CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede dazler Novice
07. januar 2010 - 16:36 Der er 16 kommentarer og
1 løsning

Selvrenset PC - er den ren?

Selvrenset PC - er den ren?
Jeg har selv været i gang med at rense nabosønnens (13 årig) PC. Jeg er i tvivl om den nu er helt ren.

Jeg vil være taknemmelig om I ville kigge dette igennem for mig.



Malwarebytes' Anti-Malware 1.43
Database version: 3504
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07-01-2010 01:30:50
mbam-log-2010-01-07 (01-30-50).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 687212
Tid tilbagelagt: 1 hour(s), 42 minute(s), 12 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)


********************************

ComboFix 10-01-04.01 - admin 07-01-2010  15:09:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.2047.1574 [GMT 1:00]
Kører fra: c:\documents and settings\admin\Skrivebord\ComboFix\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\admin\Skrivebord\ComboFix\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100107-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-07 til 2010-01-07  )))))))))))))))))))))))))))))))))))
.

2010-01-06 19:29 . 2010-01-06 19:29    --------    d-----w-    c:\documents and settings\admin\Application Data\TrojanHunter
2010-01-06 14:58 . 2010-01-07 00:31    --------    d-----w-    c:\programmer\TrojanHunter 5.2
2010-01-06 11:38 . 2010-01-06 11:38    --------    d-----w-    c:\programmer\MSSOAP
2010-01-06 11:38 . 2010-01-06 11:38    --------    d-----w-    c:\programmer\Webroot
2010-01-06 11:34 . 2010-01-06 11:34    164    ----a-w-    c:\windows\install.dat
2010-01-05 22:24 . 2010-01-05 22:24    --------    d-----w-    c:\documents and settings\admin\Application Data\Malwarebytes
2010-01-05 22:24 . 2009-12-30 13:55    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-05 22:24 . 2010-01-05 22:24    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-01-05 22:24 . 2010-01-05 22:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-05 22:24 . 2009-12-30 13:54    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-05 18:18 . 2010-01-05 18:18    --------    d-----w-    c:\documents and settings\admin\Application Data\Office Genuine Advantage
2010-01-05 15:00 . 2009-11-21 15:58    471552    -c----w-    c:\windows\system32\dllcache\aclayers.dll
2010-01-05 12:36 . 2010-01-05 12:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-05 12:36 . 2010-01-05 12:37    --------    d-----w-    c:\programmer\NVIDIA Corporation
2010-01-05 12:33 . 2009-11-21 02:34    69632    ----a-w-    c:\windows\system32\OpenCL.dll
2010-01-05 12:33 . 2009-11-21 02:34    1989224    ----a-w-    c:\windows\system32\nvcuvenc.dll
2010-01-05 12:33 . 2009-11-21 02:34    11374592    ----a-w-    c:\windows\system32\nvcompiler.dll
2010-01-05 12:33 . 2009-11-21 02:34    2293286    ----a-w-    c:\windows\system32\nvdata.bin
2009-12-23 15:51 . 2009-12-23 15:53    --------    d-----w-    c:\programmer\BannedStory
2009-12-21 20:44 . 2009-12-21 20:44    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{69D4D3FD-5170-4020-896E-6457E36467E2}
2009-12-21 20:02 . 2009-12-21 20:02    --------    dc-h--w-    c:\documents and settings\All Users\Application Data\{0134E361-C5BE-40C9-8408-DE27B2801AC8}
2009-12-21 12:31 . 2009-12-21 12:31    --------    d-----w-    c:\documents and settings\admin\Lokale indstillinger\Application Data\Blizzard Entertainment
2009-12-21 11:39 . 2009-12-23 10:19    --------    d-----w-    C:\Templar Flyff
2009-12-20 12:22 . 2009-12-15 03:47    200704    ----a-w-    c:\windows\system32\HMIPCore.dll
2009-12-19 21:38 . 2009-12-19 21:38    --------    d-----w-    c:\documents and settings\admin\Lokale indstillinger\Application Data\PackageAware
2009-12-15 16:50 . 2009-12-15 16:52    --------    d-----w-    C:\Sciphone JESPER
2009-12-15 16:44 . 2009-12-15 16:52    --------    d-----w-    C:\Sciphone musik 1
2009-12-15 15:31 . 2008-03-16 12:30    216064    --sh--r-    c:\windows\system32\nbDX.dll
2009-12-15 15:31 . 2007-02-21 10:47    31232    --sh--r-    c:\windows\system32\msfDX.dll
2009-12-15 15:31 . 2006-05-03 09:06    163328    --sh--r-    c:\windows\system32\flvDX.dll
2009-12-15 15:30 . 2009-12-15 15:30    --------    d-----w-    c:\programmer\eRightSoft
2009-12-15 14:55 . 2009-12-15 15:02    --------    d-----w-    C:\divx
2009-12-15 14:11 . 2009-12-15 14:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\NCH Software
2009-12-15 14:03 . 2009-12-15 14:03    --------    d-----w-    c:\programmer\Fælles filer\Common Share
2009-12-15 13:58 . 2009-12-15 13:58    --------    d-----w-    c:\documents and settings\admin\Application Data\Media Player Classic
2009-12-15 13:57 . 2009-12-15 13:57    --------    d-----w-    C:\Output
2009-12-15 13:55 . 2009-12-15 13:55    34    ---ha-w-    c:\windows\system32\Converter_sysquict.dat
2009-12-15 13:55 . 2009-12-15 14:10    --------    d-----w-    c:\programmer\Afree AVI FLV MPEG WMV ASF MOV to MP4 Converter
2009-12-15 13:55 . 2007-09-04 16:56    164352    ----a-w-    c:\windows\system32\unrar.dll
2009-12-15 13:55 . 2008-01-10 12:16    159839    ----a-w-    c:\windows\system32\xvidvfw.dll
2009-12-15 13:55 . 2008-01-10 12:15    755027    ----a-w-    c:\windows\system32\xvidcore.dll
2009-12-15 13:55 . 2008-06-12 18:36    7680    ----a-w-    c:\windows\system32\ff_vfw.dll
2009-12-15 13:55 . 2009-12-15 18:46    --------    d-----w-    c:\programmer\K-Lite Codec Pack
2009-12-10 10:42 . 2009-12-10 10:42    --------    d-----w-    c:\documents and settings\admin\Lokale indstillinger\Application Data\Aspyr
2009-12-10 10:35 . 2009-12-10 10:35    --------    d-----w-    c:\programmer\Aspyr
2009-12-10 10:28 . 2009-12-10 10:31    --------    d-----w-    C:\guitar hero III install
2009-12-08 19:02 . 2009-12-08 19:02    --------    d-----w-    c:\documents and settings\admin\Application Data\fofix
2009-12-08 18:11 . 2009-12-08 19:16    --------    d-----w-    C:\FoFiX

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 14:06 . 2009-12-03 01:21    125504    ----a-w-    c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-01-07 13:57 . 2009-06-20 14:01    --------    d-----w-    c:\programmer\Java
2010-01-06 20:37 . 2009-03-06 14:37    --------    d-----w-    c:\programmer\SUPERAntiSpyware
2010-01-06 05:27 . 2009-04-24 11:20    --------    d-----w-    c:\programmer\Pando Networks
2010-01-05 14:23 . 2009-03-28 12:22    --------    d-----w-    c:\programmer\Google
2010-01-05 14:22 . 2009-03-06 12:47    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2010-01-05 12:36 . 2009-03-06 12:47    --------    d-----w-    c:\programmer\AGEIA Technologies
2009-12-23 18:02 . 2009-03-15 16:15    --------    d-----w-    c:\documents and settings\admin\Application Data\Skype
2009-12-23 16:06 . 2009-11-26 15:57    --------    d-----w-    c:\programmer\Fælles filer\Adobe AIR
2009-12-21 14:47 . 2009-03-26 18:20    --------    d-----w-    c:\documents and settings\admin\Application Data\BitTorrent
2009-12-20 12:29 . 2009-10-06 13:10    --------    d-----w-    c:\programmer\Hide My IP 2009
2009-12-18 18:13 . 2009-12-08 13:16    --------    d-----w-    c:\programmer\DarKGunZ
2009-12-18 11:29 . 2009-03-06 15:44    --------    d-----w-    c:\programmer\McAfee
2009-12-16 14:34 . 2009-11-17 16:50    --------    d-----w-    c:\documents and settings\admin\Application Data\Apple Computer
2009-12-15 18:42 . 2009-09-20 16:56    --------    d-----w-    c:\programmer\TallStick
2009-12-15 15:16 . 2009-04-08 21:31    --------    d-----w-    c:\documents and settings\admin\Application Data\DivX
2009-12-15 14:36 . 2009-03-28 12:22    --------    d-----w-    c:\programmer\Fælles filer\DivX Shared
2009-12-15 14:18 . 2009-03-28 12:22    --------    d-----w-    c:\programmer\DivX
2009-12-15 14:11 . 2009-03-18 18:16    --------    d-----w-    c:\programmer\NCH Software
2009-12-14 01:02 . 2009-04-08 21:50    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2009-12-10 10:26 . 2001-10-09 13:00    82476    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-10 10:26 . 2001-10-09 13:00    456296    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-09 15:13 . 2009-12-09 15:13    0    ---ha-w-    c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-12-09 15:13 . 2009-12-09 15:13    0    ---ha-w-    c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-07 14:40 . 2009-11-27 09:47    35620    ---ha-w-    c:\windows\system32\mlfcache.dat
2009-12-07 13:48 . 2009-10-25 20:55    --------    d-----w-    c:\programmer\VDOWNLOADER
2009-12-06 17:00 . 2009-11-11 17:00    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-12-02 20:17 . 2009-05-06 19:11    --------    d-----w-    c:\programmer\VstPlugins
2009-12-02 20:15 . 2009-09-16 19:47    --------    d-----w-    c:\programmer\REAPER
2009-12-02 19:26 . 2007-11-06 20:11    50224    ----a-w-    c:\documents and settings\admin\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 19:25 . 2009-12-02 19:25    --------    d-----w-    c:\programmer\Guitar Pro 5
2009-11-26 15:57 . 2009-11-26 15:57    --------    d-----w-    c:\documents and settings\admin\Application Data\iPhone.F4B6EDD4861104DF103CA831FC6755522BBBD9C1.1
2009-11-26 15:57 . 2009-11-26 15:57    --------    d-----w-    c:\programmer\Desktop iPhone
2009-11-26 13:09 . 2009-11-26 13:09    --------    d-----w-    c:\documents and settings\NetworkService\Application Data\agi
2009-11-25 15:16 . 2009-03-17 15:47    --------    d-----r-    c:\programmer\Skype
2009-11-25 15:16 . 2009-03-15 16:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2009-11-24 23:54 . 2009-03-06 14:32    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-03-06 14:32    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-03-06 14:32    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-03-06 14:32    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-03-06 14:32    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-03-06 14:32    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-11-21 19:30 . 2009-11-21 19:30    --------    d-----w-    c:\programmer\Quick Screen Capture
2009-11-21 15:58 . 2004-08-26 15:53    471552    ----a-w-    c:\windows\AppPatch\aclayers.dll
2009-11-21 02:34 . 2009-03-06 12:46    592488    ----a-w-    c:\windows\system32\nvudisp.exe
2009-11-21 02:34 . 2009-02-18 13:44    6282752    ----a-w-    c:\windows\system32\nv4_disp.dll
2009-11-21 02:34 . 2009-02-18 13:44    4038656    ----a-w-    c:\windows\system32\nvcuda.dll
2009-11-21 02:34 . 2009-02-18 13:44    2259560    ----a-w-    c:\windows\system32\nvcuvid.dll
2009-11-21 02:34 . 2009-02-18 13:44    182888    ----a-w-    c:\windows\system32\nvcodins.dll
2009-11-21 02:34 . 2009-02-18 13:44    182888    ----a-w-    c:\windows\system32\nvcod.dll
2009-11-21 02:34 . 2009-02-18 13:44    13602816    ----a-w-    c:\windows\system32\nvoglnt.dll
2009-11-21 02:34 . 2009-02-18 13:44    1056768    ----a-w-    c:\windows\system32\nvapi.dll
2009-11-21 02:34 . 2009-02-18 13:44    10235968    ----a-w-    c:\windows\system32\drivers\nv4_mini.sys
2009-11-20 11:54 . 2009-10-29 18:09    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-11-19 20:42 . 2009-03-06 12:46    592488    ----a-w-    c:\windows\system32\NVUNINST.EXE
2009-11-18 19:27 . 2009-11-18 19:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-17 16:50 . 2009-11-17 16:49    --------    d-----w-    c:\programmer\iTunes
2009-11-17 16:50 . 2009-11-17 16:49    --------    d-----w-    c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-17 16:49 . 2009-11-17 16:49    --------    d-----w-    c:\programmer\iPod
2009-11-17 16:49 . 2009-11-17 16:47    --------    d-----w-    c:\programmer\Fælles filer\Apple
2009-11-17 16:49 . 2009-11-17 16:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-17 16:48 . 2009-11-17 16:48    --------    d-----w-    c:\programmer\Bonjour
2009-11-17 16:48 . 2009-11-17 16:48    --------    d-----w-    c:\programmer\QuickTime
2009-11-17 16:48 . 2009-11-17 16:48    --------    d-----w-    c:\programmer\Apple Software Update
2009-11-17 16:47 . 2009-11-17 16:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\Apple
2009-11-17 13:19 . 2009-11-17 13:05    --------    d-----w-    c:\documents and settings\admin\Application Data\DAEMON Tools Pro
2009-11-17 13:18 . 2009-11-17 13:14    --------    d-----w-    c:\programmer\DAEMON Tools Pro
2009-11-17 13:14 . 2009-11-17 13:14    --------    d-----w-    c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-11-17 13:05 . 2009-11-17 13:05    722416    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-11-14 00:47 . 2009-11-14 00:47    856064    ----a-w-    c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47    856064    ----a-w-    c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47    847872    ----a-w-    c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47    843776    ----a-w-    c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47    839680    ----a-w-    c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47    696320    ----a-w-    c:\windows\system32\DivX.dll
2009-11-11 19:31 . 2009-07-21 09:29    --------    d-----w-    c:\documents and settings\admin\Application Data\Pro Cycling Manager 2009
2009-11-10 20:59 . 2009-11-10 20:59    --------    d-----w-    c:\programmer\Microsoft
2009-11-10 18:10 . 2009-11-10 18:10    --------    d-----w-    c:\programmer\GalaNet
2009-11-09 07:36 . 2009-11-09 07:36    265797    ----a-w-    c:\windows\system32\pdvcodec.dll
2009-10-29 07:43 . 2004-08-26 15:53    916480    ------w-    c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-26 15:53    75776    ----a-w-    c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-26 15:53    25088    ----a-w-    c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00    265728    ----a-w-    c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2004-08-26 15:53    270848    ----a-w-    c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2004-08-26 15:53    79872    ----a-w-    c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2004-08-26 15:53    150016    ----a-w-    c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-06-20 14:01    411368    ----a-w-    c:\windows\system32\deploytk.dll
2006-05-03 09:06 . 2009-12-15 15:31    163328    --sh--r-    c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-12-15 15:31    31232    --sh--r-    c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-12-15 15:31    216064    --sh--r-    c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-05-06 32768]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RGSC"="c:\programmer\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-10-14 306088]
"DAEMON Tools Pro Agent"="c:\programmer\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-06 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"MediaLifeService"="c:\programmer\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 110739]
"mmtask"="c:\programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"AdobeCS4ServiceManager"="c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 28160]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"THGuard"="c:\programmer\TrojanHunter 5.2\THGuard.exe" [2009-11-26 1069728]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Ordbogen.com"="c:\programmer\CoolSystems\ordbogen.com\ordbogen.exe" [2007-10-19 274432]

c:\documents and settings\admin\Menuen Start\Programmer\Start\
Acess file.bat [2009-12-14 1121]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-5-6 450560]
Rocket.Time.lnk - c:\programmer\Rocket Software\RocketTime\RocketTime.exe [2009-3-6 573513]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21    548352    ----a-w-    c:\programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\DNA\\btdna.exe"=
"c:\\Programmer\\BitTorrent\\bittorrent.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\Programmer\\Steam\\steamapps\\mikkeltonatiuh1128\\garrysmod\\hl2.exe"=
"c:\\Programmer\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Programmer\\Cyanide\\Pro Cycling Manager - Season 2009\\PCM.exe"=
"c:\\Programmer\\Cyanide\\Pro Cycling Manager - Season 2009\\Autorun\\Exe\\Autorun.exe"=
"c:\\Crossfire Server\\crossfire32.exe"=
"c:\\Programmer\\Steam\\steamapps\\darkbb\\counter-strike source\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\darkbb\\garrysmod\\hl2.exe"=
"c:\\Programmer\\Steam\\steamapps\\darkbb\\team fortress 2\\hl2.exe"=
"c:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Paradox Blizzlike Repack v1\\ArcEmu\\arcemu-world.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Programmer\\Euro Gunz v8.5.8\\eurogunz.exe"=
"c:\\ProdigyGamerz V3.2\\TheDuel.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\AC Web MaNGOS Hybrid\\Server\\mysql\\bin\\mysqld.exe"=
"c:\\XalvionWoW\\ArcEmu\\arcemu-world.exe"=
"c:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"c:\\Programmer\\DarKGunZ\\Gunz.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\jucheck.exe"=
"c:\\Programmer\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Programmer\\DRGunZ\\DRGunZ.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\Giganology\\Gigaget\\Gigaget.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"57234:TCP"= 57234:TCP:SolidNetworkManager
"57234:UDP"= 57234:UDP:SolidNetworkManager
"33572:TCP"= 33572:TCP:SolidNetworkManager
"33572:UDP"= 33572:UDP:SolidNetworkManager
"27349:TCP"= 27349:TCP:SolidNetworkManager
"27349:UDP"= 27349:UDP:SolidNetworkManager
"19223:TCP"= 19223:TCP:SolidNetworkManager
"19223:UDP"= 19223:UDP:SolidNetworkManager
"58227:TCP"= 58227:TCP:Pando Media Booster
"58227:UDP"= 58227:UDP:Pando Media Booster
"3306:TCP"= 3306:TCP:root@localhost
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17-11-2009 14:05 722416]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [21-07-2009 12:26 3033712]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [06-03-2009 16:18 114768]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [23-11-2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [23-11-2009 08:43 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06-03-2009 16:18 20560]
R2 BlackfishSQL;BlackfishSQL;c:\programmer\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe [29-08-2008 20:00 65536]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\programmer\LogMeIn Hamachi\hamachi-2.exe [29-10-2009 12:27 1074568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programmer\McAfee\SiteAdvisor\McSACore.exe [06-03-2009 16:44 93320]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12-03-2009 16:36 86016]
R3 HideMyIpSRV;HideMyIpSRV;c:\programmer\Hide My IP 2009\HideMyIpSrv.exe [20-12-2009 13:18 2396464]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [23-11-2009 08:43 7408]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S2 gupdate1c9af9fe711a948;Tjenesten Google Update (gupdate1c9af9fe711a948);c:\programmer\Google\Update\GoogleUpdate.exe [28-03-2009 13:22 133104]
S3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\qiolpm.sys --> c:\windows\system32\drivers\qiolpm.sys [?]
S3 ByakkoDriver;ByakkoDriver;\??\c:\docume~1\admin\LOKALE~1\Temp\14014781.07-24-2009 --> c:\docume~1\admin\LOKALE~1\Temp\14014781.07-24-2009 [?]
S3 Crossfire;Crossfire server;c:\programmer\Crossfire Server\Crossfire32.exe -srv --> c:\programmer\Crossfire Server\Crossfire32.exe -srv [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Indhold af mappen 'Planlagte Opgaver'

2010-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\programmer\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-08 21:38]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-03-28 12:22]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-03-28 12:22]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com
IE: &Download All by Gigaget - c:\programmer\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\programmer\Giganology\Gigaget\geturl.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\admin\Menuen Start\Programmer\IMVU\Run IMVU.lnk
LSP: c:\windows\system32\HMIPCore.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\gtg8iy4v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - component: c:\programmer\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\gtg8iy4v.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programmer\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\programmer\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmer\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmer\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 15:20
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spda.sys >>UNKNOWN [0x8A803938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> atapi.sys @ 0xb7dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Linksys Wireless-G PCI Adapter -> SendCompleteHandler -> NDIS.sys @ 0xb7d06b0a
PacketIndicateHandler -> NDIS.sys @ 0xb7cf3a0d
SendHandler -> NDIS.sys @ 0xb7d07b40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ByakkoDriver]
"ImagePath"="\??\c:\docume~1\admin\LOKALE~1\Temp\14014781.07-24-2009"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\programmer\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programmer\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-57989841-1580818891-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{41C3A75B-1846-C1AF-CD32-B92697275FF4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaikccmngednkjnjdmcgpibjpbafif"=hex:64,61,64,61,6c,6d,6c,6f,00,85
"oamlknlbhdpmfakmnbchenfgdpjckp"=hex:6a,61,69,61,6f,70,63,6b,63,66,62,6d,69,66,
  69,6a,66,63,6f,63,00,02
"naokmoclladlkkgdohcidohfpkgk"=hex:6a,61,69,61,6f,70,63,6b,63,66,62,6d,69,66,
  69,6a,66,63,6f,63,00,02

[HKEY_USERS\S-1-5-21-57989841-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c6,11,d0,b9,df,2a,fa,be,d5,33,08,09,6d,72,63,d7,e5,5c,af,39,72,97,d7,
  37,e8,bc,7e,c8,bf,bb,c1,61,9b,0a,20,fa,14,a7,63,0d,0b,9c,47,e7,1b,90,88,c3,\
"??"=hex:80,b7,c1,c2,d1,1e,bf,72,02,09,c0,68,79,d8,f5,1d

[HKEY_USERS\S-1-5-21-57989841-1580818891-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:5c,f4,1a,1e,33,9a,41,20,b4,13,40,74,5c,f2,9e,22,76,6c,f8,9f,7f,
  41,19,02,63,a3,47,39,29,8c,14,4b,7e,11,ed,4f,24,59,1f,44,c9,5b,ca,18,a9,5c,\
"rkeysecu"=hex:47,cd,a7,46,93,1d,5e,6a,8b,48,e2,11,41,6a,ef,d5

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€-€|ÿÿÿÿÀ•€|ù•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\HMIPCore.dll

- - - - - - - > 'explorer.exe'(2128)
c:\docume~1\admin\LOKALE~1\Temp\IadHide5.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\programmer\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
c:\programmer\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Gennemført tid: 2010-01-07  15:28:19 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-01-07 14:28
ComboFix2.txt  2010-01-05 22:12

Pre-Kørsel: 62.741.266.432 byte ledig
Post-Kørsel: 62.711.943.168 byte ledig

- - End Of File - - B456E077C3EAB846D53FCE07E80013D1


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:13, on 07-01-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\LogMeIn Hamachi\hamachi-2.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Programmer\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Logitech\MediaLife\MediaLifeService.exe
C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\TrojanHunter 5.2\THGuard.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Rocket Software\RocketTime\RocketTime.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Hide My IP 2009\HideMyIpSrv.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Programmer\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Programmer\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 5.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LDM] "C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Programmer\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programmer\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Ordbogen.com] C:\Programmer\CoolSystems\ordbogen.com\ordbogen.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Acess file.bat
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rocket.Time.lnk = C:\Programmer\Rocket Software\RocketTime\RocketTime.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Programmer\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Programmer\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\admin\Menuen Start\Programmer\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236351136530
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236352041055
O18 - Protocol: bw+0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: offline-8876480 - {8F087D93-7B4D-41E3-A3D8-0F09DC010EA2} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlackfishSQL - CodeGear - C:\Programmer\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Crossfire server (Crossfire) - Unknown owner - C:\Programmer\Crossfire Server\Crossfire32.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Tjenesten Google Update (gupdate1c9af9fe711a948) (gupdate1c9af9fe711a948) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programmer\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Programmer\Hide My IP 2009\HideMyIpSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programmer\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Programmer\MySQL\MySQL.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Programmer\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
O24 - Desktop Component 1: (no name) - http://www.google.com/

--
End of file - 22795 bytes
Avatar billede johnstigers Seniormester
07. januar 2010 - 19:38 #1
Så længe BitTorrent er inde bliver maskinen aldrig ren.
Avatar billede dazler Novice
07. januar 2010 - 20:25 #2
Kære John

Kunne du bruge lidt flere ord/forklare dig lidt mere præcis.

på forhånd tak.
Avatar billede johnstigers Seniormester
07. januar 2010 - 20:41 #3
Det man henter ned via fildeling er næsten altid fyldt med virus.

Det må ikke bruges hvis logs skal gennemgåes, så afinstaller Bittorrent.
Avatar billede dazler Novice
07. januar 2010 - 20:59 #4
Det er nu afinstalleret. (c:
Avatar billede dazler Novice
07. januar 2010 - 21:32 #5
Blot lige så jeg ikke sidder og venter forgæves...Bliver der kigget på de indsendte logs nu?

På forhånd tak.
Avatar billede Computer Hjælp (Gratis) Mester
07. januar 2010 - 22:05 #6
c:\Programmer\DNA\btdna.exe
c:\Programmer\BitTorrent\bittorrent.exe

http://www.spywarefri.dk/artikel/farerne-ved-fildeling/

---

Afinstall
* BitTorrent
* btdna

* Logitech Desktop Messenger
* Bonjour-tjeneste (Bonjour Service)
* Tjenesten Google Update
* Google Software Updater
* iPod-tjeneste (iPod Service)

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Klik på Start->Kør skriv Services.msc - ENTER
Find Tjenesten (Hvis den er der)
* MySQL - Unknown owner
* NMSAccessU - Unknown owner
* nProtect GameGuard Service (npggsvc)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

---------------------------------------

Med nævnte CCleaner - værktøjer - opstart - kan du disable følgende elementer fra din opstart:

* [mmtask]
* [AdobeCS4ServiceManager]
* [QuickTime Task]
* [iTunesHelper]

---------------------------------------

Hvad bruger du disse til:

O4 - Startup: Acess file.bat
O4 - HKCU\..\Run: [RGSC] C:\Programmer\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O23 - Service: BlackfishSQL - CodeGear - C:\Programmer\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Programmer\Hide My IP 2009\HideMyIpSrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

---------------------------------------

Ta' en oprydning med nævnte CCleaner...

---------------------------------------

Hvordan er status så nu ?
Avatar billede johnstigers Seniormester
07. januar 2010 - 22:17 #7
#5 jep
Karise_larry var hurtigst ;)
Avatar billede dazler Novice
07. januar 2010 - 23:30 #8
Hey Larry


Afinstall
* BitTorrent
* btdna

* Logitech Desktop Messenger
* Bonjour-tjeneste (Bonjour Service)
* Tjenesten Google Update
* Google Software Updater
* iPod-tjeneste (iPod Service)

Jeg havde, som tidligere nævnt afinstalleret:

* BitTorrent
* btdna

Jeg har nu afinstalleret:

* Logitech Desktop Messenger
* Bonjour-tjeneste (Bonjour Service)
* Tjenesten Google Update

Jeg kunne derimod ikke i tilføj/fjern finde disse:

* Google Software Updater
* iPod-tjeneste (iPod Service)




Klik på Start->Kør skriv Services.msc - ENTER
Find Tjenesten (Hvis den er der)
* MySQL - Unknown owner
* NMSAccessU - Unknown owner
* nProtect GameGuard Service (npggsvc)
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

Jeg kan ikke vælge "deaktiveret", ud for hver enkelt står der:

* MySQL      manuelt
* NMSAccessU  automatisk
* nProtect    manuelt

Jeg kan kun vælge "Start"


Hvad bruger du disse til:

O4 - Startup: Acess file.bat
O4 - HKCU\..\Run: [RGSC] C:\Programmer\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O23 - Service: BlackfishSQL - CodeGear - C:\Programmer\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Programmer\Hide My IP 2009\HideMyIpSrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

Det kan jeg ikke svare på. Som nævnt i mit spørgsmål er det ikke min pc, men derimod naboens 13 årige søn. Som du formodentlig ved er sådanne unge gutter verdensmester i stort set alt hvad der har med it at gøre....tror de. (c;

Er er noget af det der bør gøres noget ved?

Sidste gang jeg havde fingre i hans PC valgte jeg at formattere den og gav ham nogle anvisninger om hvordan han skulle hhv, ikke skulle bruge sin PC.

Jeg gætter på at du som jeg er autodidakt og vi har opnået den viden vi har ved at rode, lede og begå fejl og lære af disse. Jeg har derfor svært ved at sige til drengen at han skal sidde med hænderne i skødet - det lærer han ikke meget af.

Som du nok kan forstå er det svært at finde balancen, men jeg fortsætter ufortrødent at hjælpe ham på "rette vej".

Ta' en oprydning med nævnte CCleaner...

Det har jeg gjort. Jeg har haft flg. i brug:

* Avast (kørte på maskinen i forvejen)
* Superantispyware (var deaktiveret, men kører nu igen)
* Trojanhunter
* Ccleaner
* Combofix
* Malwarebytes
* Hijackthis

Hvordan er status så nu ?

Jamen ikke så meget anderledes. Jeg henvendte mig ikke fordi maskinen opførte sig (så vidt jeg kunne se) uhensigtsmæssigt - ikke længere. Jeg havde forsøgt at rense den så godt som mine evner rakte og ville gerne have jeres/din hjælp til at se diverse logs igennem inden jeg afleverer den igen.

Det hele startede faktisk med at han havde brændt sit grafikkort af.

\\  jan
Avatar billede dazler Novice
08. januar 2010 - 23:12 #9
Er jeg blevet glemt, eller er der blot travlhed? (c;
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 10:50 #10
Lige en hurtig:

De der "Services" elementer - HøjreMusseTast - Egenskaber ...

---
Avatar billede dazler Novice
09. januar 2010 - 11:03 #11
Larry

Mange tak.

Er der andet der skal ses på? (c:

\\  jan
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 11:10 #12
Check lige op på disse:

O4 - Startup: Acess file.bat
O4 - HKCU\..\Run: [RGSC] C:\Programmer\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O23 - Service: BlackfishSQL - CodeGear - C:\Programmer\CodeGear\RAD Studio\6.0\bin\BSQLServer.exe
O23 - Service: HideMyIpSRV - Unknown owner - C:\Programmer\Hide My IP 2009\HideMyIpSrv.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

Det er ikke 'snavs' men elementer som ikke behøver at snure i baggrunden...

---

Ta' en oprydning med CCleaner

---

Deaktiver Systemgendannelse.
Genstart.
Aktiver Systemgendannelse.
Opret systemgendannelsespunkt
Defragmenter systemet...

That's It ...
Avatar billede dazler Novice
09. januar 2010 - 11:19 #13
Larry

Mange tak for indsatsen. (c:

Hvordan er det at jeg tildeler dig point?

\\ jan
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 11:30 #14
http://www.eksperten.dk/faq#faq-3-1
Avatar billede dazler Novice
09. januar 2010 - 11:42 #15
Larry

Endnu en gang tak for hjælpen. Jeg kan forstå at jeg skal bede dig sende et svar i modsætning til en kommentar.

Send venligst et svar. Jeg vil herefter tildele dig 200 point.

\\  jan
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 13:17 #16
#12 ...
Avatar billede Computer Hjælp (Gratis) Mester
09. januar 2010 - 14:10 #17
Takker for Point...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:46 fra 23h2 til 24h2 Af valby i Windows
I går 23:26 Skærm skriver aging... Af kurtba i Skærme
I går 18:41 facebook - redigere oplysninger om mig. Af nu_igen i Sociale medier
05/0915:22 googlesites Af Joergen Skaastrup i Andet software
04/0919:10 Samsung Galaxy A21s Af nu_igen i Mobiltelefoner
White papers
Flere white papers »


Premium
Teaser billede
Broadcoms gigantopkøb af VMware kan være tjent hjem om blot tre år – de eneste tabere er kunderne
Læs mere »
Teenagehackere lammer berømt britisk bilproducent: Fabrikker lukket og medarbejdere hjemsendt
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Særlig aftale udelukker alle andre: Får solo-kontrakt på levering af udstyr til dansk supercomputer for millioner
Se alle »
Computerworld
Teaser billede
Apple er vippet af tronen: Er ikke længere klodens førende smartwatch-producent
Læs mere »
Windows 11 gemmer på gratis adgang til ChatGPT’s premium-funktioner
Trump har indkaldt USA’s it-elite til fællesmøde: En mand mangler
Ugen i tech: Tesla klar med ny, stor performance-bil / Det her ligner kablet over dem alle
Se alle »
CIO
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
De gyldne tider som it-konsulent er forbi: Noget er i gang med at ødelægge den guldrandede forretningsmodel
Stor kortlægning: Her er de 100 mest magtfulde it-personer i Danmark - se hele listen her
Novo Nordisks CIO og digitale topchef, Anders Romare, forlader selskabet
Se alle »
Job & Karriere
Teaser billede
Tryg skiller sig af med 225 it-medarbejdere: Outsourcer stor del af sin it-drift til indere
Læs mere »
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Her er fidusen: Sådan fastholder KMD og Twoday deres it-folk i lang tid
Medarbejderflugt? Disse danske it-selskaber har sværest ved at holde på deres it-folk
Se alle »
White paper
Teaser billede
Sådan sikrer du nem og beskyttet adgang til dine ressourcer
Læs mere »
Er I klar til at tage næste skridt på den digitale retailrejse?
Sikre og skalerbare datacentre med fokus på drift, energi og fremtid
Tidsbegrænset kampagne: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner gratis
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »