c:\windows\System32\HCIMNTR.DLL]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-02 c:\windows\System32\Ctxfihlp.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 715568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute    REG_MULTI_SZ      \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01144B01-A2D4-419A-8808-4197F2A99891}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{01E78162-6A1D-43CC-A993-41D889DC45CD}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{BAF1E9F6-9C6F-428F-93DE-3541E77C9EDF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ECE5BAE9-88A9-4051-8008-247B3F8A1F42}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6D15D121-AAF7-40C8-A3B1-EEB1C9D49D29}"= UDP:c:\program files\Electronic Arts\EADM\Core.exe:EA Download Manager
"{584D8D03-2AF2-4ED6-B293-5EB844F566A2}"= TCP:c:\program files\Electronic Arts\EADM\Core.exe:EA Download Manager
"TCP Query User{6AFADBEF-47E7-4795-9826-C4E70C60BCEB}c:\\users\\niclas\\war europe downloader.exe"= UDP:c:\users\niclas\war europe downloader.exe:war europe downloader.exe
"UDP Query User{8C644EE3-6EE5-47B7-8750-E8DFA0BFBD66}c:\\users\\niclas\\war europe downloader.exe"= TCP:c:\users\niclas\war europe downloader.exe:war europe downloader.exe
"TCP Query User{27F05083-6855-4D71-833C-E3828141846C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8B7E9F6F-0A39-41F2-944E-16E58A8D447C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{081A9358-E925-4559-B6B9-B2FB1DAEEE74}c:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F36D4F45-56FE-4D35-B39A-A7FA59174DB7}c:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{3926CA42-B924-4B53-8C67-D3617868EFDE}c:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mtnimbty\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= UDP:c:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\mtnimbty\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"UDP Query User{BD028BF4-9206-4E50-BE20-A2CDF710CCA9}c:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mtnimbty\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= TCP:c:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\mtnimbty\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"{86F6E2E6-8EAD-41E5-84ED-948948BAE407}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{8BB74D3C-7D93-4362-B2F1-78643734609A}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{605B08D8-CDEB-4593-8108-E05ADF5EE5D2}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{D805950B-4103-4B16-8D9F-4B74981F23CE}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{7F346A26-2AEE-470C-85A1-A10938FAEA21}c:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\y2v75sf6\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= UDP:c:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\y2v75sf6\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"UDP Query User{A37E710A-AB35-4A7F-A965-BFCED7F3D4FA}c:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\y2v75sf6\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= TCP:c:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\y2v75sf6\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"{37E38F86-201C-4AB8-A20D-52BE230B32AE}"= UDP:3724:Blizzard Downloader
"{2E47BA17-7FA2-4433-BBB4-CBCA89D25531}"= UDP:6112:Blizzard Downloader
"TCP Query User{BC47D3C7-BCE9-48D3-B957-52CDEF4FDCD0}c:\\users\\niclas\\program files\\dna\\btdna.exe"= UDP:c:\users\niclas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{1B350384-E7BE-4105-9B65-5630EA6B6165}c:\\users\\niclas\\program files\\dna\\btdna.exe"= TCP:c:\users\niclas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{6054F39D-A40B-4E5A-873C-8EA0DADAAE5A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50C9078E-D8DD-4FDE-9CF4-8E465A9BFE08}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{84C21360-05AD-4B2F-A12A-0E3B1AE097F8}c:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{3BBD807C-6C38-43FF-8B38-DA81B0971865}c:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{77B9B230-5A59-4655-A8A6-A174AE71AA5A}c:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"UDP Query User{9AF546EE-3C41-44E4-B453-9F60A998E865}c:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"TCP Query User{2119A476-EA69-451B-9C4E-51EA968710B6}c:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"UDP Query User{B668439D-7635-44E8-AEBE-B8409629446F}c:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"{8C382DA4-EA46-4F16-881C-4C1536B19498}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader
"{A9AFF543-2CDB-45D8-A9C6-BBBAFBE36511}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader
"{1C241DDB-E4FE-4F35-ABC5-2800813F570E}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{0AA91392-838D-40F8-BA88-DA7044555B8F}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{5F66BD21-9ED9-46C1-9817-E051B0432943}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C51779AE-01E2-4CFC-BD4E-680361EF685C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AA133A0B-61F6-415B-B388-8DA5F944B70A}c:\\program files\\tortun\\gui.exe"= UDP:c:\program files\tortun\gui.exe:gui
"UDP Query User{5B67FAFC-6FEB-49B6-8F0A-78A3E8855F67}c:\\program files\\tortun\\gui.exe"= TCP:c:\program files\tortun\gui.exe:gui
"{AD654001-4AED-4B38-93FF-CC0BF30A8CE6}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{AE7CCBA0-36CE-41B0-971C-929D522399C6}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A2494ABF-B0E6-4CA2-8AF9-2DF34E769A87}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{ED6C6D13-67A7-4F57-8992-36830EC9DF20}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{8A415C7D-9911-4C05-947B-7E152C0DA1DE}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{8722A722-31D2-4F2E-9E23-7FD972749004}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"TCP Query User{CBA1F336-A750-4F9A-AE0B-B47FADFCEED8}c:\\users\\niclas\\program files\\dna\\btdna.exe"= UDP:c:\users\niclas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{301D681A-F4D0-46E1-90B0-4141B3CEAE5F}c:\\users\\niclas\\program files\\dna\\btdna.exe"= TCP:c:\users\niclas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{BE05EF37-5011-4237-BCF3-1036FAAC32C5}c:\\program files\\curse\\curseclient.exe"= UDP:c:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{1CB8D9F1-115A-4B8F-BDB5-5712C03675A2}c:\\program files\\curse\\curseclient.exe"= TCP:c:\program files\curse\curseclient.exe:CurseClient
"TCP Query User{4F516DD8-0B16-45A5-8857-1E4C5899B246}c:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{ECCDC802-9F73-4271-AF23-36A01A23C2B5}c:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0D92C6CB-3007-4A6C-9C8C-3D1BE51AEB67}c:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= UDP:c:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"UDP Query User{17E97B21-351D-499E-838C-571E144581FC}c:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= TCP:c:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"TCP Query User{12FCD64A-BE6F-4D46-B628-6A0948478F18}c:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\age2_x1.exe"= UDP:c:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\age2_x1.exe:age2_x1.exe
"UDP Query User{8D924025-E16D-432C-9C6B-CE0067DE3389}c:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\age2_x1.exe"= TCP:c:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\age2_x1.exe:age2_x1.exe
"TCP Query User{84585480-E2C4-448D-BDF8-7E4ED6AE327C}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Hjælpeprogram til Microsoft DirectPlay
"UDP Query User{6ACCE5A2-930A-43BC-A265-95B46BF43A94}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Hjælpeprogram til Microsoft DirectPlay
"TCP Query User{A2404DC2-C632-47BB-AF43-7386A032E3CC}c:\\program files\\steam\\steamapps\\angora\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\source sdk base\hl2.exe:hl2
"UDP Query User{0A4BD918-B41C-40E8-95A7-056F66B74A17}c:\\program files\\steam\\steamapps\\angora\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\source sdk base\hl2.exe:hl2
"TCP Query User{3E354D3B-75C8-48B2-9B3A-B8F0990061FE}c:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"UDP Query User{C453A44F-8A6E-4CAD-9202-647998BB206F}c:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"TCP Query User{543F19F8-D071-4C11-8116-AF1FF9A9B0AF}c:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{AE9256E4-7440-4B74-BE8A-0D3DA17B89F7}c:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{19A01615-14C4-4030-B7A5-15C432BD2522}c:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"UDP Query User{8009E03D-FF95-4058-BCAF-E12C2C4428F8}c:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"TCP Query User{3281AD30-1BC6-470D-A752-73383DEACB0E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{978D00CB-68BF-4984-BA43-5EB058F9A60B}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{42820195-A4C7-48AD-9980-88226F348E96}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0D7DA1C0-FDB9-43D3-9A6B-693A8756A96D}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-16 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-16 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-16 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-16 298264]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2008-04-10 358936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-17 1153368]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-12-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-12-14 166384]
S2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-18 79360]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-12-14 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - l:\truecrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\dismount\command - l:\truecrypt\TrueCrypt.exe /q /d
\shell\mount\command - l:\truecrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\open\command - l:\truecrypt\TrueCrypt.exe /e /m rm /v "data"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6e904b8-a8c1-11dd-b8ee-001e4ce638c3}]
\shell\AutoRun\command - l:\truecrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\dismount\command - l:\truecrypt\TrueCrypt.exe /q /d
\shell\mount\command - l:\truecrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\open\command - l:\truecrypt\TrueCrypt.exe /e /m rm /v "data"
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 19:06]

2009-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2222424339-3459818889-2464454366-1000.job
- c:\users\Niclas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-07 17:51]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-04-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - TOMME GENVEJE FJERNET - - - -

HKCU-Run-CurseClient - c:\program files\Curse\CurseClient.exe
HKLM-Run-<NO NAME> - (no file)


.
------- Yderligere scanning -------
.
uStart Page = https://www.lectio.dk/lectio/61/SkemaGenerator.aspx?type=elev&id=1491250961
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 17:13:07
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

scanner skjulte filer ... 


c:\windows\TEMP\TMP00000048FA73A2E570FA7601 524288 bytes executable

scanning gennemført med succes
skjulte filer: 1

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(4928)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\fraps\fraps.exe
c:\windows\System32\conime.exe
c:\windows\System32\CTxfispi.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\windows\System32\rundll32.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\McAfee\VirusScan\mcvsshld.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Gennemført tid: 2009-02-17 17:17:08 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-02-17 16:16:50

Pre-Kørsel: 148.504.584.192 byte ledig
Post-Kørsel: 148,772,380,672 byte ledig

312    --- E O F ---    2009-02-16 13:08:58

F-arn, er du overhovedet der? Desuden er det vel også tilladt for andre Eksperter at kigge på den log du sagde jeg skulle lægge herind.

Ja, jeg bruger antivirus - AVG OG McAfee. Jeg ved ikke hvorfor du ikke kan se dem.

Men kan jeg ikke få nogle svar? Jeg tør ikke rigtig bruge min PC sammen med vigtige koder indtil jeg ved at den er clean...

I så fald tusind tak hvis sagen kunne fremskyndes lidt (:

Generelt: Du er næsten selv ud om det ved at have P2P programmer instaleret og aktive!!!

Afinstaller
* Limewire
* bittorrent
* DNA
Det er jo lige meget hvor meget folk har på af sikkerhed/opdateringer. Hvis de først begynder at 'lege' med P2P programmer - eller retterer reslutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]
Genstart for at fuldføre afinstalationen...

---------------------------------------

Hej karise_larry !
tusind tak for dit svar. jeg var ellers sikker på, at jeg havde fjernet dem - det vil jeg så gøre nu.

Men med disse programmer fjernet, tror du så, at jeg igen kan begynde at bruge min (hvis den er klar?) tidligere virusangrebne PC og skrive passwords igen?

mange tak
- Badehjelm

Jeg vil lade <f-arn> bestemme/afgøre det videre forløb...

Ved du hvad TrueCrypt.exe er for noget? Det kan nemlig være flere ting.

Hej f-arn og tak fordi du stadig hjælper til. :) jeg har sørget for at gøre som karise_larry har skrevet og har stadig, i frygt for om min PC stadig kan sende informationer rundt på nettet, ikke benyttet programmer med vigtige passwords. Så jeg brænder rigtig for at finde ud af, om den er klar snart. Så jeg håber ikke jeg har brudt nogle regler eller noget som gør, at i ikke ønsker at hjælpe mig.

Men det gør det heldigvis ikke nå f-arn skriver - og mht. det der TrueCrypt.exe, så ved jeg virkelig ikke hvad det der. Når jeg søger på det på min PC kommer der to ting frem: ComboFix (C:\) og ComboFix (C:\ComboFix).

Begge er filer jeg har hentet under anvisning fra medlemmer fra Eksperten.dk!

Desuden siger TrueCrypt mig noget - hver gang jeg benytter mig af min eksterne harddisk så beder den om password - Det hedder vist noget med Mount TrueCrypt Volume, det navn fandt jeg i hvert fald i RegEdit.

mvh. Badehjelm

Der er ikke noget tegn på en keylogger men jeg vil gerne se en log fra denne her. Den kan sommetider fortælle nogen 'sjove' ting.

Download Lop S&D by Eric_71 og gem det på dit Skrivebord.
http://eric.71.mespages.googlepages.com/lop.sd.en
Klik på - Download knappen til venstre

-- Kør LopSD. Tast e - for Engelsk. Tryk Enter.
Tast så 2 = (Fix + Hosts)
Tryk Enter. Så kører scanningen.
Lad programmet gennemføre en rensning.

Når scanningen er færdig, ligger der en log fil her C:lopR txt, som du godt må kopiere herind

LOP synes jeg har en del problemer med at køre - jeg har Vista, og nu har den kørt i ring (gennemsøgt de samme områder) over tre gange, samtidig med, at hver gang den skal begynde at søge i et nyt område popper der en fejl op:

Strengsøgningsværktøj (QGREP) er holdt op med at fungere; Luk programmet. For at komme videre i søgningen skal jeg selv lukke programmet, hvorefter den tilsyneladende uendelige søgecyklus kører videre.

Er det meningen?

--------------------\\  Lop S&D 4.2.5-0  XP/Vista

  Microsoft® Windows Vista™ Home Premium  ( v6.0.6001 ) Service Pack 1
  X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz )
  BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
  USER : Niclas ( Administrator )
  BOOT : Normal boot
  C:\ (Local Disk) - NTFS - Total:283 Go (Free:140 Go)
  D:\ (Local Disk) - NTFS - Total:298 Go (Free:297 Go)
  E:\ (Local Disk) - NTFS - Total:14 Go (Free:10 Go)
  F:\ (CD or DVD)
  G:\ (USB)
  H:\ (USB)
  I:\ (USB)
  J:\ (USB)
  K:\ (USB) - FAT32 - Total:1863 Mo (Free:0 Go)

  "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
  Option : [2] ( 2009-02-20|20:28 )

  [ UAC => 1 ]


  \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


  --------------------\\  Listing folders in Local

  [2009-02-19|17:01] C:\Users\Niclas\AppData\Local\Adobe
  [2009-02-20|14:15] C:\Users\Niclas\AppData\Local\Apple
  [2009-02-19|17:02] C:\Users\Niclas\AppData\Local\Apple Computer
  [2008-08-09|15:25] C:\Users\Niclas\AppData\Local\Application Data
  [2009-01-19|20:26] C:\Users\Niclas\AppData\Local\ApplicationHistory
  [2009-02-16|12:49] C:\Users\Niclas\AppData\Local\CurseClient
  [2008-12-27|16:06] C:\Users\Niclas\AppData\Local\d3d8caps.dat
  [2009-02-19|15:58] C:\Users\Niclas\AppData\Local\d3d9caps.dat
  [2009-02-20|19:59] C:\Users\Niclas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  [2008-09-07|19:23] C:\Users\Niclas\AppData\Local\Downloaded Installations
  [2009-01-19|20:22] C:\Users\Niclas\AppData\Local\fusioncache.dat
  [2008-08-15|12:58] C:\Users\Niclas\AppData\Local\GDIPFONTCACHEV1.DAT
  [2009-02-15|18:32] C:\Users\Niclas\AppData\Local\Google
  [2009-02-19|23:05] C:\Users\Niclas\AppData\Local\IconCache.db
  [2008-08-09|16:23] C:\Users\Niclas\AppData\Local\Logitech
  [2008-12-22|13:41] C:\Users\Niclas\AppData\Local\Microsoft
  [2008-09-24|19:17] C:\Users\Niclas\AppData\Local\Microsoft Help
  [2008-08-16|16:27] C:\Users\Niclas\AppData\Local\Mozilla
  [2008-08-09|15:25] C:\Users\Niclas\AppData\Local\Oversigt
  [2009-02-20|20:29] C:\Users\Niclas\AppData\Local\Temp
  [2008-08-09|15:25] C:\Users\Niclas\AppData\Local\Temporary Internet Files
  [2009-01-19|20:23] C:\Users\Niclas\AppData\Local\Turbine
  [2008-08-26|17:13] C:\Users\Niclas\AppData\Local\VirtualStore
  [2008-08-09|15:25] C:\Users\Niclas\AppData\Local\Windows SideShow
  [6|fil(er)] C:\Users\Niclas\AppData\Local\byte
  [20|mappe(r)] C:\Users\Niclas\AppData\Local\byte ledig

  --------------------\\  Scheduled Tasks located in C:\Windows\Tasks

  [2009-02-16 19:08][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
  [2009-02-20 19:28][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2222424339-3459818889-2464454366-1000.job
  [2008-11-15 01:00][--a------] C:\Windows\tasks\McDefragTask.job
  [2008-04-10 02:04][--a------] C:\Windows\tasks\McQcTask.job
  [2009-02-20 12:29][--ah-----] C:\Windows\tasks\SA.DAT
  [2009-02-19 23:05][--a------] C:\Windows\tasks\SCHEDLGU.TXT

  --------------------\\  Listing Folders in C:\ProgramData
 
  [2008-11-21|14:23] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
  [2009-02-16|19:04] C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
  [2008-08-31|11:55] C:\ProgramData\Adobe
  [2008-08-11|00:12] C:\ProgramData\Apple
  [2008-08-29|13:52] C:\ProgramData\Apple Computer
  [2008-08-09|15:21] C:\ProgramData\Application Data
  [2009-02-16|14:06] C:\ProgramData\avg8
  [2008-09-29|06:29] C:\ProgramData\Blizzard
  [2008-08-19|14:44] C:\ProgramData\Creative
  [2008-08-09|15:21] C:\ProgramData\Dokumenter
  [2008-09-07|19:24] C:\ProgramData\Electronic Arts
  [2008-08-10|13:46] C:\ProgramData\ezsidmv.dat
  [2008-08-09|15:21] C:\ProgramData\Favoritter
  [2008-08-09|15:28] C:\ProgramData\Google
  [2008-04-10|01:56] C:\ProgramData\InstallShield
  [2009-02-16|19:07] C:\ProgramData\Lavasoft
  [2008-08-09|16:22] C:\ProgramData\Logitech
  [2009-02-16|22:44] C:\ProgramData\Malwarebytes
  [2008-04-10|02:02] C:\ProgramData\McAfee
  [2008-08-09|15:21] C:\ProgramData\Menuen Start
  [2008-04-10|01:51] C:\ProgramData\Microsoft
  [2009-02-16|12:38] C:\ProgramData\Microsoft Help
  [2008-09-01|13:28] C:\ProgramData\NOS
  [2008-12-24|13:03] C:\ProgramData\NVIDIA
  [2009-02-05|18:11] C:\ProgramData\Office Genuine Advantage
  [2008-04-10|02:04] C:\ProgramData\Roxio
  [2008-08-09|15:21] C:\ProgramData\Skabeloner
  [2008-08-09|15:21] C:\ProgramData\Skrivebord
  [2009-02-17|20:12] C:\ProgramData\Skype
  [2008-04-10|01:59] C:\ProgramData\Sonic
  [2009-02-18|18:08] C:\ProgramData\Spybot - Search & Destroy
  [2009-02-20|12:30] C:\ProgramData\TEMP
  [2008-04-10|02:00] C:\ProgramData\Uninstall
  [2008-08-11|11:55] C:\ProgramData\WLInstaller
  [1|fil(er)] C:\ProgramData\byte
  [35|mappe(r)] C:\ProgramData\byte ledig

  --------------------\\  Listing Folders in C:\Program Files

  [2008-08-31|11:55] C:\Program Files\Adobe
  [2008-12-24|12:58] C:\Program Files\AGEIA Technologies
  [2008-08-14|17:25] C:\Program Files\Apple Software Update
  [2009-02-16|14:06] C:\Program Files\AVG
  [2009-02-16|13:45] C:\Program Files\Bonjour
  [2009-02-16|20:05] C:\Program Files\CCleaner
  [2009-02-17|20:13] C:\Program Files\Common Files
  [2008-04-10|01:44] C:\Program Files\Creative
  [2008-08-09|16:27] C:\Program Files\Creative Installation Information
  [2008-04-10|01:55] C:\Program Files\Dell
  [2009-01-23|22:48] C:\Program Files\directx
  [2009-01-13|20:15] C:\Program Files\DivX
  [2008-09-07|19:24] C:\Program Files\Electronic Arts
  [2008-08-09|15:21] C:\Program Files\Fælles filer [C:\Program Files\Common Files]
  [2008-10-04|13:01] C:\Program Files\GCFScape
  [2008-09-25|19:35] C:\Program Files\Google
  [2008-08-14|16:22] C:\Program Files\Gyldendal
  [2008-09-07|19:24] C:\Program Files\InstallShield Installation Information
  [2008-04-10|01:48] C:\Program Files\Intel
  [2009-01-19|20:21] C:\Program Files\Internet Explorer
  [2008-11-21|14:22] C:\Program Files\iPod
  [2008-11-21|14:23] C:\Program Files\iTunes
  [2008-04-10|01:42] C:\Program Files\Java
  [2009-02-16|19:03] C:\Program Files\Lavasoft
  [2008-08-09|16:22] C:\Program Files\Logitech
  [2009-02-16|22:44] C:\Program Files\Malwarebytes' Anti-Malware
  [2009-02-20|12:35] C:\Program Files\McAfee
  [2008-04-10|02:01] C:\Program Files\McAfee.com
  [2006-11-02|13:37] C:\Program Files\Microsoft Games
  [2008-09-24|15:32] C:\Program Files\Microsoft Office
  [2008-10-23|13:31] C:\Program Files\Microsoft Silverlight
  [2008-04-10|01:51] C:\Program Files\Microsoft Visual Studio
  [2008-04-10|01:51] C:\Program Files\Microsoft Works
  [2008-04-10|01:51] C:\Program Files\Microsoft.NET
  [2008-08-18|14:45] C:\Program Files\Movie Maker
  [2009-01-13|20:08] C:\Program Files\Mozilla Firefox
  [2006-11-02|13:37] C:\Program Files\MSBuild
  [2008-08-09|15:49] C:\Program Files\MSXML 4.0
  [2008-09-01|13:28] C:\Program Files\NOS
  [2008-04-10|01:44] C:\Program Files\OpenAL
  [2008-11-21|14:21] C:\Program Files\QuickTime
  [2008-08-09|16:20] C:\Program Files\Razer
  [2006-11-02|13:37] C:\Program Files\Reference Assemblies
  [2008-04-10|02:00] C:\Program Files\Roxio
  [2009-02-17|20:13] C:\Program Files\Skype
  [2009-02-17|15:38] C:\Program Files\Spybot - Search & Destroy
  [2009-02-20|19:59] C:\Program Files\Steam
  [2009-01-19|14:49] C:\Program Files\SystemRequirementsLab
  [2006-11-02|14:01] C:\Program Files\Uninstall Information
  [2008-10-04|18:36] C:\Program Files\Valve Hammer Editor
  [2008-11-11|20:30] C:\Program Files\Ventrilo
  [2008-08-11|16:15] C:\Program Files\VentriloMIX
  [2008-10-22|21:48] C:\Program Files\VideoLAN
  [2008-09-09|14:19] C:\Program Files\Warhammer Online BETA
  [2008-04-10|01:45] C:\Program Files\WIDCOMM
  [2008-08-18|14:45] C:\Program Files\Windows Calendar
  [2008-08-18|14:45] C:\Program Files\Windows Collaboration
  [2008-08-18|14:45] C:\Program Files\Windows Defender
  [2008-08-18|14:45] C:\Program Files\Windows Journal
  [2008-08-09|17:05] C:\Program Files\Windows Live
  [2008-09-21|14:08] C:\Program Files\Windows Live Safety Center
  [2009-02-16|12:38] C:\Program Files\Windows Mail
  [2008-08-18|14:45] C:\Program Files\Windows Media Player
  [2008-08-09|15:21] C:\Program Files\Windows NT
  [2008-08-18|14:45] C:\Program Files\Windows Photo Gallery
  [2008-08-18|14:45] C:\Program Files\Windows Sidebar
  [2008-08-20|19:19] C:\Program Files\WinRAR
  [2008-04-10|01:54] C:\Program Files\XPSMiniViewGadget
  [0|fil(er)] C:\Program Files\byte
  [70|mappe(r)] C:\Program Files\byte ledig

  --------------------\\  Listing Folders in C:\Program Files\Common Files

  [2008-08-31|11:54] C:\Program Files\Common Files\Adobe
  [2008-08-31|11:55] C:\Program Files\Common Files\Adobe AIR
  [2008-11-21|14:22] C:\Program Files\Common Files\Apple
  [2009-01-02|15:46] C:\Program Files\Common Files\Blizzard Entertainment
  [2008-04-10|01:44] C:\Program Files\Common Files\Creative
  [2008-08-18|20:58] C:\Program Files\Common Files\Creative Labs Shared
  [2008-04-10|01:51] C:\Program Files\Common Files\DESIGNER
  [2008-09-07|19:23] C:\Program Files\Common Files\InstallShield
  [2008-04-10|01:42] C:\Program Files\Common Files\Java
  [2008-04-10|02:01] C:\Program Files\Common Files\McAfee
  [2008-08-11|11:58] C:\Program Files\Common Files\microsoft shared
  [2008-10-17|15:00] C:\Program Files\Common Files\PX Storage Engine
  [2008-04-10|01:59] C:\Program Files\Common Files\Roxio Shared
  [2008-08-10|20:38] C:\Program Files\Common Files\Services
  [2009-02-17|20:13] C:\Program Files\Common Files\Skype
  [2008-04-10|02:00] C:\Program Files\Common Files\Sonic Shared
  [2006-11-02|12:18] C:\Program Files\Common Files\SpeechEngines
  [2009-02-20|19:54] C:\Program Files\Common Files\Steam
  [2008-04-10|01:58] C:\Program Files\Common Files\SureThing Shared
  [2008-08-18|14:45] C:\Program Files\Common Files\System
  [2008-08-11|11:57] C:\Program Files\Common Files\WindowsLiveInstaller
  [2008-12-24|12:58] C:\Program Files\Common Files\Wise Installation Wizard
  [0|fil(er)] C:\Program Files\Common Files\byte
  [24|mappe(r)] C:\Program Files\Common Files\byte ledig

  --------------------\\  Process

  ( 102 Processes )

  ... OK !

  --------------------\\  Searching with S_Lop

  No Lop folder found !

  --------------------\\  Searching for Lop Files - Folders

  No Lop folder found !

  --------------------\\  Searching within the Registry

  ..... OK !

  --------------------\\  Checking the Hosts file

  Hosts file CLEAN


  --------------------\\  Searching for hidden files with Catchme

  catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2009-02-20 20:44:20
  Windows 6.0.6001 Service Pack 1 NTFS
  scanning hidden processes ...
  scanning hidden files ...
  scan completed successfully
  hidden processes: 0
  hidden files: 2

  --------------------\\  Searching for other infections

  --------------------\\  Cracks & Keygens ..

  C:\Users\Niclas\Desktop\[ PC Games ] - Age of Empires II(FULL)(2)\crack.zip


  [F:335][D:9]-> C:\Users\Niclas\AppData\Local\Temp
  [F:58][D:1]-> C:\Users\Niclas\AppData\Roaming\MICROS~1\Windows\Cookies
  [F:136][D:4]-> C:\Users\Niclas\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
  [F:5][D:5]-> C:\$Recycle.Bin

  1 - "C:\Lop SD\LopR_1.txt" - 2009-02-20|23:30 - Option : [2]

  --------------------\\  Scan completed at 23:30:14
  [ UAC => 1 ]

Nej - det er ikke meningen. Slet dit Age of Empires crack - Hvis du kører med både McAfee og AVG antivirus afinstaller det ene.

Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri) til roden af C:drevet

Genstart i fejlsikret tilstand
Dobbeltklik (Husk at vælge 'kør som administrator') på C:\Smitfraud exe. Vælg option #2 - Clean.
Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . den kan findes her - C:\rapport.txt.

Den må du gerne kopiere herind

SmitFraudFix v2.398

Scan done at 14:05:42.06, 2009-02-22
Run from C:\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FDED905A-9F78-43A1-960D-175C4C835F2E}: DhcpNameServer=192.168.2.99
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FDED905A-9F78-43A1-960D-175C4C835F2E}: DhcpNameServer=192.168.2.99
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FDED905A-9F78-43A1-960D-175C4C835F2E}: DhcpNameServer=192.168.2.99
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.99
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.99
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.99


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Jeg vil gerne ha dig til at hente rn ny combofix og køre den med dette i cfscript.txt

------------------
Killall::

Snapshot::

------------------

Læg så loggen herind så jeg kan se den

ComboFix 09-02-24.01 - Niclas 2009-02-24 21:46:46.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.3069.1703 [GMT 1:00]
Kører fra: C:\Users\Niclas\Desktop\ComboFix.exe
Kommandoer benyttet :: C:\Users\Niclas\Desktop\cfscript.lnk
* Dannede nyt systemgendannelsespunkt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\404Fix.exe
C:\Windows\system32\Agent.OMZ.Fix.exe
C:\Windows\system32\dumphive.exe
C:\Windows\system32\IEDFix.C.exe
C:\Windows\system32\IEDFix.exe
C:\Windows\system32\o4Patch.exe
C:\Windows\system32\Process.exe
C:\Windows\system32\SrchSTS.exe
C:\Windows\system32\tmp.reg
C:\Windows\system32\VACFix.exe
C:\Windows\system32\VCCLSID.exe
C:\Windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-01-24 til 2009-02-24  )))))))))))))))))))))))))))))))))))
.

2009-02-22 14:05 . 2009-02-22 14:05    691    --a------    C:\Users\Niclas\AppData\Roaming\GetValue.vbs
2009-02-22 14:05 . 2009-02-22 14:05    35    --a------    C:\Users\Niclas\AppData\Roaming\SetValue.bat
2009-02-22 14:01 . 2009-02-22 14:11    <DIR>    d--------    C:\SmitfraudFix
2009-02-22 13:58 . 2009-02-22 13:58    1,662,588    --a------    C:\SmitfraudFix.exe
2009-02-20 20:28 . 2009-02-20 23:30    <DIR>    d--------    C:\Lop SD
2009-02-20 18:10 . 2009-02-20 18:10    <DIR>    d--------    C:\Windows\System32\Adobe
2009-02-18 20:52 . 2009-02-18 20:52    <DIR>    d--------    C:\Users\Niclas\AppData\Roaming\BitTorrent
2009-02-17 20:13 . 2009-02-17 20:13    <DIR>    d--------    C:\Program Files\Common Files\Skype
2009-02-16 22:44 . 2009-02-16 22:44    <DIR>    d--------    C:\Users\Niclas\AppData\Roaming\Malwarebytes
2009-02-16 22:44 . 2009-02-16 22:44    <DIR>    d--------    C:\ProgramData\Malwarebytes
2009-02-16 22:44 . 2009-02-16 22:44    <DIR>    d--------    C:\Program Files\Malwarebytes' Anti-Malware
2009-02-16 22:44 . 2009-02-11 10:19    38,496    --a------    C:\Windows\System32\drivers\mbamswissarmy.sys
2009-02-16 22:44 . 2009-02-11 10:19    15,504    --a------    C:\Windows\System32\drivers\mbam.sys
2009-02-16 20:05 . 2009-02-16 20:05    <DIR>    d--------    C:\Program Files\CCleaner
2009-02-16 19:15 . 2009-02-16 19:07    15,688    --a------    C:\Windows\System32\lsdelete.exe
2009-02-16 19:07 . 2009-02-16 19:06    64,160    --a------    C:\Windows\System32\drivers\Lbd.sys
2009-02-16 19:04 . 2009-02-16 19:04    <DIR>    d--h-c---    C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 19:03 . 2009-02-16 19:07    <DIR>    d--------    C:\ProgramData\Lavasoft
2009-02-16 19:03 . 2009-02-16 19:03    <DIR>    d--------    C:\Program Files\Lavasoft
2009-02-16 14:59 . 2009-02-21 12:21    <DIR>    d--h-----    C:\$AVG8.VAULT$
2009-02-16 14:07 . 2009-02-16 14:07    10,520    --a------    C:\Windows\System32\avgrsstx.dll.install_backup
2009-02-16 14:06 . 2009-02-22 13:01    <DIR>    d--------    C:\ProgramData\avg8
2009-02-16 14:06 . 2009-02-16 14:06    <DIR>    d--------    C:\Program Files\AVG
2009-02-16 12:41 . 2008-12-05 05:32    428,544    --a------    C:\Windows\System32\EncDec.dll
2009-02-16 12:41 . 2008-12-05 05:32    293,376    --a------    C:\Windows\System32\psisdecd.dll
2009-02-16 12:41 . 2008-12-05 05:31    217,088    --a------    C:\Windows\System32\psisrndr.ax
2009-02-16 12:41 . 2008-12-05 05:31    177,664    --a------    C:\Windows\System32\mpg2splt.ax
2009-02-16 12:41 . 2008-12-05 05:31    80,896    --a------    C:\Windows\System32\MSNP.ax
2009-02-15 18:39 . 2009-01-15 04:36    1,383,424    --a------    C:\Windows\System32\mshtml.tlb
2009-02-15 18:39 . 2009-01-15 07:11    827,392    --a------    C:\Windows\System32\wininet.dll
2009-02-05 18:11 . 2009-02-05 18:11    <DIR>    d--------    C:\ProgramData\Office Genuine Advantage
2009-02-05 17:30 . 2008-06-20 02:14    781,344    --a------    C:\Windows\System32\PresentationNative_v0300.dll
2009-02-05 17:30 . 2008-06-20 02:14    622,080    --a------    C:\Windows\System32\icardagt.exe
2009-02-05 17:30 . 2008-06-20 02:14    326,160    --a------    C:\Windows\System32\PresentationHost.exe
2009-02-05 17:30 . 2008-06-20 02:14    105,016    --a------    C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-05 17:30 . 2008-06-20 02:14    97,800    --a------    C:\Windows\System32\infocardapi.dll
2009-02-05 17:30 . 2008-06-20 02:14    43,544    --a------    C:\Windows\System32\PresentationHostProxy.dll
2009-02-05 17:30 . 2008-06-20 02:14    37,384    --a------    C:\Windows\System32\infocardcpl.cpl
2009-02-05 17:30 . 2008-06-20 02:14    11,264    --a------    C:\Windows\System32\icardres.dll
2009-02-05 17:25 . 2008-07-27 19:03    282,112    --a------    C:\Windows\System32\mscoree.dll
2009-02-05 17:25 . 2008-07-27 19:03    158,720    --a------    C:\Windows\System32\mscorier.dll
2009-02-05 17:25 . 2008-07-27 19:03    96,760    --a------    C:\Windows\System32\dfshim.dll
2009-02-05 17:25 . 2008-07-27 19:03    83,968    --a------    C:\Windows\System32\mscories.dll
2009-02-05 17:25 . 2008-07-27 19:03    41,984    --a------    C:\Windows\System32\netfxperf.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 20:56    ---------    d-----w    C:\Users\Niclas\AppData\Roaming\Skype
2009-02-24 19:33    ---------    d---a-w    C:\ProgramData\TEMP
2009-02-24 15:04    ---------    d-----w    C:\Users\Niclas\AppData\Roaming\skypePM
2009-02-22 15:31    ---------    d-----w    C:\Program Files\Steam
2009-02-21 13:22    ---------    d-----w    C:\Program Files\Common Files\Steam
2009-02-21 10:45    ---------    d-----w    C:\Program Files\McAfee
2009-02-18 17:08    ---------    d-----w    C:\ProgramData\Spybot - Search & Destroy
2009-02-17 19:13    ---------    d-----r    C:\Program Files\Skype
2009-02-17 19:12    ---------    d-----w    C:\ProgramData\Skype
2009-02-17 14:38    ---------    d-----w    C:\Program Files\Spybot - Search & Destroy
2009-02-16 12:45    ---------    d-----w    C:\Program Files\Bonjour
2009-02-16 11:38    ---------    d-----w    C:\ProgramData\Microsoft Help
2009-02-16 11:38    ---------    d-----w    C:\Program Files\Windows Mail
2009-02-05 16:24    ---------    d-----w    C:\Users\Niclas\AppData\Roaming\LimeWire
2009-01-23 21:48    ---------    d-----w    C:\Program Files\directx
2009-01-19 19:24    ---------    d-----w    C:\Users\Niclas\AppData\Roaming\Turbine
2009-01-19 13:49    ---------    d-----w    C:\Program Files\SystemRequirementsLab
2009-01-13 19:15    ---------    d-----w    C:\Program Files\DivX
2009-01-02 14:46    ---------    d-----w    C:\Program Files\Common Files\Blizzard Entertainment
2008-12-31 16:04    691,560    ----a-w    C:\Windows\System32\OGACheckControl.dll
2008-12-31 16:04    528,744    ----a-w    C:\Windows\System32\OGAVerify.exe
2008-12-31 16:04    502,120    ----a-w    C:\Windows\System32\OGAAddin.dll
2008-12-27 20:20    ---------    d-----w    C:\Users\Niclas\AppData\Roaming\dvdcss
2008-12-25 11:59    ---------    d-----w    C:\Users\Niclas\AppData\Roaming\DivX
2008-12-24 12:03    ---------    d-----w    C:\ProgramData\NVIDIA
2008-12-24 11:58    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-12-24 11:58    ---------    d-----w    C:\Program Files\AGEIA Technologies
2008-12-11 00:33    86,016    ----a-w    C:\Windows\System32\dpl100.dll
2008-12-11 00:33    200,704    ----a-w    C:\Windows\System32\dtu100.dll
2008-12-09 02:28    593,920    ----a-w    C:\Windows\System32\dpuGUI11.dll
2008-12-09 02:28    57,344    ----a-w    C:\Windows\System32\dpv11.dll
2008-12-09 02:28    344,064    ----a-w    C:\Windows\System32\dpus11.dll
2008-12-09 02:28    294,912    ----a-w    C:\Windows\System32\dpu11.dll
2008-09-08 18:23    3,739,136    ----a-w    C:\Users\Niclas\WAR Europe Downloader.exe
2008-08-18 13:53    174    --sha-w    C:\Program Files\desktop.ini
2008-08-10 12:46    56    ---ha-w    C:\ProgramData\ezsidmv.dat
.

(((((((((((((((((((((((((((((  SnapShot@2009-02-17_17.15.24.15  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-17 19:13:26    364,726    ----a-r    C:\Windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
- 2009-02-17 16:09:54    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-24 11:32:17    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-17 16:09:54    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-24 11:32:17    2,048    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-17 16:12:57    262,144    --sha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-24 11:33:15    262,144    --sha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-02-24 11:33:15    262,144    ---ha-w    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-17 16:13:08    262,144    --sha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-24 20:58:30    262,144    --sha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2009-02-24 20:58:30    262,144    ---ha-w    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2009-01-16 16:19:40    202,168    ----a-w    C:\Windows\System32\Adobe\Director\swdir.dll
+ 2009-01-16 16:19:58    67,000    ----a-w    C:\Windows\System32\Adobe\Director\SwDnld.exe
- 2009-02-17 16:13:05    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-24 20:58:35    16,384    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-17 16:13:05    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-24 20:58:35    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-17 16:13:05    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-24 20:58:35    32,768    --sha-w    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-17 16:06:09    262,144    ----a-w    C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-24 20:46:01    262,144    ----a-w    C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-24 20:46:01    262,144    ---ha-w    C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2009-02-17 14:45:23    96,202    ----a-w    C:\Windows\System32\perfc006.dat
+ 2009-02-24 11:38:35    96,202    ----a-w    C:\Windows\System32\perfc006.dat
- 2009-02-17 14:45:23    116,946    ----a-w    C:\Windows\System32\perfc009.dat
+ 2009-02-24 11:38:35    116,946    ----a-w    C:\Windows\System32\perfc009.dat
- 2009-02-17 14:45:23    502,090    ----a-w    C:\Windows\System32\perfh006.dat
+ 2009-02-24 11:38:35    502,090    ----a-w    C:\Windows\System32\perfh006.dat
- 2009-02-17 14:45:23    625,384    ----a-w    C:\Windows\System32\perfh009.dat
+ 2009-02-24 11:38:35    625,384    ----a-w    C:\Windows\System32\perfh009.dat
- 2009-02-17 14:45:16    6,900    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2222424339-3459818889-2464454366-1000_UserData.bin
+ 2009-02-24 11:34:31    8,004    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2222424339-3459818889-2464454366-1000_UserData.bin
- 2009-02-17 14:45:14    60,924    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-24 11:34:30    61,978    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-17 14:45:11    44,948    ----a-w    C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-24 11:34:29    46,762    ----a-w    C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot sat til dags dato --
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"Google Update"="C:\Users\Niclas\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-07 17:51 133104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]
"CurseClient"="C:\Program Files\Curse\CurseClient.exe" [BU]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-02-04 12:27 23975720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-04-10 01:42 77824]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 15:22 184320]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-06 11:15 1548288]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-10 01:55 1838592]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-12-14 14:25 244208]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-10-08 15:27 155648]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 00:30 1687824]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 01:08 2094352]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38 34672]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 19:12 111936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 10:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20 290088]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-11-12 14:54 13675040]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-11-12 14:54 92704]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 19:06 509784]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-08 00:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-02 15:18 23552 C:\Windows\System32\Ctxfihlp.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 11:43:38 715568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute    REG_MULTI_SZ      \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{01144B01-A2D4-419A-8808-4197F2A99891}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{01E78162-6A1D-43CC-A993-41D889DC45CD}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{BAF1E9F6-9C6F-428F-93DE-3541E77C9EDF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ECE5BAE9-88A9-4051-8008-247B3F8A1F42}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6D15D121-AAF7-40C8-A3B1-EEB1C9D49D29}"= UDP:C:\Program Files\Electronic Arts\EADM\Core.exe:EA Download Manager
"{584D8D03-2AF2-4ED6-B293-5EB844F566A2}"= TCP:C:\Program Files\Electronic Arts\EADM\Core.exe:EA Download Manager
"TCP Query User{6AFADBEF-47E7-4795-9826-C4E70C60BCEB}C:\\users\\niclas\\war europe downloader.exe"= UDP:C:\users\niclas\war europe downloader.exe:war europe downloader.exe
"UDP Query User{8C644EE3-6EE5-47B7-8750-E8DFA0BFBD66}C:\\users\\niclas\\war europe downloader.exe"= TCP:C:\users\niclas\war europe downloader.exe:war europe downloader.exe
"TCP Query User{27F05083-6855-4D71-833C-E3828141846C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8B7E9F6F-0A39-41F2-944E-16E58A8D447C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{081A9358-E925-4559-B6B9-B2FB1DAEEE74}C:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F36D4F45-56FE-4D35-B39A-A7FA59174DB7}C:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{3926CA42-B924-4B53-8C67-D3617868EFDE}C:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mtnimbty\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= UDP:C:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\mtnimbty\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"UDP Query User{BD028BF4-9206-4E50-BE20-A2CDF710CCA9}C:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mtnimbty\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= TCP:C:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\mtnimbty\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"{86F6E2E6-8EAD-41E5-84ED-948948BAE407}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{8BB74D3C-7D93-4362-B2F1-78643734609A}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{605B08D8-CDEB-4593-8108-E05ADF5EE5D2}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{D805950B-4103-4B16-8D9F-4B74981F23CE}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{7F346A26-2AEE-470C-85A1-A10938FAEA21}C:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\y2v75sf6\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= UDP:C:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\y2v75sf6\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"UDP Query User{A37E710A-AB35-4A7F-A965-BFCED7F3D4FA}C:\\users\\niclas\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\y2v75sf6\\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe"= TCP:C:\users\niclas\appdata\local\microsoft\windows\temporary internet files\content.ie5\y2v75sf6\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe:wow-2.4.3.8568-to-3.0.2.8916-engb-downloader[1].exe
"{37E38F86-201C-4AB8-A20D-52BE230B32AE}"= UDP:3724:Blizzard Downloader
"{2E47BA17-7FA2-4433-BBB4-CBCA89D25531}"= UDP:6112:Blizzard Downloader
"TCP Query User{BC47D3C7-BCE9-48D3-B957-52CDEF4FDCD0}C:\\users\\niclas\\program files\\dna\\btdna.exe"= UDP:C:\users\niclas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{1B350384-E7BE-4105-9B65-5630EA6B6165}C:\\users\\niclas\\program files\\dna\\btdna.exe"= TCP:C:\users\niclas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{6054F39D-A40B-4E5A-873C-8EA0DADAAE5A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50C9078E-D8DD-4FDE-9CF4-8E465A9BFE08}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{84C21360-05AD-4B2F-A12A-0E3B1AE097F8}C:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{3BBD807C-6C38-43FF-8B38-DA81B0971865}C:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{77B9B230-5A59-4655-A8A6-A174AE71AA5A}C:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"UDP Query User{9AF546EE-3C41-44E4-B453-9F60A998E865}C:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"TCP Query User{2119A476-EA69-451B-9C4E-51EA968710B6}C:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"UDP Query User{B668439D-7635-44E8-AEBE-B8409629446F}C:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"{8C382DA4-EA46-4F16-881C-4C1536B19498}"= UDP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader
"{A9AFF543-2CDB-45D8-A9C6-BBBAFBE36511}"= TCP:C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader
"{1C241DDB-E4FE-4F35-ABC5-2800813F570E}"= UDP:C:\Program Files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{0AA91392-838D-40F8-BA88-DA7044555B8F}"= TCP:C:\Program Files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{5F66BD21-9ED9-46C1-9817-E051B0432943}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C51779AE-01E2-4CFC-BD4E-680361EF685C}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{AA133A0B-61F6-415B-B388-8DA5F944B70A}C:\\program files\\tortun\\gui.exe"= UDP:C:\program files\tortun\gui.exe:gui
"UDP Query User{5B67FAFC-6FEB-49B6-8F0A-78A3E8855F67}C:\\program files\\tortun\\gui.exe"= TCP:C:\program files\tortun\gui.exe:gui
"{AD654001-4AED-4B38-93FF-CC0BF30A8CE6}"= UDP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{AE7CCBA0-36CE-41B0-971C-929D522399C6}"= TCP:C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A2494ABF-B0E6-4CA2-8AF9-2DF34E769A87}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{ED6C6D13-67A7-4F57-8992-36830EC9DF20}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{8A415C7D-9911-4C05-947B-7E152C0DA1DE}"= UDP:C:\Program Files\Curse\CurseClient.exe:Curse Client
"{8722A722-31D2-4F2E-9E23-7FD972749004}"= TCP:C:\Program Files\Curse\CurseClient.exe:Curse Client
"TCP Query User{CBA1F336-A750-4F9A-AE0B-B47FADFCEED8}C:\\users\\niclas\\program files\\dna\\btdna.exe"= UDP:C:\users\niclas\program files\dna\btdna.exe:btdna.exe
"UDP Query User{301D681A-F4D0-46E1-90B0-4141B3CEAE5F}C:\\users\\niclas\\program files\\dna\\btdna.exe"= TCP:C:\users\niclas\program files\dna\btdna.exe:btdna.exe
"TCP Query User{BE05EF37-5011-4237-BCF3-1036FAAC32C5}C:\\program files\\curse\\curseclient.exe"= UDP:C:\program files\curse\curseclient.exe:CurseClient
"UDP Query User{1CB8D9F1-115A-4B8F-BDB5-5712C03675A2}C:\\program files\\curse\\curseclient.exe"= TCP:C:\program files\curse\curseclient.exe:CurseClient
"TCP Query User{4F516DD8-0B16-45A5-8857-1E4C5899B246}C:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{ECCDC802-9F73-4271-AF23-36A01A23C2B5}C:\\program files\\steam\\steamapps\\angora\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\angora\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0D92C6CB-3007-4A6C-9C8C-3D1BE51AEB67}C:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= UDP:C:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"UDP Query User{17E97B21-351D-499E-838C-571E144581FC}C:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\empires2.exe"= TCP:C:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\empires2.exe:empires2.exe
"TCP Query User{12FCD64A-BE6F-4D46-B628-6A0948478F18}C:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\age2_x1.exe"= UDP:C:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\age2_x1.exe:age2_x1.exe
"UDP Query User{8D924025-E16D-432C-9C6B-CE0067DE3389}C:\\users\\niclas\\desktop\\[ pc games ] - age of empires ii(full)(2)\\age2_x1.exe"= TCP:C:\users\niclas\desktop\[ pc games ] - age of empires ii(full)(2)\age2_x1.exe:age2_x1.exe
"TCP Query User{84585480-E2C4-448D-BDF8-7E4ED6AE327C}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Hjælpeprogram til Microsoft DirectPlay
"UDP Query User{6ACCE5A2-930A-43BC-A265-95B46BF43A94}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Hjælpeprogram til Microsoft DirectPlay
"TCP Query User{A2404DC2-C632-47BB-AF43-7386A032E3CC}C:\\program files\\steam\\steamapps\\angora\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\source sdk base\hl2.exe:hl2
"UDP Query User{0A4BD918-B41C-40E8-95A7-056F66B74A17}C:\\program files\\steam\\steamapps\\angora\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\source sdk base\hl2.exe:hl2
"TCP Query User{3E354D3B-75C8-48B2-9B3A-B8F0990061FE}C:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"UDP Query User{C453A44F-8A6E-4CAD-9202-647998BB206F}C:\\program files\\steam\\steamapps\\angora\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\team fortress 2\hl2.exe:hl2
"TCP Query User{543F19F8-D071-4C11-8116-AF1FF9A9B0AF}C:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{AE9256E4-7440-4B74-BE8A-0D3DA17B89F7}C:\\program files\\steam\\steamapps\\angora\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{19A01615-14C4-4030-B7A5-15C432BD2522}C:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"UDP Query User{8009E03D-FF95-4058-BCAF-E12C2C4428F8}C:\\program files\\steam\\steamapps\\angora\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\angora\counter-strike source\hl2.exe:hl2
"TCP Query User{3281AD30-1BC6-470D-A752-73383DEACB0E}C:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:C:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{978D00CB-68BF-4984-BA43-5EB058F9A60B}C:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:C:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2009-02-16 19:07:05 64160]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2008-04-10 01:47:13 358936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 22:34:37 950096]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-17 15:11:22 1153368]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-12-14 14:25:22 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-12-14 14:25:20 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-18 20:58:49 79360]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-12-14 14:25:12 1112560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\dismount\command - L:\TrueCrypt\TrueCrypt.exe /q /d
\shell\mount\command - L:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\open\command - L:\TrueCrypt\TrueCrypt.exe /e /m rm /v "data"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6e904b8-a8c1-11dd-b8ee-001e4ce638c3}]
\shell\AutoRun\command - L:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\dismount\command - L:\TrueCrypt\TrueCrypt.exe /q /d
\shell\mount\command - L:\TrueCrypt\TrueCrypt.exe /q /a /e /m rm /v "data"
\shell\open\command - L:\TrueCrypt\TrueCrypt.exe /e /m rm /v "data"
.
Indhold af mappen 'Planlagte Opgaver'

2009-02-23 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 19:06]

2009-02-24 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2222424339-3459818889-2464454366-1000.job
- C:\Users\Niclas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-07 17:51]

2008-11-15 C:\Windows\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-04-10 C:\Windows\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Yderligere scanning -------
.
uStart Page = https://www.lectio.dk/lectio/61/SkemaGenerator.aspx?type=elev&id=1491250961
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - C:\Users\Niclas\AppData\Roaming\Mozilla\Firefox\Profiles\dj9oqvvy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.lectio.dk/lectio/61/SkemaGenerator.aspx?type=elev&id=1491250961
        1 fil(er) flyttet.
        1 fil(er) flyttet.
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Users\Niclas\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 21:58:36
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

[0] 0x1B120232

scanner skjulte autostarter ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CTxfiHlp = CTXFIHLP.EXE?

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-02-24 22:00:24
ComboFix-quarantined-files.txt  2009-02-24 21:00:21
ComboFix2.txt  2009-02-17 16:17:12

Pre-Kørsel: 157,517,234,176 byte ledig
Post-Kørsel: 156,757,737,472 byte ledig

341    --- E O F ---    2009-02-24 11:37:24

Jeg mener ikke der er nogen aktiv keylogger men hvis du fortsætter med cracks og fildeling kommer det sikkert igen!

Hej f-arn og tusind tak for din hjælp undervejs.

jeg vil tage jeres råd til mig og prøve at undgå virus i fremtiden.
Jeg takker for assistancen og for jeres tid.
Jeg vil nu turde at bruge min PC sådan rigtigt igen og benytter passwords og koder.

Tak
-Badehjelm

Velbekomme!