CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede grandslam Nybegynder
24. december 2010 - 16:50 Der er 15 kommentarer

Leder efter keylogger

Hej eksperter.

I går morges blev jeg hacked i wow.
Det er ikke første gang det er sket og jeg er klar over jeg burde have en authenticator hvilket jeg da også vil anskaffe mig nu.

Udover min wow account blev hacked blev 2 af mine emails og hacked.

Jeg Har allerede besluttet mig for at lave nyt af alt (email passwords til netbank osv), men jeg vil ikke gøre dette før jeg er sikker på jeg ikke længere har en keylogger på min computer.

Jeg har kørt en del forskellige scans:
AVG free - fandt intet
Super antispyware - fandt 24 filer (er fjernet)
Sophos anti-rootkit - fandt noget (er fjernet)
Kører ad-aware i øjeblikket - Har lige pt fundet 1 trussel

Har derudover hentet en ny firewall (har blot brugt windows firewall indtil nu men den gør det tilsyneladende ikke godt nok)
ved navn comodo firewall.
Ved første opstart efter instalation fandt den et par exe filer der prøvede at starte op ved opstartet og 1 af dem kan jeg ikke finde ud af hvad er. Den er nævnt i hijackthis loggen men om muligt vil jeg meget gerne vide hvad det er.
Filen den ville blocke hed xInsIDE og lå i mappen RaidTools i windows mappen.

Jeg håbede på en venlig ekspert ville kigge min hijackthis fil igennem for at se om der evt er noget at finde der.
Har hørt at man evt kunne bruge et program ved navn MBAM til at lave en liste ála hijackthis hvilket også kunne være brugbart så jeg lægger den med også.

På forhånd tak.
Avatar billede grandslam Nybegynder
24. december 2010 - 16:51 #1
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:07, on 24-12-2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe
C:\Program Files (x86)\ROCCAT\Kone
  • Mouse\Kone[+]Monitor.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Daniel\Desktop\spyware\Hijack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"
O4 - HKLM\..\Run: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone
  • Mouse\Kone[+]Monitor.EXE"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6715AC67-5EFE-4718-9D27-91C5D4D4D387}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{6715AC67-5EFE-4718-9D27-91C5D4D4D387}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{6715AC67-5EFE-4718-9D27-91C5D4D4D387}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10772 bytes
Avatar billede grandslam Nybegynder
24. december 2010 - 16:52 #2
Logfile created: 24-12-2010 16:04:14
Ad-Aware version: 9.0.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Daniel

*********************** Definitions database information ***********************
Lavasoft definition file: 150.215
Genotype definition file version: 2010/12/22 17:00:32
Extended engine definition file: 7801.0

******************************** Scan results: *********************************
Scan profile name: Full Scan  (ID: full)
Objects scanned: 108354
Objects detected: 21


Type              Detected
==========================
Processes.......:        0
Registry entries:        0
Hostfile entries:        0
Files...........:        1
Folders.........:        0
LSPs............:        0
Cookies.........:      20
Browser hijacks.:        0
MRU objects.....:        0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
Description: *apmebf* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409163 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409130 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *hit.gemius* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409369 Family ID: 0
Description: *mediaplex* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408991 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409131 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0

Quarantined items:
Description: c:\program files\winrar\default.sfx Family Name: Win32.Trojan.Refroso Engine: 1 Clean status: Success Item ID: 0 Family ID: 1111619 MD5: d4b614f7b91f57a78aa099dafb5fd835

Scan and cleaning complete: Finished correctly after 2491 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
  ID: folderstoscan, enabled:1, value: C:\
  ID: useantivirus, enabled:1, value: true
  ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
      ID: closebrowsers, enabled:1, value: false
  ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
      ID: time, enabled:1, value: Fri Dec 24 15:58:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
      ID: time, enabled:1, value: Fri Dec 24 21:58:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
      ID: time, enabled:1, value: Fri Dec 24 03:58:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
      ID: time, enabled:1, value: Fri Dec 24 09:58:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
      ID: time, enabled:1, value: Fri Dec 24 15:58:00 2010
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: true
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: true
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value:
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: autoentertainmentmode, enabled:1, value: true
  ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
  ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
    ID: maintainbackup, enabled:1, value: true
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
  ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: false
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: DANIEL-PC
Processor name: Intel(R) Core(TM) i7 CPU        950  @ 3.07GHz
Processor identifier: Intel64 Family 6 Model 26 Stepping 5
Processor speed: ~3073MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 6661, number of processors 8, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 4302626816 bytes
Physical memory total: 6433132544 bytes
Virtual memory available: 1816891392 bytes
Virtual memory total: 2147352576 bytes
Memory load: 33%
Microsoft  (build 7600)
Windows startup mode:

Running processes:
PID: 372 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 464 name: C:\PROGRA~2\AVG\AVG10\avgchsva.exe owner: SYSTEM domain: NT AUTHORITY
PID: 520 name: C:\PROGRA~2\AVG\AVG10\avgrsa.exe owner: SYSTEM domain: NT AUTHORITY
PID: 748 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 816 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 840 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 884 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 920 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 932 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 940 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 424 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 728 name: C:\Windows\System32\svchost.exe owner: NETVÆRKSTJENESTE domain: NT AUTHORITY
PID: 1092 name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1164 name: C:\Windows\System32\svchost.exe owner: NETVÆRKSTJENESTE domain: NT AUTHORITY
PID: 1212 name: C:\Windows\System32\svchost.exe owner: LOKAL TJENESTE domain: NT AUTHORITY
PID: 1256 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1308 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1408 name: C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1472 name: C:\Windows\System32\svchost.exe owner: LOKAL TJENESTE domain: NT AUTHORITY
PID: 1592 name: C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1604 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1620 name: C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1828 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1936 name: C:\Windows\System32\dwm.exe owner: Daniel domain: Daniel-Pc
PID: 1960 name: C:\Windows\explorer.exe owner: Daniel domain: Daniel-Pc
PID: 1132 name: C:\Program Files\Logitech\SetPointP\SetPoint.exe owner: Daniel domain: Daniel-Pc
PID: 1684 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1812 name: C:\Windows\System32\taskhost.exe owner: Daniel domain: Daniel-Pc
PID: 1548 name: C:\Windows\System32\svchost.exe owner: LOKAL TJENESTE domain: NT AUTHORITY
PID: 2156 name: C:\Windows\System32\taskeng.exe owner: Daniel domain: Daniel-Pc
PID: 2208 name: C:\Program Files\SUPERAntiSpyware\SASCore64.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2312 name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe owner: Daniel domain: Daniel-Pc
PID: 2332 name: C:\Program Files (x86)\Steam\Steam.exe owner: Daniel domain: Daniel-Pc
PID: 2344 name: C:\Program Files (x86)\Skype\Phone\Skype.exe owner: Daniel domain: Daniel-Pc
PID: 2372 name: C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2444 name: C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2472 name: C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2516 name: C:\Windows\SysWOW64\PnkBstrA.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2548 name: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2652 name: C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2424 name: C:\Program Files (x86)\AVG\AVG10\avgnsa.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3128 name: C:\Program Files (x86)\AVG\AVG10\avgemca.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3140 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3720 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Daniel domain: Daniel-Pc
PID: 3920 name: C:\Windows\System32\svchost.exe owner: NETVÆRKSTJENESTE domain: NT AUTHORITY
PID: 3976 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3284 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3692 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3972 name: C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe owner: Daniel domain: Daniel-Pc
PID: 4648 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETVÆRKSTJENESTE domain: NT AUTHORITY
PID: 4780 name: C:\Windows\System32\svchost.exe owner: LOKAL TJENESTE domain: NT AUTHORITY
PID: 4944 name: C:\Windows\System32\svchost.exe owner: LOKAL TJENESTE domain: NT AUTHORITY
PID: 4124 name: C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe owner: Daniel domain: Daniel-Pc
PID: 4732 name: C:\Program Files (x86)\Common Files\Steam\SteamService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5980 name: C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe owner: Daniel domain: Daniel-Pc
PID: 6008 name: C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe owner: Daniel domain: Daniel-Pc
PID: 2740 name: C:\Program Files (x86)\AVG\AVG10\avgtray.exe owner: Daniel domain: Daniel-Pc
PID: 1784 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: Daniel domain: Daniel-Pc
PID: 1728 name: C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe owner: Daniel domain: Daniel-Pc
PID: 5328 name: C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe owner: Daniel domain: Daniel-Pc
PID: 5388 name: C:\Windows\System32\sppsvc.exe owner: NETVÆRKSTJENESTE domain: NT AUTHORITY
PID: 5380 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETVÆRKSTJENESTE domain: NT AUTHORITY
PID: 5296 name: C:\Windows\System32\conhost.exe owner: Daniel domain: Daniel-Pc
PID: 3252 name: C:\Program Files (x86)\ROCCAT\Kone
  • Mouse\Kone[+]Monitor.exe owner: Daniel domain: Daniel-Pc
PID: 456 name: C:\Windows\System32\taskhost.exe owner: LOKAL TJENESTE domain: NT AUTHORITY
PID: 1896 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Daniel domain: Daniel-Pc
PID: 3312 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4204 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4088 name: C:\Windows\System32\SearchProtocolHost.exe owner: Daniel domain: Daniel-Pc
PID: 5652 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY

Startup items:
Name: CtxfiReg
          imagepath: CTXFIREG.exe /FAIL1
Name: JMB36X IDE Setup
          imagepath: C:\Windows\RaidTool\xInsIDE.exe
Name: NUSB3MON
          imagepath: "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Name: BCU
          imagepath: "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
Name: UpdReg
          imagepath: C:\Windows\UpdReg.EXE
Name: CTxfiHlp
          imagepath: CTXFIHLP.EXE
Avatar billede Computer Hjælp (Gratis) Mester
24. december 2010 - 17:03 #3
Lige en hurtig ->

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind...
Avatar billede grandslam Nybegynder
24. december 2010 - 17:16 #4
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5388

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24-12-2010 17:07:41
mbam-log-2010-12-24 (17-07-41).txt

Skanningstype: Fuldstændig skanning (C:\|E:\|F:\|)
Objekter skannet: 238629
Tid gået: 14 minut(ter), 20 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)
Avatar billede Slettet bruger
24. december 2010 - 19:26 #5
Måske var det også noget med en key scrambler? her er noget at se på.
http://www.google.dk/search?q=key+scrambler&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Avatar billede grandslam Nybegynder
24. december 2010 - 23:27 #6
karise_larry:
Jeg har ccleaner og bruger den ofte.
Dejligt program og tak for tippet ellers

Oldgammel:
Udmærket ide. Har prøvet at hente gratis versionen, men jeg ville nu stadig være glad for at vide om jeg har en keylogger liggende.
Du ved, just in case.
Avatar billede Slettet bruger
25. december 2010 - 03:14 #7
Ja uhada, bliv endelig af med en eventuel keylogger.
Så vidt jeg har læst, er Avast free bedre end AVG free. Så hvis det har interesse: http://www.avast.com/en-eu/free-antivirus-download
Avatar billede Slettet bruger
25. december 2010 - 03:21 #8
Der er også denne her til at rydde op. Den er ikke real time, så den forhindrer ikke snavs kommer ind, men når man selv starter den, er den god til at finde snavset. http://www.spywarefri.dk/software/superantispyware-free/
Avatar billede Slettet bruger
25. december 2010 - 03:30 #9
Ps. Til win7 skal det vist være denne her:
http://www.superantispyware.com/superantispyware.html
Avatar billede f-arn Guru
25. december 2010 - 07:23 #10
Ang xInsIDE.exe ->

http://www.bleepingcomputer.com/startups/xInsIDE.exe-21960.html

------

Sophos anti-rootkit - fandt noget (er fjernet)

Hvad fandt den ?

------

Hent og kør DDS.

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt  herind.
Avatar billede grandslam Nybegynder
25. december 2010 - 12:12 #11
Til oldgammel:
Vil jeg prøve. Har brugt avg så længe jeg kan huske men hvis andre programmer er mere effektive bruger jeg da helt sikkert hellere dem :)

f-arn:
Jeg kan ikke huske hvad sophos fandt, ellers havde jeg skrevet det og den gemmer desværre ikke logs så jeg kan ikke engang finde ud af det nu.
Det eneste jeg kan fortælle er at sophos fjerner root-kits så det er vel det den har fundet. Ved godt det ikke er særlig behjælpeligt :(
Avatar billede grandslam Nybegynder
25. december 2010 - 12:13 #12
f-arn dds:


DDS (Ver_10-12-12.02) - NTFS_AMD64 
Run by Daniel at 12:07:07,87 on 25-12-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.45.1030.18.6135.3942 [GMT 1:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe
C:\Program Files (x86)\ROCCAT\Kone
  • Mouse\Kone[+]Monitor.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3VIZWEC\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.dk/
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\Fan Xpert\QFanHelp.exe"
mRun: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone
  • Mouse\Kone[+]Monitor.EXE"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: {6715AC67-5EFE-4718-9D27-91C5D4D4D387} = 156.154.70.22,156.154.71.22
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-12-24 69152]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-9-10 249496]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-9-10 33208]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1389400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-10-21 592120]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-14 230424]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-14 1445912]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-14 95256]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-7-14 1613336]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2010-12-24 130696]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17440]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-28 347680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-11-28 517448]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-28 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-14 230424]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-14 1445912]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-14 95256]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\14AB.tmp [2010-12-24 6144]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-28 1255736]

=============== Created Last 30 ================

2010-12-24 22:21:26    130696    ----a-w-    C:\Windows\System32\drivers\keyscrambler.sys
2010-12-24 22:21:26    --------    d-----w-    C:\Program Files (x86)\KeyScrambler
2010-12-24 15:52:49    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\Malwarebytes
2010-12-24 15:52:45    38224    ----a-w-    C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-24 15:52:45    20    ----a-w-    C:\Windows\SysWow64\drivers\IS-L2ATS.TMP
2010-12-24 15:52:45    --------    d-----w-    C:\PROGRA~3\Malwarebytes
2010-12-24 15:52:42    24152    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2010-12-24 15:52:42    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-24 15:45:48    15880    ----a-w-    C:\Windows\System32\lsdelete.exe
2010-12-24 14:58:47    69152    ----a-w-    C:\Windows\System32\drivers\Lbd.sys
2010-12-24 14:58:45    49752    ----a-w-    C:\Windows\System32\drivers\SBREDrv.sys
2010-12-24 14:58:22    --------    d-----w-    C:\Users\Daniel\AppData\Local\Sunbelt Software
2010-12-24 14:57:48    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2010-12-24 14:56:42    --------    dc-h--w-    C:\PROGRA~3\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-24 14:40:39    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\AVG
2010-12-24 14:30:52    --------    d-----w-    C:\Program Files\COMODO
2010-12-24 14:30:07    --------    d-----w-    C:\PROGRA~3\Comodo
2010-12-24 10:38:03    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\SUPERAntiSpyware.com
2010-12-24 10:38:03    --------    d-----w-    C:\PROGRA~3\SUPERAntiSpyware.com
2010-12-24 10:37:56    --------    d-----w-    C:\PROGRA~3\!SASCORE
2010-12-24 10:37:54    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2010-12-24 10:35:28    18816    ------w-    C:\Windows\SysWow64\SAVRKBootTasks.sys
2010-12-24 10:24:16    6144    ------w-    C:\Windows\System32\14AB.tmp
2010-12-24 10:23:24    6144    ------w-    C:\Windows\System32\498F.tmp
2010-12-24 10:23:15    --------    d-----w-    C:\Program Files (x86)\Sophos
2010-12-23 13:49:06    --------    d-----w-    C:\Windows\System32\appmgmt
2010-12-22 15:32:47    --------    d-----w-    C:\PROGRA~3\ROCCAT
2010-12-22 15:32:19    --------    d-----w-    C:\Program Files (x86)\ROCCAT
2010-12-22 15:32:07    --------    d-----w-    C:\PROGRA~3\3rd Eye Solutions
2010-12-21 04:58:22    176488    ----a-w-    C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-06 21:00:40    --------    d-----w-    C:\Users\Daniel\AppData\Local\Apps
2010-12-06 21:00:39    --------    d-----w-    C:\Users\Daniel\AppData\Local\Deployment
2010-12-02 21:11:40    978944    ----a-w-    C:\Windows\System32\msvcp71.dll
2010-12-02 21:11:40    520192    ----a-w-    C:\Windows\System32\msvcr71.dll
2010-12-02 21:11:40    403456    ----a-w-    C:\Windows\System32\nvcpl.cpl
2010-12-02 21:11:40    381952    ----a-w-    C:\Windows\System32\nvexpBar.dll
2010-12-02 21:11:40    372736    ----a-w-    C:\Windows\System32\NVUNINST.EXE
2010-12-02 21:11:40    2065920    ----a-w-    C:\Windows\System32\nvcplUI.exe
2010-12-02 21:11:40    1524736    ----a-w-    C:\Windows\System32\MFC71.dll
2010-12-02 21:11:40    1064448    ----a-w-    C:\Windows\System32\nvcplUIR.dll
2010-12-02 21:11:29    --------    d-----w-    C:\Users\Daniel\AppData\Local\NVIDIA Corporation
2010-12-02 21:10:36    --------    d-----w-    C:\Program Files (x86)\NVIDIA nTune Performance Application
2010-12-01 18:39:08    270904    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2010-12-01 18:39:05    --------    d-----w-    C:\Users\Daniel\AppData\Local\PunkBuster
2010-12-01 18:38:17    270904    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2010-12-01 18:38:17    215128    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2010-12-01 18:38:16    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2010-12-01 18:38:16    2434856    ----a-w-    C:\Windows\SysWow64\pbsvc_bc2.exe
2010-12-01 17:29:49    --------    d-----w-    C:\Users\Daniel\AppData\Local\ElevatedDiagnostics
2010-12-01 17:09:42    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2010-12-01 17:07:38    --------    d-----w-    C:\NVIDIA
2010-12-01 17:03:45    315904    ----a-w-    C:\Windows\SysWow64\Difx198a.rra
2010-12-01 16:58:56    --------    d-----w-    C:\Users\Daniel\Program Files (x86)
2010-12-01 16:57:15    --------    d-----w-    C:\Program Files (x86)\SystemRequirementsLab
2010-12-01 16:25:29    --------    d-----w-    C:\Users\Daniel\AppData\Local\PassMark
2010-12-01 16:25:17    540688    ----a-w-    C:\Windows\System32\d3dx10_39.dll
2010-12-01 16:25:17    1942552    ----a-w-    C:\Windows\System32\D3DCompiler_39.dll
2010-12-01 16:25:16    4992520    ----a-w-    C:\Windows\System32\D3DX9_39.dll
2010-12-01 16:25:07    --------    d-----w-    C:\PROGRA~3\Passmark
2010-12-01 16:20:56    --------    d-----w-    C:\Program Files (x86)\CPU Speed Pro
2010-12-01 16:09:35    --------    d-----w-    C:\PROGRA~3\Futuremark
2010-12-01 16:03:55    --------    d-----w-    C:\Program Files (x86)\Common Files\Futuremark Shared
2010-12-01 15:11:21    24576    ----a-r-    C:\Windows\SysWow64\AsIO.dll
2010-12-01 15:11:21    13440    ----a-r-    C:\Windows\SysWow64\drivers\AsIO.sys
2010-12-01 15:11:15    11832    ----a-w-    C:\Windows\SysWow64\drivers\AsInsHelp64.sys
2010-12-01 15:11:15    10216    ----a-w-    C:\Windows\SysWow64\drivers\AsInsHelp32.sys
2010-12-01 15:11:15    --------    d-----w-    C:\Program Files (x86)\ASUS
2010-12-01 15:10:59    77824    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2010-12-01 15:10:59    32768    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2010-12-01 15:10:59    225280    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2010-12-01 15:10:59    176128    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2010-12-01 13:28:36    53248    ----a-r-    C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-01 13:28:11    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2010-12-01 13:26:52    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\Logishrd
2010-11-30 22:55:42    --------    d-----w-    C:\Program Files\CCleaner
2010-11-30 22:54:59    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2010-11-30 15:25:45    834544    ----a-w-    C:\Windows\System32\drivers\sptd.sys
2010-11-30 15:25:29    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2010-11-30 15:24:50    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
2010-11-30 15:24:47    --------    d-----w-    C:\PROGRA~3\DAEMON Tools Lite
2010-11-30 03:14:07    --------    d-----w-    C:\Program Files (x86)\uTorrent
2010-11-30 03:13:23    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\uTorrent
2010-11-30 03:12:39    --------    d-----w-    C:\Users\Daniel\AppData\Local\Cisco
2010-11-30 03:11:51    --------    d-----w-    C:\Program Files (x86)\Cisco
2010-11-30 03:11:28    --------    d-----w-    C:\PROGRA~3\Cisco
2010-11-29 11:46:04    472808    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2010-11-29 10:03:00    --------    d-----r-    C:\Users\Daniel\Musik
2010-11-28 19:11:31    --------    d-----w-    C:\PROGRA~3\Blizzard Entertainment
2010-11-28 19:10:29    --------    d-----w-    C:\Program Files (x86)\Common Files\Blizzard Entertainment
2010-11-28 18:51:08    --------    d-----w-    C:\Program Files\World of Warcraft
2010-11-28 18:17:20    --------    d-----r-    C:\Program Files (x86)\Skype
2010-11-28 18:16:35    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2010-11-28 18:16:33    --------    d-----w-    C:\Program Files (x86)\Steam
2010-11-28 18:16:03    --------    d-----w-    C:\Program Files\Ventrilo
2010-11-28 18:15:48    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-11-28 18:14:43    --------    d-----w-    C:\Users\Daniel\AppData\Roaming\AVG10
2010-11-28 18:14:05    --------    d--h--w-    C:\PROGRA~3\Common Files
2010-11-28 18:14:02    --------    d-----w-    C:\PROGRA~3\AVG Security Toolbar
2010-11-28 18:13:53    --------    d-----w-    C:\Windows\SysWow64\drivers\AVG
2010-11-28 18:13:28    --------    d-----w-    C:\Windows\System32\drivers\AVG
2010-11-28 18:13:28    --------    d-----w-    C:\PROGRA~3\AVG10
2010-11-28 18:13:01    --------    d-----w-    C:\Program Files (x86)\AVG
2010-11-28 18:07:36    --------    d-----w-    C:\PROGRA~3\MFAData
2010-11-28 17:23:20    90112    ------w-    C:\Windows\Updreg.EXE
2010-11-28 17:22:39    --------    d-----w-    C:\Program Files\Creative
2010-11-28 17:22:35    --------    d-----w-    C:\Program Files (x86)\Common Files\Creative
2010-11-28 17:22:30    --------    d--h--w-    C:\Program Files (x86)\Creative Installation Information
2010-11-28 17:22:02    113152    ----a-w-    C:\Windows\System32\cttele64.dll
2010-11-28 17:22:02    106496    ----a-w-    C:\Windows\SysWow64\cttele32.dll
2010-11-28 17:20:58    647872    ------w-    C:\Windows\SysWow64\Mscomct2.ocx
2010-11-28 17:20:58    53248    ------w-    C:\Windows\Ctregrun.exe
2010-11-28 17:20:50    7062    ----a-w-    C:\Windows\SysWow64\audiopid.vxd
2010-11-28 17:20:39    61440    ------w-    C:\Windows\SysWow64\CTChkAud.dll
2010-11-28 17:20:39    49664    ------w-    C:\Windows\System32\CTChkAud.dll
2010-11-28 17:20:39    42496    ------w-    C:\Windows\System32\AddCat.exe
2010-11-28 17:20:39    183296    ------w-    C:\Windows\System32\CTOPT352.dll
2010-11-28 17:20:39    166400    ------w-    C:\Windows\SysWow64\CTOPT352.dll
2010-11-28 17:20:18    --------    d-----w-    C:\Program Files (x86)\Common Files\Creative Labs Shared
2010-11-28 17:19:14    --------    d-----w-    C:\Program Files (x86)\Creative
2010-11-28 17:18:11    729088    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2010-11-28 17:18:11    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2010-11-28 17:18:11    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2010-11-28 17:18:11    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2010-11-28 17:18:11    192512    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2010-11-28 17:18:10    311428    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2010-11-28 17:18:10    188548    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2010-11-28 17:14:03    --------    d--h--w-    C:\Program Files (x86)\DeviceVM
2010-11-28 17:13:29    --------    d-----w-    C:\Program Files (x86)\Renesas Electronics
2010-11-28 17:13:15    --------    d-----w-    C:\PROGRA~3\Downloaded Installations
2010-11-28 17:12:41    74272    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2010-11-28 17:12:41    347680    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2010-11-28 17:12:20    --------    d-----w-    C:\Program Files (x86)\Realtek
2010-11-28 17:12:04    315904    ----a-w-    C:\Windows\SysWow64\Difxd2a9.rra
2010-11-28 17:10:54    --------    d-----w-    C:\Intel
2010-11-28 16:47:08    --------    d-----w-    C:\PROGRA~3\NVIDIA Corporation
2010-11-28 16:47:04    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2010-11-28 16:46:17    14336    ----a-w-    C:\Windows\System32\drivers\sffp_sd.sys
2010-11-28 16:41:26    --------    d-sh--w-    C:\Windows\Installer
2010-11-28 16:39:54    --------    d-----w-    C:\Windows\SysWow64\Wat
2010-11-28 16:39:54    --------    d-----w-    C:\Windows\System32\Wat
2010-11-28 16:31:35    311808    ----a-w-    C:\Windows\System32\msv1_0.dll
2010-11-28 16:31:35    257024    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2010-11-28 16:27:59    99176    ----a-w-    C:\Windows\SysWow64\PresentationHostProxy.dll
2010-11-28 16:27:59    49472    ----a-w-    C:\Windows\SysWow64\netfxperf.dll
2010-11-28 16:27:59    48960    ----a-w-    C:\Windows\System32\netfxperf.dll
2010-11-28 16:27:59    444752    ----a-w-    C:\Windows\System32\mscoree.dll
2010-11-28 16:27:59    320352    ----a-w-    C:\Windows\System32\PresentationHost.exe
2010-11-28 16:27:59    297808    ----a-w-    C:\Windows\SysWow64\mscoree.dll
2010-11-28 16:27:59    295264    ----a-w-    C:\Windows\SysWow64\PresentationHost.exe
2010-11-28 16:27:59    1942856    ----a-w-    C:\Windows\System32\dfshim.dll
2010-11-28 16:27:59    1130824    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2010-11-28 16:27:59    109912    ----a-w-    C:\Windows\System32\PresentationHostProxy.dll
2010-11-28 16:27:44    294912    ----a-w-    C:\Windows\System32\browserchoice.exe
2010-11-28 16:24:13    8199504    ----a-w-    C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A69C8246-EB76-4EC1-921D-DE8BB39452D9}\mpengine.dll
2010-11-28 16:24:12    270720    ------w-    C:\Windows\System32\MpSigStub.exe
2010-11-28 16:22:59    52224    ----a-w-    C:\Windows\System32\rtutils.dll
2010-11-28 16:22:59    37376    ----a-w-    C:\Windows\SysWow64\rtutils.dll
2010-11-28 16:22:58    286720    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2010-11-28 16:22:57    157696    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2010-11-28 16:22:57    125952    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2010-11-28 16:20:59    558592    ----a-w-    C:\Windows\System32\spoolsv.exe
2010-11-28 16:16:14    220672    ----a-w-    C:\Windows\System32\wintrust.dll
2010-11-28 16:16:14    172032    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2010-11-28 16:16:14    139264    ----a-w-    C:\Windows\System32\cabview.dll
2010-11-28 16:16:14    132608    ----a-w-    C:\Windows\SysWow64\cabview.dll
2010-11-28 16:13:17    --------    d-----w-    C:\Users\Daniel\AppData\Local\VirtualStore
2010-11-28 16:03:51    --------    d-----w-    C:\Windows\Panther

==================== Find3M  ====================

2010-11-28 17:57:54    419840    ----a-w-    C:\Windows\System32\wrap_oal.dll
2010-11-28 17:57:54    413696    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2010-11-28 17:57:54    133632    ----a-w-    C:\Windows\System32\OpenAL32.dll
2010-11-28 17:57:54    110592    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2010-11-09 21:20:56    382032    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2010-11-04 06:35:53    1194496    ----a-w-    C:\Windows\System32\wininet.dll
2010-11-04 06:31:34    57856    ----a-w-    C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17    978944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36    44544    ----a-w-    C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14    482816    ----a-w-    C:\Windows\System32\html.iec
2010-11-04 04:41:26    386048    ----a-w-    C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37    1638912    ----a-w-    C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54    1638912    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17    524288    ----a-w-    C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38    473600    ----a-w-    C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38    1169408    ----a-w-    C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53    1114624    ----a-w-    C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47    464384    ----a-w-    C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32    285696    ----a-w-    C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36    496128    ----a-w-    C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36    305152    ----a-w-    C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44    192000    ----a-w-    C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33    179712    ----a-w-    C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22    2048    ----a-w-    C:\Windows\System32\tzres.dll
2010-10-27 04:32:36    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2010-10-21 11:38:24    130808    ----a-w-    C:\Windows\SysWow64\vpnweb.ocx
2010-10-21 11:37:54    8952    ----a-w-    C:\Windows\SysWow64\vpncategories.dll
2010-10-21 11:37:24    28920    ----a-w-    C:\Windows\SysWow64\vpnevents.dll
2010-10-21 11:20:40    22752    ----a-w-    C:\Windows\System32\drivers\vpnva64.sys
2010-10-20 05:20:01    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15    3124224    ----a-w-    C:\Windows\System32\win32k.sys
2010-10-20 03:05:46    367104    ----a-w-    C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41    294400    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2010-10-16 12:13:46    5901416    ----a-w-    C:\Windows\System32\nvcpl.dll
2010-10-16 12:13:26    2590824    ----a-w-    C:\Windows\System32\nvsvc64.dll
2010-10-16 12:13:26    116328    ----a-w-    C:\Windows\System32\nvmctray.dll
2010-10-16 12:13:24    989800    ----a-w-    C:\Windows\System32\nvvsvc.exe
2010-10-16 12:13:24    1881704    ----a-w-    C:\Windows\System32\nvsvcr.dll
2010-10-16 05:23:13    112000    ----a-w-    C:\Windows\System32\consent.exe
2010-10-16 05:19:41    395776    ----a-w-    C:\Windows\System32\webio.dll
2010-10-16 04:36:10    314368    ----a-w-    C:\Windows\SysWow64\webio.dll

============= FINISH: 12:08:18,64 ===============
Avatar billede grandslam Nybegynder
25. december 2010 - 12:14 #13
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 28-11-2010 17:12:54
System Uptime: 25-12-2010 11:55:46 (1 hours ago)

Motherboard: ASUSTeK Computer INC. |  | SABERTOOTH X58
Processor: Intel(R) Core(TM) i7 CPU        950  @ 3.07GHz | LGA1366 | 3068/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 194,992 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0,06 GiB free.
F: is FIXED (NTFS) - 931 GiB total, 931,249 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva

==== System Restore Points ===================

RP42: 24-12-2010 15:30:39 - Installed COMODO Internet Security

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ASUSUpdate
µTorrent
AVG PC Tuneup 2011
Battlefield: Bad Company 2
Browser Configuration Utility
Call of Duty: Modern Warfare 2 - Multiplayer
Cisco AnyConnect VPN Client
Creative Audio Control Panel
Creative Console Launcher
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative System Information
Curse Client
Dolby Digital Live Pack
DTS Connect Pack
eReg
Fan Xpert
Futuremark SystemInfo
Java Auto Updater
Java(TM) 6 Update 22
JMicron JMB36X Driver
KeyScrambler
Killing Floor
Malwarebytes' Anti-Malware
marvell 91xx driver
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NVIDIA nTune
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PC Probe II
PunkBuster Services
Realtek Ethernet Controller Driver For Windows 7
Renesas Electronics USB 3.0 Host Controller Driver
ROCCAT Kone
  • Mouse Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype™ 5.0
Sophos Anti-Rootkit 1.5.4
Sound Blaster X-Fi
Steam
System Requirements Lab
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.5

==== End Of File ===========================
Avatar billede grandslam Nybegynder
25. december 2010 - 12:17 #14
Hmm fik vist postet en for meget.
Avatar billede f-arn Guru
25. december 2010 - 21:17 #15
Det eneste jeg kan fortælle er at sophos fjerner root-kits så det er vel det den har fundet.

Det ved jeg godt, men jeg tvivler på dens kvalitet. Derfor ville jeg gerne vide hvad den fandt.

------

AVG FREE er så dårligt et produkt, at næsten alt andet er bedre. Som Oldgammel foreslår. Brug Avast.
http://www.avast.com/free-antivirus-download

------

Til Windows 7 64 bit vil jeg foreslå du bruger PC Tools Firewall:
http://www.pctools.com/firewall

------

Der er ikke noget i dine logs, der ligner en keylogger, men prøv dette:

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/onlinescan/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter: (kun dem)
Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
Enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste svar.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Andet sikkerhed kategorien

Titel Indlæg Oprettet Seneste aktivitet
Password sikkerhed Af jhjorsal i Andet sikkerhed 2 13/07/202413:12 13/07/202422:46
Automatisering af certifikat proces - Danske virksomheder Af Søren i Andet sikkerhed 1 29/05/202414:23 30/05/202409:03
VPN i forhold til facebook? Af Novice-1 i Andet sikkerhed 2 26/05/202412:09 26/05/202420:54
Fjerne adgangskode Af Geo" søster i Andet sikkerhed 4 25/04/202418:19 26/04/202422:46
Krypetring af USB -stick Af FinBalance i Andet sikkerhed 16 04/03/202412:39 08/03/202415:52
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
I går 15:27 Billeder kan ikke åbnes Jpeg.modd Af KristinaS i Billedbehandling
I går 13:44 eM Client Af valby i E-mail programmer
I går 13:33 Facebook gruppe Af Btimmer i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Læs mere »
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Læs mere »
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Informationshåndtering på frontlinjen: Sådan optimerer du med automatisering
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »