CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede awezz Nybegynder
09. februar 2011 - 13:56 Der er 18 kommentarer

services CPU brug 100%

Hej, har læst en tråd, med samme problem, og er nu igang med denne guide:

http://www.eksperten.dk/guide/1232

er der evt. en som kan se på mine logs, når jeg er færdig?

tak
Avatar billede awezz Nybegynder
09. februar 2011 - 14:03 #1
http://www.eksperten.dk/spm/769357

det her er den tilsvarende tråd.
Avatar billede fromsej Praktikant
09. februar 2011 - 14:51 #2
Jeg skal nok kigge på dem.
Avatar billede awezz Nybegynder
09. februar 2011 - 16:01 #3
Jeg har fuldført en malware scanning, og gik igang med combofix, men man skal først afinstallere AVG.

AVG siger så det her:

Lokal maskine: installation mislykkedes
    Installation:
        Fejl: Handling mislykkedes for registreringsdatabasenøgle HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: opretter registreringsdatabasenøgle....
            Adgang nægtet.

Så jeg kan ikke afinstallere det...
Avatar billede awezz Nybegynder
09. februar 2011 - 16:04 #4
Her er malware logfilen, hvis det kan bruges..

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09-02-2011 15:46:16
mbam-log-2011-02-09 (15-46-16).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 316665
Tid gået: 1 time(e), 50 minut(ter), 54 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 2
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BetMost Poker (Adware.Casino) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\Poker\titan poker\_titanpsetup_a70d4c.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\Install\everest poker.exe (PUP.Casino) -> Not selected for removal.
d:\Install\setupcasino_45ff77.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\Install\setupcasino_deeea5.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\Install\titanpsetup_a70d4c.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\system volume information\_restore{d5f8e880-1914-4f3f-b7e1-96b3fa2ad548}\RP307\A0061172.exe (Adware.Casino) -> Quarantined and deleted successfully.
e:\programmer\betmost poker\_setupcasino_45ff77.exe (Adware.Casino) -> Quarantined and deleted successfully.
e:\system volume information\_restore{d5f8e880-1914-4f3f-b7e1-96b3fa2ad548}\RP307\A0061117.exe (Adware.Casino) -> Quarantined and deleted successfully.
Avatar billede awezz Nybegynder
09. februar 2011 - 16:37 #5
Nu har jeg prøvet at geninstallere AVG 9.0 og reparere AVG 9.0 - den kommer med samme fejl hver gang..

what to do
Avatar billede awezz Nybegynder
09. februar 2011 - 17:40 #6
Okay, så kører vi. Combofix loggen er meget lang, så jeg lægger den bagefter denne her med malware og hijack:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09-02-2011 15:46:16
mbam-log-2011-02-09 (15-46-16).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|E:\|)
Objekter skannet: 316665
Tid gået: 1 time(e), 50 minut(ter), 54 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 2
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 8

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BetMost Poker (Adware.Casino) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\Poker\titan poker\_titanpsetup_a70d4c.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\Install\everest poker.exe (PUP.Casino) -> Not selected for removal.
d:\Install\setupcasino_45ff77.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\Install\setupcasino_deeea5.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\Install\titanpsetup_a70d4c.exe (Adware.Casino) -> Quarantined and deleted successfully.
d:\system volume information\_restore{d5f8e880-1914-4f3f-b7e1-96b3fa2ad548}\RP307\A0061172.exe (Adware.Casino) -> Quarantined and deleted successfully.
e:\programmer\betmost poker\_setupcasino_45ff77.exe (Adware.Casino) -> Quarantined and deleted successfully.
e:\system volume information\_restore{d5f8e880-1914-4f3f-b7e1-96b3fa2ad548}\RP307\A0061117.exe (Adware.Casino) -> Quarantined and deleted successfully.

