Hacker eller virus

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "fuld systemscanning" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind.

Hent http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis.
Kør HijackThis, klik på scan, kopier loggens tekst og send den herind.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:28, on 18-11-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kiss07\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PerfectDisk\PD91AgentS1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\HP_Gamers\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PVR Agent] C:\Programmer\PVR Plus\TVR\scheduled.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmer\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmer\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kiss07\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmer\Tthome\HOMERunner.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kiss07\SCIEPlgn.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~3\Kiss07\r3hook.dll,C:\PROGRA~3\Kiss07\adialhk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Programmer\Kiss07\avp.exe (file missing)
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\PerfectDisk\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\PerfectDisk\PD91Engine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

--
End of file - 9240 bytes

Malwarebytes' Anti-Malware 1.30
Database version: 1409
Windows 6.0.6001 Service Pack 1

18-11-2008 19:53:35
mbam-log-2008-11-18 (19-53-35).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 197099
Tid tilbagelagt: 47 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Siden det begyndte, er mine iconer begyndt at ændre sig i udseende. og henviser til ikke eksisterende filplaceringer. Jeg har været inde via en ren computer og ændre mine passwords.
Kan skittet gemme sig i min router. Jeg har aldrig hørt om det. men hvem ved?

Det er jo ikke alt der kan ses i en hijacklog så jeg foreslår du følger denne vejledning: http://www.eksperten.dk/artikler/1232

Skal lige inrømme, jeg kører Vista ultimate. Og jeg har prøvet alle trick for at rense min maskine, men den skaber sig stadig.

Jeg forstår ikke hvad du mener?

Jeg glemte at jeg havde skrevet at jeg bruger vista, undskyller den dobbelte info.
Det link du sendte har jeg veret inde på og har kørt de programmer der står om der.
Der blev vist fundet noget. Så loggen kommer her.

ComboFix 08-11-19.08 - HP_Gamers 2008-11-20 19:01:53.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate  6.0.6001.1.1252.1.1030.18.1092 [GMT 1:00]
Kører fra: c:\users\HP_Gamers\Desktop\ComboFix.exe
.
    /wow section - STAGE 1
Adgang nægtet.


(((((((((((((((((((((((((((((  Filer skabt fra 2008-10-20 til 2008-11-20  )))))))))))))))))))))))))))))))))))
.

2008-11-19 19:29 . 2008-11-19 19:28    102,664    --a------    c:\windows\System32\drivers\tmcomm.sys
2008-11-19 19:28 . 2008-11-19 19:29    <DIR>    d--------    c:\users\HP_Gamers\.housecall6.6
2008-11-18 20:59 . 2008-11-20 19:09    499,744    --ahs----    c:\windows\System32\drivers\fidbox2.dat
2008-11-18 20:59 . 2008-11-20 19:07    2,788    --ahs----    c:\windows\System32\drivers\fidbox2.idx
2008-11-18 20:50 . 2008-11-18 20:50    <DIR>    d--------    C:\Programmer
2008-11-18 20:44 . 2008-11-20 19:07    4,186,144    --ahs----    c:\windows\System32\drivers\fidbox.dat
2008-11-18 20:44 . 2008-11-20 19:07    34,832    --ahs----    c:\windows\System32\drivers\fidbox.idx
2008-11-18 20:03 . 2008-11-18 20:03    <DIR>    d--------    c:\users\HP_Gamers\AppData\Roaming\SUPERAntiSpyware.com
2008-11-18 20:03 . 2008-11-18 20:03    <DIR>    d--------    c:\program files\SUPERAntiSpyware
2008-11-18 05:56 . 2008-11-18 05:56    <DIR>    d--------    c:\users\HP_Gamers\AppData\Roaming\Malwarebytes
2008-11-18 05:56 . 2008-10-22 16:28    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-18 05:56 . 2008-10-22 16:28    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2008-11-18 05:55 . 2008-11-18 05:55    <DIR>    d--------    c:\users\All Users\Malwarebytes
2008-11-18 05:55 . 2008-11-18 05:55    <DIR>    d--------    c:\programdata\Malwarebytes
2008-11-18 05:55 . 2008-11-18 05:56    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2008-11-17 21:27 . 2008-11-17 21:47    <DIR>    d--------    c:\program files\Saint Paint
2008-11-17 21:27 . 2008-11-17 21:27    216,576    --a------    c:\windows\System32\SpoonUninstall.exe
2008-11-16 23:03 . 2008-11-18 18:09    <DIR>    d--------    c:\program files\WinWatermark 2.2
2008-11-16 18:48 . 2008-11-16 20:14    <DIR>    d--------    c:\program files\bitRipper
2008-11-16 10:46 . 2008-11-16 10:46    <DIR>    d--------    c:\program files\MSECache
2008-11-14 14:13 . 2008-11-14 14:14    <DIR>    d--------    c:\users\HP_Gamers\.oces
2008-11-14 14:01 . 2008-11-14 14:01    <DIR>    d--------    c:\users\All Users\Ahead
2008-11-14 14:01 . 2008-11-14 14:01    <DIR>    d--------    c:\programdata\Ahead
2008-11-13 11:05 . 2008-08-27 02:05    212,480    --a------    c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 11:04 . 2008-09-10 04:40    1,334,272    --a------    c:\windows\System32\msxml6.dll
2008-11-13 11:04 . 2008-09-05 06:14    1,191,936    --a------    c:\windows\System32\msxml3.dll
2008-11-09 17:20 . 2008-11-09 17:20    <DIR>    d--------    c:\users\All Users\SlySoft
2008-11-09 17:20 . 2008-11-09 17:20    <DIR>    d--------    c:\programdata\SlySoft
2008-11-08 21:00 . 2008-11-18 20:51    <DIR>    d--------    c:\program files\nLite
2008-11-08 02:10 . 2008-11-14 14:57    <DIR>    d--------    c:\program files\Common Files\Corel
2008-11-07 23:11 . 2008-10-16 22:13    1,809,944    --a------    c:\windows\System32\wuaueng.dll
2008-11-07 23:11 . 2008-10-16 21:56    1,524,736    --a------    c:\windows\System32\wucltux.dll
2008-11-07 23:11 . 2008-10-16 22:09    51,224    --a------    c:\windows\System32\wuauclt.exe
2008-11-07 23:11 . 2008-10-16 22:09    43,544    --a------    c:\windows\System32\wups2.dll
2008-11-07 23:10 . 2008-10-16 22:12    561,688    --a------    c:\windows\System32\wuapi.dll
2008-11-07 23:10 . 2008-10-16 14:08    162,064    --a------    c:\windows\System32\wuwebv.dll
2008-11-07 23:10 . 2008-10-16 21:55    83,456    --a------    c:\windows\System32\wudriver.dll
2008-11-07 23:10 . 2008-10-16 22:08    34,328    --a------    c:\windows\System32\wups.dll
2008-11-07 23:10 . 2008-10-16 13:56    31,232    --a------    c:\windows\System32\wuapp.exe
2008-11-07 13:16 . 2008-11-07 13:33    <DIR>    d--------    c:\users\HP_Gamers\AppData\Roaming\Red Alert 3
2008-11-07 12:52 . 2008-11-07 12:52    5,298    --a------    c:\windows\System32\ealregsnapshot1.reg
2008-11-07 11:38 . 2008-05-30 14:11    3,850,760    --a------    c:\windows\System32\D3DX9_38.dll
2008-11-07 11:38 . 2007-07-19 18:14    3,727,720    --a------    c:\windows\System32\d3dx9_35.dll
2008-11-07 11:38 . 2008-05-30 14:11    1,491,992    --a------    c:\windows\System32\D3DCompiler_38.dll
2008-11-07 11:38 . 2007-07-19 18:14    1,358,192    --a------    c:\windows\System32\D3DCompiler_35.dll
2008-11-07 11:38 . 2008-05-30 14:11    467,984    --a------    c:\windows\System32\d3dx10_38.dll
2008-11-07 11:38 . 2007-07-19 18:14    444,776    --a------    c:\windows\System32\d3dx10_35.dll
2008-10-28 23:58 . 2008-08-12 04:39    443,392    --a------    c:\windows\System32\win32spl.dll
2008-10-28 23:58 . 2008-09-18 05:56    147,456    --a------    c:\windows\System32\Faultrep.dll
2008-10-28 23:58 . 2008-09-18 05:56    125,952    --a------    c:\windows\System32\wersvc.dll
2008-10-26 11:59 . 2008-11-09 20:19    <DIR>    d--------    C:\Program
2008-10-25 22:35 . 2008-10-25 22:35    <DIR>    d--------    c:\program files\Hamachi
2008-10-25 22:35 . 2008-10-25 22:35    25,280    --a------    c:\windows\System32\drivers\hamachi.sys
2008-10-25 22:24 . 2008-11-13 23:36    <DIR>    d--------    c:\users\HP_Gamers\AppData\Roaming\Hamachi
2008-10-25 22:20 . 2008-11-13 21:22    <DIR>    d--------    c:\program files\Windows Live Safety Center
2008-10-23 22:35 . 2008-10-23 22:49    <DIR>    d--------    c:\program files\WinSCP
2008-10-23 22:00 . 2008-10-23 22:00    <DIR>    d--hs----    c:\windows\ftpcache
2008-10-23 22:00 . 2008-10-23 22:04    <DIR>    d--------    c:\program files\TV 2 NEWS
2008-10-21 10:23 . 2008-08-05 10:49    428,544    --a------    c:\windows\System32\EncDec.dll
2008-10-21 10:23 . 2008-08-05 10:49    293,376    --a------    c:\windows\System32\psisdecd.dll
2008-10-21 10:23 . 2008-08-05 10:48    217,088    --a------    c:\windows\System32\psisrndr.ax
2008-10-21 10:23 . 2008-08-05 10:48    177,664    --a------    c:\windows\System32\mpg2splt.ax
2008-10-21 10:23 . 2008-08-05 10:48    80,896    --a------    c:\windows\System32\MSNP.ax

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 16:01    ---------    d-----w    c:\programdata\Kaspersky Lab
2008-11-20 15:47    ---------    d-----w    c:\program files\IrfanView
2008-11-20 15:46    ---------    d-----w    c:\program files\Elaborate Bytes
2008-11-19 18:22    ---------    d-----w    c:\program files\BitComet
2008-11-18 20:13    96,976    ----a-w    c:\windows\system32\drivers\klin.dat
2008-11-18 20:13    87,855    ----a-w    c:\windows\system32\drivers\klick.dat
2008-11-18 19:03    ---------    d-----w    c:\program files\Common Files\Wise Installation Wizard
2008-11-16 16:12    ---------    d-----w    c:\programdata\DVD Shrink
2008-11-16 16:10    8,354    --sha-w    c:\windows\System32\KGyGaAvL.sys
2008-11-14 14:25    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\Corel
2008-11-14 13:57    ---------    d-----w    c:\program files\Corel
2008-11-14 13:33    ---------    d-----w    c:\program files\DVDVideoSoft
2008-11-14 13:33    ---------    d-----w    c:\program files\Common Files\DVDVideoSoft
2008-11-14 13:01    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\Ahead
2008-11-13 10:43    ---------    d-----w    c:\programdata\Microsoft Help
2008-11-13 10:37    ---------    d-----w    c:\program files\Synology Assistant
2008-11-13 10:32    ---------    d-----w    c:\program files\Synology Download Redirector
2008-11-11 11:51    ---------    d--h--w    c:\program files\InstallShield Installation Information
2008-11-09 16:17    ---------    d-----w    c:\program files\SlySoft
2008-11-06 08:58    ---------    d-----w    c:\program files\Common Files\Adobe
2008-10-30 20:34    ---------    d-----w    c:\program files\PrimoPDF
2008-10-25 09:42    ---------    d-----w    c:\program files\Microsoft Games
2008-10-22 10:27    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\MahJong Suite
2008-10-21 18:52    ---------    d-----w    c:\program files\Microsoft Silverlight
2008-10-19 21:14    ---------    d-----w    c:\program files\iFoxSoft
2008-10-19 17:13    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\Skype
2008-10-19 16:35    ---------    d-----w    c:\program files\PerfectDisk
2008-10-19 14:13    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\skypePM
2008-10-18 09:21    ---------    d-----w    c:\program files\VHS_DVD
2008-10-16 01:10    ---------    d-----w    c:\program files\Windows Mail
2008-10-16 00:36    ---------    d-----w    c:\program files\FLV Player
2008-10-14 00:35    ---------    d-----w    c:\programdata\Elaborate Bytes
2008-10-13 12:37    ---------    d-----w    c:\program files\UBISOFT
2008-10-12 15:56    ---------    d-----w    c:\program files\Common Files\Ahead
2008-10-12 15:55    ---------    d-----w    c:\programdata\Nero
2008-10-12 15:55    ---------    d-----w    c:\program files\Nero
2008-10-11 20:05    ---------    d-----w    c:\program files\DVD Shrink
2008-10-11 03:25    ---------    d-----w    c:\program files\Java
2008-10-09 06:53    ---------    d-----w    c:\program files\Microsoft SQL Server
2008-10-08 17:08    ---------    d-----w    c:\program files\Pando Networks
2008-10-08 16:07    ---------    d-----w    c:\program files\MainConcept
2008-10-08 15:32    ---------    d-----w    c:\programdata\Team MediaPortal
2008-10-08 15:32    ---------    d-----w    c:\program files\Team MediaPortal
2008-10-08 15:13    ---------    d-----w    c:\program files\Microsoft.NET
2008-10-07 11:58    ---------    d-----w    c:\program files\Jasc Software Inc
2008-10-07 11:55    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\Jasc
2008-10-07 08:54    ---------    d-----w    c:\programdata\InstallShield
2008-10-07 08:53    ---------    d-----w    c:\program files\Common Files\InstallShield
2008-10-04 15:24    ---------    d-----w    c:\programdata\Corel
2008-10-03 15:32    ---------    d-----w    c:\program files\Winamp
2008-10-02 03:49    827,392    ----a-w    c:\windows\System32\wininet.dll
2008-09-30 22:09    ---------    d--h--w    c:\program files\Zenographics
2008-09-30 22:09    ---------    d-----w    c:\program files\Hewlett-Packard
2008-09-30 15:43    1,286,152    ----a-w    c:\windows\System32\msxml4.dll
2008-09-29 12:36    ---------    d-----w    c:\program files\IncrediMail
2008-09-27 21:55    ---------    d--h--r    c:\users\HP_Gamers\AppData\Roaming\SecuROM
2008-09-27 21:43    107,888    ----a-w    c:\windows\System32\CmdLineExt.dll
2008-09-27 15:33    ---------    d-----w    c:\program files\OpenOffice.org 2.4
2008-09-27 14:32    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\Danware Data
2008-09-27 14:32    ---------    d-----w    c:\programdata\Danware Data
2008-09-27 14:32    ---------    d-----w    c:\program files\NetOp Remote Control
2008-09-27 00:01    ---------    d-----w    c:\program files\Flashplayer
2008-09-26 12:28    ---------    d-----w    c:\users\HP_Gamers\AppData\Roaming\OpenOffice.org2
2008-09-23 21:44    496,850    ----a-w    c:\windows\0607.zip
2008-09-23 21:41    ---------    d-----w    c:\program files\Kiss07
2008-09-23 19:22    ---------    d-----w    c:\programdata\Kaspersky Lab Setup Files
2008-09-23 15:09    ---------    d-----w    c:\programdata\NVIDIA
2008-09-22 21:44    ---------    d-----w    c:\program files\ASUS
2008-09-22 19:33    ---------    d-----w    c:\program files\Windows Live
2008-09-22 19:24    319,456    ----a-w    c:\windows\DIFxAPI.dll
2008-09-22 19:24    ---------    d-----w    c:\program files\Realtek
2008-09-22 19:23    315,392    ----a-w    c:\windows\HideWin.exe
2008-09-21 10:40    ---------    d-----w    c:\programdata\IM
2008-09-21 10:37    ---------    d-----w    c:\programdata\IncrediMail
2008-09-18 05:09    3,601,464    ----a-w    c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09    3,549,240    ----a-w    c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16    2,032,640    ----a-w    c:\windows\System32\win32k.sys
2008-09-09 11:49    230,152    ----a-w    c:\windows\System32\PDBoot.exe
2008-09-03 03:59    468,992    ----a-w    c:\windows\System32\newdev.dll
2008-09-03 03:58    74,752    ----a-w    c:\windows\System32\newdev.exe
2008-01-21 02:41    174    --sha-w    c:\program files\desktop.ini
2008-07-22 13:26    23    --sha-w    c:\windows\System32\edefceeff_z.dll
.

(((((((((((((((((((((((((((((  snapshot@2008-11-20_17.12.36.35  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-20 16:07:38    262,144    --sha-w    c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-20 18:08:21    262,144    --sha-w    c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-20 18:08:21    262,144    ---ha-w    c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-20 16:07:38    262,144    --sha-w    c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-20 18:08:21    262,144    --sha-w    c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-20 18:08:21    262,144    ---ha-w    c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-20 07:17:26    94,638    ----a-w    c:\windows\System32\perfc006.dat
+ 2008-11-20 16:14:49    94,638    ----a-w    c:\windows\System32\perfc006.dat
- 2008-11-20 07:17:26    118,694    ----a-w    c:\windows\System32\perfc009.dat
+ 2008-11-20 16:14:49    118,694    ----a-w    c:\windows\System32\perfc009.dat
- 2008-11-20 07:17:26    509,814    ----a-w    c:\windows\System32\perfh006.dat
+ 2008-11-20 16:14:49    509,814    ----a-w    c:\windows\System32\perfh006.dat
- 2008-11-20 07:17:26    633,688    ----a-w    c:\windows\System32\perfh009.dat
+ 2008-11-20 16:14:49    633,688    ----a-w    c:\windows\System32\perfh009.dat
- 2008-11-18 20:14:12    4,192    ----a-w    c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-11-20 18:06:51    4,574    ----a-w    c:\windows\System32\WDI\ERCQueuedResolutions.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-24 243072]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2008-08-29 6595912]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-06-16 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 87584]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVP"="c:\programmer\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

c:\users\HP_Gamers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2007-05-11 1070648]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-08-25 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\Kiss07\r3hook.dll,c:\progra~3\Kiss07\adialhk.dll,c:\progra~3\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~3\KASPER~1\KASPER~1\adialhk.dll,c:\progra~3\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= c:\progra~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.aasc"= c:\progra~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= c:\progra~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.yv12"= c:\progra~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= c:\progra~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"VIDC.I420"= emYUV.dll
"msacm.msaudio1"= c:\progra~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"msacm.iac2"= c:\progra~1\ACEMEG~1\SystemS\Intel\iac25_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2800752613-2858503531-3540732553-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1CB7DCFD-C6AF-49C7-B1B1-EE14DF2C1C25}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{EE9F4285-FC14-432F-9B19-6313A18E3ADE}c:\\ph_f320a\\flashfxp.exe"= UDP:c:\ph_f320a\flashfxp.exe:FlashFXP
"UDP Query User{B2E2C251-FD93-4DEF-AB84-C15DB3EE45C4}c:\\ph_f320a\\flashfxp.exe"= TCP:c:\ph_f320a\flashfxp.exe:FlashFXP
"{A1F27C16-8E20-44C4-BC8D-BD22DCD7AE77}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7A4D99F1-08DD-47B6-9B80-9418B1B64C6A}"= UDP:c:\program files\NetOp Remote Control\Guest\ngstw32.exe:NetOp Guest
"{5BDF1E2D-BE95-4265-B0C6-589AA6FA31D5}"= TCP:c:\program files\NetOp Remote Control\Guest\ngstw32.exe:NetOp Guest
"{78449030-B337-4F1C-9F70-138709C6ED95}"= UDP:c:\program files\NetOp Remote Control\Guest\ngstw32.exe:NetOp Guest
"{EAC1E090-304A-4540-A375-8B890460254D}"= TCP:c:\program files\NetOp Remote Control\Guest\ngstw32.exe:NetOp Guest
"{F8751919-B48D-4E22-A9AB-4AD3961AF7C9}"= Disabled:UDP:n:\skype\host\Skype.exe:Skype
"{4CB59724-CBC6-4888-80CB-E563C5D6744B}"= TCP:n:\skype\host\Skype.exe:Skype
"{C5490BD4-D024-4FE8-8FFF-822A525D3850}"= UDP:c:\program files\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{456D8BC9-829A-4549-BEB6-86CAD9F09453}"= TCP:c:\program files\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{6AB51F8B-1C0E-4D4A-B945-EFC9AC13E8F1}"= UDP:58518:Pando P2P TCP Listening Port
"{7C7F6EF9-D280-4FEC-A9CD-59DE9012B709}"= TCP:58518:Pando P2P UDP Listening Port
"{0E1CC32D-2EED-4A98-B877-02AC567F1795}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail
"{C95488E1-651E-4806-BD28-6D5C6BF34500}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImLc.exe:IncrediMail
"{2A0ED6D2-81E6-4C13-A0B7-4ABB9DA0FA28}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{B4E471FE-A2DB-44D3-B603-61397708FD74}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{B92031F9-91FE-4807-9CD9-6C4B2333D1A2}"= UDP:21785:BitComet 21785 TCP
"{D6249D98-B5E3-4A64-A5BD-BF5220AACA4A}"= TCP:21785:BitComet 21785 UDP
"{34A59A3B-A40D-472A-A24F-FDCD1D000FA7}"= UDP:58182:Pando P2P TCP Listening Port
"{5ACB71CB-4305-4DE1-8D3A-852721FE02FC}"= TCP:58182:Pando P2P UDP Listening Port
"{ABC73774-4F14-4126-BF06-BD21533D52AB}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{640BFF63-5157-4578-A567-944B4D637A19}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B150F652-F33C-4B99-BF56-726B5B5D3E47}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{86347134-0766-406F-AF49-036D6784A668}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{89DEEEB3-D8BA-42B4-8C12-99B4EE4F24B4}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9F5E0EC8-A7CE-438E-B549-1C41A2F72E7E}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{715A444B-7F59-4032-B2D9-E5D2F9BA7672}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{65D4409D-723F-4DA0-8472-8CE3D3CFCF01}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {E1C62344-044E-4294-A23C-762145618EDD}

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\Brother\BRAdmin Professional 3\bratimer.exe [2008-07-01 65536]
R2 PD91Agent;PD91Agent;"c:\program files\PerfectDisk\PD91Agent.exe" [2008-09-09 693512]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-10-08 2807936]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\DRIVERS\m4cxw2k3.sys [2005-03-10 227584]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 PD91Engine;PD91Engine;"c:\program files\PerfectDisk\PD91Engine.exe" [2008-09-09 906504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 1119616]
S4 ErrDev;Microsoft Hardware Error Device Driver;c:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;c:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ
WindowsMobile    REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ      WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\shell\AutoRun\command - j:\bin\ASSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Q:\Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec207cb-4813-11dd-b359-001731f7e92c}]
\shell\AutoRun\command - L:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b05d723-911b-11dd-b42e-001167c79aa8}]
\shell\AutoRun\command - N:\skype.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72178fb4-49a4-11dd-bb3f-001731f7e92c}]
\shell\AutoRun\command - N:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{817f05f3-530c-11dd-905f-001731f7e92c}]
\shell\AutoRun\command - L:\ClickMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb1ec994-6222-11dd-883b-001731f7e92c}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Q:\Info.exe protect.ed 480 480
.
.
------- Yderligere scanning -------
.
FireFox -: Profile - c:\users\HP_Gamers\AppData\Roaming\Mozilla\Firefox\Profiles\ri26s9ky.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.synology.com/enu/forum/
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 19:08:48
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...


c:\users\HP_GAM~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\users\HP_Gamers\AppData\Roaming\Microsoft\Windows\Cookies\Low\hp_gamers@mystart.incredimail[2].txt 246 bytes
c:\users\HP_Gamers\AppData\Local\Temp\~DF5D4B.tmp
c:\users\HP_Gamers\AppData\Local\Temp\~DF5DAA.tmp


**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\BRSVC01A.EXE
c:\windows\System32\BRSS01A.EXE
c:\program files\ASUS\AASP\1.00.33\aaCenter.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\WUDFHost.exe
c:\program files\PerfectDisk\PD91AgentS1.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2008-11-20 19:12:42 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2008-11-20 18:12:39
ComboFix2.txt  2008-11-20 16:14:12

Pre-Kørsel: 70.273.843.200 byte ledig
Post-Kørsel: 70,207,053,824 byte ledig

359    --- E O F ---    2008-11-18 02:00:38

Lukker, reformaterer harddisk.