Logfile of HijackThis v1.99.1
Scan saved at 17:38:22, on 09-02-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\idt\intelxpv_v103\wdm\STacSV.exe
C:\Programmer\Creative\Shared Files\CTAudSvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\MySecurityCenter\Programs\service.exe
C:\WINDOWS\system32\PnkBstrA.exe
E:\Programmer\Prio\prio_svc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\IDT\WDM\sttray.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
E:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\DivX\DivX Update\DivXUpdate.exe
C:\Programmer\Microsoft IntelliPoint\dpupdchk.exe
E:\programmer\steam\steam.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz2.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmer\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programmer\Vuze_Remote\tbVuz2.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmer\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [setc] C:\Programmer\MySecurityCenter\Programs\setc.exe
O4 - HKCU\..\Run: [Steam] "e:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programmer\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programmer\Creative\Shared Files\CTAudSvc.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmer\Java\jre6\bin\jqs.exe" -service -config "C:\Programmer\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Programmer\MySecurityCenter\Programs\service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Prio Service (prio_svc) - Unknown owner - E:\Programmer\Prio\prio_svc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\programmer\idt\intelxpv_v103\wdm\STacSV.exe
Avatar billede awezz Nybegynder
09. februar 2011 - 17:41 #7
ComboFix 11-02-08.05 - Anders 09-02-2011  17:24:00.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2046.1603 [GMT 1:00]
Kører fra: d:\rensning\ComboFix.exe
Kommandoer benyttet :: d:\rensning\CFScript.txt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anders\Application Data\MSA
c:\windows\system32\system

.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-01-09 til 2011-02-09  )))))))))))))))))))))))))))))))))))
.

2011-02-05 21:02 . 2011-02-05 21:02    --------    d--h--w-    c:\windows\PIF
2011-02-03 11:32 . 2011-02-03 11:32    82469224    ----a-w-    c:\programmer\Fælles filer\Windows Live\.cache\wlc11F.tmp
2011-01-21 18:07 . 2011-01-21 18:07    --------    d-----w-    c:\programmer\TeamViewer
2011-01-20 13:00 . 2011-01-20 13:00    --------    d-----w-    c:\documents and settings\Anders\Lokale indstillinger\Application Data\Octoshape

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-09-27 11:18    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-27 11:18    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-11-24 17:32 . 2010-11-24 17:32    0    ----a-w-    c:\windows\system32\ConduitEngine.tmp
2010-11-18 18:15 . 2009-08-07 09:09    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-04-20 16:02    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2009-08-16 15:04    73728    ----a-w-    c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmer\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26    3908192    ----a-w-    c:\programmer\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26    3908192    ----a-w-    c:\programmer\Vuze_Remote\tbVuz2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\programmer\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\programmer\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\programmer\steam\steam.exe" [2010-11-17 1242448]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 19968]
"IntelliPoint"="c:\programmer\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="e:\programmer\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\programmer\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"setc"="c:\programmer\MySecurityCenter\Programs\setc.exe" [2007-05-21 389992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"xkbqoswsobloewxlgdwaTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"e:\\Programmer\\mIRC\\mirc.exe"=
"e:\\Programmer\\Elma\\Elma Online\\belma.exe"=
"e:\\Programmer\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programmer\\Call Of Duty 4\\iw3mp.exe"=
"e:\\Programmer\\Limewire\\LimeWire.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"e:\\Programmer\\iTunes\\iTunes.exe"=
"e:\\Programmer\\Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Anders\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"e:\\Programmer\\SopCast\\SopCast.exe"=
"e:\\Programmer\\HLSW\\hlsw.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Programmer\\HoN\\hon.exe"=
"e:\\Programmer\\Steam\\SteamApps\\lampeduskeren\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Programmer\\Heroes 3\\HEROES3.EXE"=
"e:\\Programmer\\Heroes 3\\Heroes3_C_crked.exe"=
"c:\\Programmer\\Vuze\\Azureus.exe"=
"e:\\Programmer\\Maple\\jre\\bin\\maple.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.dll"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Anders\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Install\\EasyAntiCheat.exe"=
"e:\\Programmer\\Steam\\SteamApps\\teh_master666\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Programmer\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmer\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programmer\\Steam\\SteamApps\\teh_master666\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres

R1 prio;Prio;c:\windows\system32\drivers\prio.sys [12-09-2009 18:25 51448]
R2 MySecurityCenter License Service;MySecurityCenter License Service;c:\programmer\MySecurityCenter\Programs\service.exe [21-05-2007 11:12 78696]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programmer/PostgreSQL/8.4/data" -w --> C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 prio_svc;Prio Service;e:\programmer\Prio\prio_svc.exe [12-09-2009 18:25 5120]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22-03-2005 02:17 450400]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20-08-2009 23:06 39424]
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\mhvnbvvh.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\programmer\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
- - - - TOMME GENVEJE FJERNET - - - -

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-nwiz - nwiz.exe
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programmer/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programmer/PostgreSQL/8.4/data\" -w"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmer\idt\intelxpv_v103\wdm\STacSV.exe
c:\programmer\Creative\Shared Files\CTAudSvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\programmer\PostgreSQL\8.4\bin\pg_ctl.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\IDT\WDM\sttray.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Microsoft IntelliPoint\dpupdchk.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2011-02-09  17:36:52 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-02-09 16:36

Pre-Kørsel: 37.405.634.560 byte ledig
Post-Kørsel: 37.555.060.736 byte ledig

- - End Of File - - 9A4D2B1AE814AC3C0CCF03F8C6923839
Avatar billede fromsej Praktikant
09. februar 2011 - 17:50 #8
Hent installationsfilen til Avast:
http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button
Hent dette værktøj:
http://www.avg.com/download-tools
Hent Ccleaner her:
http://www.ccleaner.com/download/builds/downloading-slim
Installer Ccleaner, det skal ikke køres endnu.

Afbryd netforbindelsen, kør værktøjet fra AVG, genstart.
Start Ccleaner, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.

Installer Avast, tilslut nettet, så programmet kan opdatere.

Prøv så combofix.
Avatar billede awezz Nybegynder
09. februar 2011 - 17:59 #9
Jeg har altså fået afinstalleret AVG og kørt combofix... Hvor jeg brugte præcist det program, du har linket til.

Vil du stadig have jeg skal hente avast og køre ccleaner igen? og så combofix igen?
Avatar billede fromsej Praktikant
09. februar 2011 - 18:17 #10
Nej, jeg havde ikke opdateret siden, så jeg så ikke dine to forrige indlæg. :-)

Der kører My Security Center på maskinen, det er forhåbentlig ikke noget du har betalt for?
Det er tre numre under et skud hagl værd, men til gengæld er de ikke bange for at lukke munden på kritikere med trusler om fogedforbud, hvilket stadigvæk ikke skal afholde mig fra at kalde deres metoder for bondefangeri!
http://www.comon.dk/nyheder/dansk-antivirus-firma-lukker-munden-pa-kritikere-1.374665.html
---------------------------------------
Drop fildeling >> http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
Afinstaller Limewire i Tilføj/Fjern programmer.
http://www.computerworld.dk/art/52569?a=exp&i=80
---------------------------------------
Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
File::
c:\windows\system32\ConduitEngine.tmp
Folder::
c:\programmer\Vuze_Remote
c:\programmer\ConduitEngine
c:\programmer\MySecurityCenter
e:\Programmer\Limewire
c:\Programmer\Vuze
Driver::
MySecurityCenter License Service
Avgfwdx
Avgfwfd
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"setc"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"xkbqoswsobloewxlgdwaTaskMgr"=-

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.
Avatar billede awezz Nybegynder
09. februar 2011 - 18:33 #11
Ved ikke hvad det der mysecureitycenter er, bruger det aldrig og har ikke betalt for det..

burde have taget fildeling væk nu, og limewire har jeg for længst slettet fra min pc..

kører nu combofix igen, med den nye text fil.
Avatar billede awezz Nybegynder
09. februar 2011 - 18:56 #12
ComboFix 11-02-09.02 - Anders 09-02-2011  18:41:45.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2046.1578 [GMT 1:00]
Kører fra: d:\rensning\ComboFix.exe
Kommandoer benyttet :: d:\rensning\CFScript.txt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!

FILE ::
"c:\windows\system32\ConduitEngine.tmp"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmer\ConduitEngine
c:\programmer\ConduitEngine\appContextMenu.xml
c:\programmer\ConduitEngine\ConduitEngine.dll
c:\programmer\ConduitEngine\ConduitEngineHelper.exe
c:\programmer\ConduitEngine\engineContextMenu.xml
c:\programmer\ConduitEngine\EngineSettings.json
c:\programmer\ConduitEngine\toolbar.cfg
c:\programmer\MySecurityCenter
c:\programmer\MySecurityCenter\Programs\checkinstall.exe
c:\programmer\MySecurityCenter\Programs\csetting.exe
c:\programmer\MySecurityCenter\Programs\forcemove.exe
c:\programmer\MySecurityCenter\Programs\registrationpopup.exe
c:\programmer\MySecurityCenter\Programs\selfupdate.exe
c:\programmer\MySecurityCenter\Programs\service.exe
c:\programmer\MySecurityCenter\Programs\setc.exe
c:\programmer\MySecurityCenter\Programs\setc2.exe
c:\programmer\MySecurityCenter\settings.xml
c:\programmer\Vuze
c:\programmer\Vuze\.install4j\_shfoldr.dll
c:\programmer\Vuze\.install4j\autoUninstall.0
c:\programmer\Vuze\.install4j\files.log
c:\programmer\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_1_5p83tu.properties
c:\programmer\Vuze\.install4j\i4j_extf_10_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_11_5p83tu.properties
c:\programmer\Vuze\.install4j\i4j_extf_12_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_13_5p83tu.properties
c:\programmer\Vuze\.install4j\i4j_extf_14_5p83tu_1q2vg51.png
c:\programmer\Vuze\.install4j\i4j_extf_15_5p83tu_1rjd818.png
c:\programmer\Vuze\.install4j\i4j_extf_16_5p83tu_qin5kk.png
c:\programmer\Vuze\.install4j\i4j_extf_17_5p83tu.exe
c:\programmer\Vuze\.install4j\i4j_extf_18_5p83tu.exe
c:\programmer\Vuze\.install4j\i4j_extf_19_5p83tu_xza4ha.png
c:\programmer\Vuze\.install4j\i4j_extf_2_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_20_5p83tu_19c5po3.png
c:\programmer\Vuze\.install4j\i4j_extf_21_5p83tu_1dcx5tw.png
c:\programmer\Vuze\.install4j\i4j_extf_22_5p83tu.html
c:\programmer\Vuze\.install4j\i4j_extf_23_5p83tu_gxzxjb.png
c:\programmer\Vuze\.install4j\i4j_extf_24_5p83tu.html
c:\programmer\Vuze\.install4j\i4j_extf_25_5p83tu_rz1c2y.png
c:\programmer\Vuze\.install4j\i4j_extf_26_5p83tu_bm8amj.ico
c:\programmer\Vuze\.install4j\i4j_extf_27_5p83tu.exe
c:\programmer\Vuze\.install4j\i4j_extf_28_5p83tu.dll
c:\programmer\Vuze\.install4j\i4j_extf_29_5p83tu.dll
c:\programmer\Vuze\.install4j\i4j_extf_3_5p83tu.properties
c:\programmer\Vuze\.install4j\i4j_extf_30_5p83tu_1efhqvy.png
c:\programmer\Vuze\.install4j\i4j_extf_31_5p83tu_7o6cv2.png
c:\programmer\Vuze\.install4j\i4j_extf_32_5p83tu_luoufk.png
c:\programmer\Vuze\.install4j\i4j_extf_33_5p83tu.html
c:\programmer\Vuze\.install4j\i4j_extf_34_5p83tu.exe
c:\programmer\Vuze\.install4j\i4j_extf_35_5p83tu_1pn3dfg.png
c:\programmer\Vuze\.install4j\i4j_extf_36_5p83tu_z1x7tn.png
c:\programmer\Vuze\.install4j\i4j_extf_4_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_5_5p83tu.properties
c:\programmer\Vuze\.install4j\i4j_extf_6_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_7_5p83tu.properties
c:\programmer\Vuze\.install4j\i4j_extf_8_5p83tu.utf8
c:\programmer\Vuze\.install4j\i4j_extf_9_5p83tu.properties
c:\programmer\Vuze\.install4j\i4jdel.exe
c:\programmer\Vuze\.install4j\i4jinst.dll
c:\programmer\Vuze\.install4j\i4jparams.conf
c:\programmer\Vuze\.install4j\i4jruntime.jar
c:\programmer\Vuze\.install4j\inst_jre.cfg
c:\programmer\Vuze\.install4j\install.prop
c:\programmer\Vuze\.install4j\installation.log
c:\programmer\Vuze\.install4j\MessagesDefault
c:\programmer\Vuze\.install4j\response.varfile
c:\programmer\Vuze\.install4j\unicows.dll
c:\programmer\Vuze\.install4j\user.jar
c:\programmer\Vuze\aereg.dll
c:\programmer\Vuze\aereg64.dll
c:\programmer\Vuze\Azureus.exe
c:\programmer\Vuze\Azureus.exe.manifest
c:\programmer\Vuze\Azureus.exe.vmoptions
c:\programmer\Vuze\Azureus.properties
c:\programmer\Vuze\Azureus2.jar
c:\programmer\Vuze\AzureusUpdater.exe
c:\programmer\Vuze\hs_err_pid2708.log
c:\programmer\Vuze\installer.log
c:\programmer\Vuze\msvcr71.dll
c:\programmer\Vuze\plugins\azitunes\azitunes_0.2.3.jar
c:\programmer\Vuze\plugins\azitunes\azureus.sig
c:\programmer\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
c:\programmer\Vuze\plugins\azitunes\jacob_1.14.3.jar
c:\programmer\Vuze\plugins\azitunes\libProcessAccess.dll
c:\programmer\Vuze\plugins\azitunes\libProcessAccess_0.1.2.jar
c:\programmer\Vuze\plugins\azitunes\plugin.properties
c:\programmer\Vuze\plugins\azplugins\azplugins_2.1.6.jar
c:\programmer\Vuze\plugins\azrating\azrating_1.3.1.jar
c:\programmer\Vuze\plugins\azupdater\azupdaterpatcher_1.8.16.jar
c:\programmer\Vuze\plugins\azupdater\azureus.sig
c:\programmer\Vuze\plugins\azupdater\plugin.properties
c:\programmer\Vuze\plugins\azupdater\Updater.jar
c:\programmer\Vuze\plugins\azupnpav\azupnpav_0.2.29.2.jar
c:\programmer\Vuze\plugins\azupnpav\azupnpav_0.3.6.jar
c:\programmer\Vuze\plugins\azupnpav\azupnpav_0.3.6.zip
c:\programmer\Vuze\plugins\azupnpav\azureus.sig
c:\programmer\Vuze\plugins\azupnpav\plugin.properties
c:\programmer\Vuze\plugins\azupnpav\plugin.properties_0.3.6
c:\programmer\Vuze\swt.jar
c:\programmer\Vuze\uninstall.exe
c:\programmer\Vuze\Vuze.ico
c:\programmer\Vuze_Remote
c:\programmer\Vuze_Remote\INSTALL.LOG
c:\programmer\Vuze_Remote\tbVuz0.dll
c:\programmer\Vuze_Remote\tbVuz1.dll
c:\programmer\Vuze_Remote\tbVuz2.dll
c:\programmer\Vuze_Remote\tbVuze.dll
c:\programmer\Vuze_Remote\toolbar.cfg
c:\programmer\Vuze_Remote\UNWISE.EXE
c:\programmer\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\programmer\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
c:\windows\system32\ConduitEngine.tmp
e:\programmer\Limewire
e:\programmer\Limewire\.NetworkShare\LimeWireWin4.18.8.exe
e:\programmer\Limewire\.NetworkShare\LimeWireWin5.1.4.exe
e:\programmer\Limewire\Buy LimeWire PRO.url
e:\programmer\Limewire\COPYING
e:\programmer\Limewire\data.ser
e:\programmer\Limewire\hs_err_pid1756.log
e:\programmer\Limewire\hs_err_pid2764.log
e:\programmer\Limewire\hs_err_pid4420.log
e:\programmer\Limewire\hs_err_pid512.log
e:\programmer\Limewire\inspection.props
e:\programmer\Limewire\install.log
e:\programmer\Limewire\language.prop
e:\programmer\Limewire\lib\additional_resources.jar
e:\programmer\Limewire\lib\aopalliance.jar
e:\programmer\Limewire\lib\AppFramework.jar
e:\programmer\Limewire\lib\base64-2.2.2.jar
e:\programmer\Limewire\lib\clink.jar
e:\programmer\Limewire\lib\commons-codec-1.3.jar
e:\programmer\Limewire\lib\commons-logging.jar
e:\programmer\Limewire\lib\commons-math-1.2.jar
e:\programmer\Limewire\lib\commons-net.jar
e:\programmer\Limewire\lib\dnsjava-2.0.6.jar
e:\programmer\Limewire\lib\dnsjava.jar
e:\programmer\Limewire\lib\daap.jar
e:\programmer\Limewire\lib\EventBus-1.2b.jar
e:\programmer\Limewire\lib\forms.jar
e:\programmer\Limewire\lib\foxtrot.jar
e:\programmer\Limewire\lib\gettext-commons.jar
e:\programmer\Limewire\lib\glazedlists-1.7.0_java15.jar
e:\programmer\Limewire\lib\guice-1.0.jar
e:\programmer\Limewire\lib\guice-assistedinject-snapshot.jar
e:\programmer\Limewire\lib\guice-snapshot.jar
e:\programmer\Limewire\lib\hashes
e:\programmer\Limewire\lib\hsqldb.jar
e:\programmer\Limewire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
e:\programmer\Limewire\lib\httpclient-4.0-beta1.jar
e:\programmer\Limewire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
e:\programmer\Limewire\lib\httpcore-4.0-beta2.jar
e:\programmer\Limewire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
e:\programmer\Limewire\lib\httpcore-nio-4.0-beta2.jar
e:\programmer\Limewire\lib\icu4j.jar
e:\programmer\Limewire\lib\iTunes-0.0.1.jar
e:\programmer\Limewire\lib\jacob-1.14.1-x64.dll
e:\programmer\Limewire\lib\jacob-1.14.1-x86.dll
e:\programmer\Limewire\lib\jacob-1.14.1.jar
e:\programmer\Limewire\lib\jaudiotagger.jar
e:\programmer\Limewire\lib\jcip-annotations.jar
e:\programmer\Limewire\lib\jcraft.jar
e:\programmer\Limewire\lib\jdic.dll
e:\programmer\Limewire\lib\jdic.jar
e:\programmer\Limewire\lib\jdic_stub.jar
e:\programmer\Limewire\lib\jflac.jar
e:\programmer\Limewire\lib\jl.jar
e:\programmer\Limewire\lib\jmdns.jar
e:\programmer\Limewire\lib\jna.jar
e:\programmer\Limewire\lib\jogg.jar
e:\programmer\Limewire\lib\jorbis.jar
e:\programmer\Limewire\lib\jxlayer.jar
e:\programmer\Limewire\lib\LimeWire.ico
e:\programmer\Limewire\lib\LimeWire.jar
e:\programmer\Limewire\lib\log4j.jar
e:\programmer\Limewire\lib\log4j.properties
e:\programmer\Limewire\lib\looks.jar
e:\programmer\Limewire\lib\messages.jar
e:\programmer\Limewire\lib\miglayout.jar
e:\programmer\Limewire\lib\mozdom4java.jar
e:\programmer\Limewire\lib\MozillaGlue-1.9.jar
e:\programmer\Limewire\lib\MozillaInterfaces-1.9.jar
e:\programmer\Limewire\lib\mozswing.jar
e:\programmer\Limewire\lib\mp3spi.jar
e:\programmer\Limewire\lib\onion-common.jar
e:\programmer\Limewire\lib\onion-fec.jar
e:\programmer\Limewire\lib\ProgressTabs.jar
e:\programmer\Limewire\lib\smack.jar
e:\programmer\Limewire\lib\smackx-debug.jar
e:\programmer\Limewire\lib\smackx.jar
e:\programmer\Limewire\lib\swing-worker-1.1.jar
e:\programmer\Limewire\lib\swingx-0.9.4.jar
e:\programmer\Limewire\lib\swt.jar
e:\programmer\Limewire\lib\SystemUtilities.dll
e:\programmer\Limewire\lib\SystemUtilitiesA.dll
e:\programmer\Limewire\lib\themes.jar
e:\programmer\Limewire\lib\tray.dll
e:\programmer\Limewire\lib\tritonus.jar
e:\programmer\Limewire\lib\vorbisspi.jar
e:\programmer\Limewire\LimeWire On Startup.lnk
e:\programmer\Limewire\LimeWire.exe
e:\programmer\Limewire\LimeWire.ico
e:\programmer\Limewire\pmf.ico
e:\programmer\Limewire\root\magnet10\badge.img
e:\programmer\Limewire\root\magnet10\canHandle.img
e:\programmer\Limewire\root\magnet10\limewire.gif
e:\programmer\Limewire\root\magnet10\options.js
e:\programmer\Limewire\root\magnet10\silentdetect.js
e:\programmer\Limewire\SOURCE
e:\programmer\Limewire\spacer.gif
e:\programmer\Limewire\uninstall.exe
e:\programmer\Limewire\unpack.log

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYSECURITYCENTER_LICENSE_SERVICE
-------\Service_Avgfwdx
-------\Service_Avgfwfd
-------\Service_MySecurityCenter License Service


(((((((((((((((((((((((((((((  Filer skabt fra 2011-01-09 til 2011-02-09  )))))))))))))))))))))))))))))))))))
.

2011-02-09 16:37 . 2011-02-09 16:37    --------    d-----w-    C:\Program Files
2011-02-05 21:02 . 2011-02-05 21:02    --------    d--h--w-    c:\windows\PIF
2011-02-03 11:32 . 2011-02-03 11:32    82469224    ----a-w-    c:\programmer\Fælles filer\Windows Live\.cache\wlc11F.tmp
2011-01-21 18:07 . 2011-01-21 18:07    --------    d-----w-    c:\programmer\TeamViewer
2011-01-20 13:00 . 2011-01-20 13:00    --------    d-----w-    c:\documents and settings\Anders\Lokale indstillinger\Application Data\Octoshape

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-09-27 11:18    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-09-27 11:18    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-11-18 18:15 . 2009-08-07 09:09    81920    ----a-w-    c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-04-20 16:02    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2009-08-16 15:04    73728    ----a-w-    c:\windows\system32\javacpl.cpl
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\programmer\steam\steam.exe" [2010-11-17 1242448]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2008-02-20 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 19968]
"IntelliPoint"="c:\programmer\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="e:\programmer\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\programmer\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"e:\\Programmer\\mIRC\\mirc.exe"=
"e:\\Programmer\\Elma\\Elma Online\\belma.exe"=
"e:\\Programmer\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Programmer\\Call Of Duty 4\\iw3mp.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"e:\\Programmer\\iTunes\\iTunes.exe"=
"e:\\Programmer\\Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Anders\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"e:\\Programmer\\SopCast\\SopCast.exe"=
"e:\\Programmer\\HLSW\\hlsw.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Programmer\\HoN\\hon.exe"=
"e:\\Programmer\\Steam\\SteamApps\\lampeduskeren\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"e:\\Programmer\\Heroes 3\\HEROES3.EXE"=
"e:\\Programmer\\Heroes 3\\Heroes3_C_crked.exe"=
"e:\\Programmer\\Maple\\jre\\bin\\maple.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.exe"=
"c:\\Programmer\\RayV\\RayV\\RayV.dll"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Anders\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Install\\EasyAntiCheat.exe"=
"e:\\Programmer\\Steam\\SteamApps\\teh_master666\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Programmer\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programmer\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Programmer\\Steam\\SteamApps\\teh_master666\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres

R1 prio;Prio;c:\windows\system32\drivers\prio.sys [12-09-2009 18:25 51448]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Programmer/PostgreSQL/8.4/data" -w --> C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 prio_svc;Prio Service;e:\programmer\Prio\prio_svc.exe [12-09-2009 18:25 5120]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22-03-2005 02:17 450400]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20-08-2009 23:06 39424]
.
Indhold af mappen 'Planlagte Opgaver'

2010-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
FF - ProfilePath - c:\documents and settings\Anders\Application Data\Mozilla\Firefox\Profiles\mhvnbvvh.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\programmer\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - e:\programmer\Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programmer\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-8461-7759-5462-8226 - c:\programmer\Vuze\uninstall.exe
AddRemove-Vuze_Remote Toolbar - c:\progra~1\VUZE_R~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-09 18:49
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\docume~1\Anders\LOKALE~1\Temp\RGI6.tmp 7096 bytes

scanning gennemført med succes
skjulte filer: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programmer/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Programmer/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Programmer/PostgreSQL/8.4/data\" -w"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
  bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmer\idt\intelxpv_v103\wdm\STacSV.exe
c:\programmer\Creative\Shared Files\CTAudSvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\programmer\PostgreSQL\8.4\bin\pg_ctl.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\programmer\PostgreSQL\8.4\bin\postgres.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Microsoft IntelliPoint\dpupdchk.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2011-02-09  18:54:46 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2011-02-09 17:54
ComboFix2.txt  2011-02-09 16:36

Pre-Kørsel: 37.548.138.496 byte ledig
Post-Kørsel: 37.310.025.728 byte ledig

- - End Of File - - AD4CB04C94B0059506D1322B5160D7FE

Her er den nye logfil, nærmer vi os noget?
Avatar billede fromsej Praktikant
09. februar 2011 - 19:56 #13
Der er ikke mere at komme efter, er dit problem løst?
Avatar billede awezz Nybegynder
09. februar 2011 - 20:17 #14
Det lyder dejligt, men min pc kører stadig på 20-30% CPU brug, når der er internet forbindelse... Når jeg deaktiverer den, så bruger den intet...

meget mærkeligt!
Avatar billede awezz Nybegynder
09. februar 2011 - 21:57 #15
jeg gør intet, og lige pludselig springer mit CPU brug op på 70-80%, og den er 20-30% som lavest... og normalt er den bare 0-5%... det er alt for mærkeligt
Avatar billede fromsej Praktikant
10. februar 2011 - 06:03 #16
Prøv at trykke på <Ctrl><Alt><Del> samtidig, næste gang det sker.
Skift så til fanebladet "Processer", klik 2 gange på CPU, så kan du se hvilken fil der bruger mest, fortæl hvad den hedder.
Avatar billede awezz Nybegynder
11. februar 2011 - 12:13 #17
Har jeg prøvet, og den siger aktiv system process 99, og så nogen gange er der andre, som springer til 2 eller 1 %, men der står stadig jeg bruger 15-20% og nogen gange 80-100%, selvom jeg ikke laver noget. Det er rigtig mærkeligt
Avatar billede fromsej Praktikant
12. februar 2011 - 21:54 #18
Jo højere tallet er ved aktiv system proces, jo bedre, egentlig er det ledig kapacitet den viser, hvorfor det underlige navn, tjae måske ved William Havelåge det.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 17:52 Kan man afspille Blue-Ray DvD Film med Linux Mint ? Af Ikke-ekspert i Linux
I dag 16:13 Forsvundne mail i Gmail Af ejgil703 i E-mail programmer
I dag 13:18 Hvordan kan jeg forbedre hastigheden på min hjemmeside? Af Martin Rasmussen i Søgemaskiner
I dag 12:30 kan ikke logge ind på en konto hos eksperten Af logbuilders i Hjælp og fejl
I dag 11:54 Panasonic Bluray optager DMR-BCT73 Af haki i Fjernsyn & projektorer
White papers
Flere white papers »


Premium
Teaser billede
Lunar-stifter Ken Villum Klausen har kæmpet med søvnløse nætter, men sidder nu på en tropeø og holder sin første ferie i otte måneder: “I de seneste år har jeg været war-time-CEO”
Læs mere »
Danske it-folk lokkes med store tiltrædelses-bonusser: Nu kan du score mere end 100.000 kroner ved at skrive under på ny jobkontrakt
Fem år gammelt it-selskab fra Fyn køber sjællandske Komplex IT med 42 ansatte: ”Vi skaber en ny markedsleder"
It-folk mister gnisten som aldrig før: Sådan sætter du ind mod udbrændthed som chef
Se alle »
Computerworld
Teaser billede
Test: Denne lille forstærker håndterer alt fra din streaming, grammofon og tv-lyd
Læs mere »
Test: Uret med militær præcision, som meget få har brug for, men virkelig gerne vil eje
Nvidia er klar med en supercomputer til dit skrivebord: “Det her er AI-tidsalderens computer”
Spielberg vender tilbage til klassisk sci-fi og rumvæsener
Se alle »
CIO
Teaser billede
Danmark er selv skyld i afhængigheden af Microsoft: "Vi har smurt os selv ind i leverpostej og er kravlet ind i løvens gab"
Læs mere »
It-folk mister gnisten som aldrig før: Sådan sætter du ind mod udbrændthed som chef
Copilot-app forsvinder pludselig fra brugeres Windows-pc'er efter opdatering
Microsofts topchef Satya Nadella ser en hård fremtid for SaaS-applikationer – CRM-gigant er rygende uenig
Se alle »
Job & Karriere
Teaser billede
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Læs mere »
Microsoft fyrer de dårligst performende ansatte: Disse jobtitler bliver ramt
Nørgaard: I de gode gamle dage havde jeg for vane at fyre alle mine medarbejdere jævnligt
Her er årsagen til fyringer i Rigspolitiets it-afdeling: Disse projekter har trukket benene væk under økonomien
Se alle »
White paper
Teaser billede
AI og kunderejsen: Sådan vinder du fremtidens forbrugere
Læs mere »
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »