CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede chilip Nybegynder
07. april 2008 - 12:08 Der er 23 kommentarer og
1 løsning

Har jeg en virus jeg ikke kan finde?

Aloha.!

Jeg sidder med en Lenovo T60 LapTop fra IBM.
Den er indkøbt i august måned 2007, bl.a. fordi at det skulle være en super driftsikker maskine.

Stille og roligt henover efterår og vinter er maskinen dels blevet langsom, dels blevet "sær". Efter mange krumspring vælger jeg så en dag at give den "en ren røv at trutte i", dvs. genoprette maskinen som den kom fra fabrikken. (Via en sikkerhedspartition der ligger som standard på drevet.)

Så langt så godt, gamle data blev igen indlæst, og maskinen kørte. Gik derfor igang med at støvsuge Lenovos hjemmeside for seneste opdateringer, og installere disse. Fik valgt noget forkert, og blev sendt tilbage til start..

Summasummarum:
For 3 uger siden gav jeg den endnu en genopretning til fabriksstandard, og i lørdags lavede den så finten med ikke at ville starte. Den skrev at følgende fil manglede, eller var beskadiget: \Windows\System32\Config\System og derfor skulle repareres eller gendannes.
Dette har jeg så gjort nu, (via en sikkerhedskopi), og der kom liv i maskinen igen. Jeg er dog ret spændt på hvor længe den holder.

Min tese er at jeg nok sidder med en virus der er dybt begravet i enten mine gamle datafiler, eller i styresystemet. (Og derved forbliver den aktiv selv efter en gendannelse.) Men jeg ved det ikke med sikkerhed, og jeg kan ikke lige greje hvordan jeg skal finde ud af det det. Jeg har kørt gentagne scanninger med Avast Antivirus, (også den helt grundige ved systemopstart),og programmet fandt, for et par genopretninger tilbage "noget" i en Spool og system32-fil. Disse blev smidt i virus-kisten, hvorefter XP selvklart nægtede at køre. (Hvilket ledte til endnu en genopretning..!)

Derudover kan jeg nævne at jeg, i ny og næ, ved opstart af mit Outlook, (Office 2007), bemærker at programmet starter med at sende "meddelelse 4 af 4". Dette på trods af at jeg intet har haft liggende i min udbakke..

Er der nogen der har nogle gode bud på hvad jeg kan/skal gøre..?
Avatar billede chilip Nybegynder
07. april 2008 - 12:09 #1
Jeg skal lige nævne at jeg har været herinde i forummet og læse den anden tråd ang: \Windows\System32\Config\System ;-)
Avatar billede Computer Hjælp (Gratis) Mester
07. april 2008 - 12:30 #2
... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

------------------
Avatar billede chilip Nybegynder
07. april 2008 - 14:57 #3
Larry: Vil du have HiJack-en herinde, eller på Spywarefri..??
Avatar billede Computer Hjælp (Gratis) Mester
07. april 2008 - 15:33 #4
(Hold den bare her - nu er vi jo 'startet' ...)
Avatar billede chilip Nybegynder
07. april 2008 - 16:02 #5
Here goes..! ;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:44, on 07-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Logger\logmon.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Windows Live Toolbar\msn_sl.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pr-film.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AMSG] C:\Programmer\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-2585668054-2111175989-1985638081-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Programmer\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\RegistrationReminder.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {B6905E70-4B33-11D3-A498-0008C7DB06E6} (Navision Axapta Web Deployment Client) - http://87.48.152.168/AxaptaWebDeploy/AxWebDeploy.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = holmstrup.local
O17 - HKLM\Software\..\Telephony: DomainName = holmstrup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = holmstrup.local
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 15452 bytes
Avatar billede Computer Hjælp (Gratis) Mester
07. april 2008 - 17:04 #6
Der er ikke noget 'snavs' - bare en (typisk Lenovo/IBM) er pokker masse mere eller mindre unødvendig programmer/util i din opstart *S*

Hvad bruger du denne til ->
O4 - Startup: Registration .LNK = C:\Programmer\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\RegistrationReminder.exe
Avatar billede chilip Nybegynder
07. april 2008 - 17:14 #7
Ikke til noget, spillet er afinstalleret igen..!
Avatar billede Computer Hjælp (Gratis) Mester
07. april 2008 - 18:18 #8
Den kan du tihvertifald godt 'fixe' i HiJackThis - samme med disse i oprydnings tegn ->
Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Registration .LNK = C:\Programmer\Ubisoft\Peter Jackson's King Kong - The Official Game of the Movie\RegistrationReminder.exe

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

Genstart normalt...

------------------------------------------------------------------------
Avatar billede chilip Nybegynder
07. april 2008 - 21:37 #9
Sådan.
Jeg kunne ikke slettet denne: "C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll"
Da den kun optræder i loggen, men ikke i selve scanningsvinduet.

Min nye HiJack ser sådan her ud:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:51, on 07-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Logger\logmon.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Programmer\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Programmer\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pr-film.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programmer\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {B6905E70-4B33-11D3-A498-0008C7DB06E6} (Navision Axapta Web Deployment Client) - http://87.48.152.168/AxaptaWebDeploy/AxWebDeploy.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = holmstrup.local
O17 - HKLM\Software\..\Telephony: DomainName = holmstrup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = holmstrup.local
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 14166 bytes
Avatar billede Computer Hjælp (Gratis) Mester
07. april 2008 - 22:01 #10
Skidt med det... mest oprydning blandt overflødige elementer...

Mht.: "...ved opstart af mit Outlook, (Office 2007), bemærker at programmet starter med at sende "meddelelse 4 af 4"..." - sæt den til at IKKE sende med det samme der er forbindelse.
PS: Det _kan_ jo også bare være noget (automatisk) kviteringer fra tidliger modtaget E-mail hvor afsenderen har "anmodet" om kvitering... Disse ka' vistnok ikke ses umiddelbart i Udbakken...
Avatar billede chilip Nybegynder
07. april 2008 - 23:02 #11
Det kan jeg selvfølgelig gøre, men så må man jo formode at den så bare sender dem, når jeg tryker på "Send/Modtag"..?
Kvitteringer er det ikke, for disse bliver jeg promptet om..

Og så lige tillægsspørgsmålet:
Kan jeg evt. ha' en virus der har begravet sig på BIOS-niveau..??

Hvad er næste skridt så..?? ;-)
Avatar billede Computer Hjælp (Gratis) Mester
08. april 2008 - 08:15 #12
... men ER der noget i Udbakken ved opstart af MS Outloook. Og der IKKE er "udvekslet" ...

Jeg ka' ikke forestille mig noget virus ell. lign. på BIOS-niveau...
Avatar billede chilip Nybegynder
08. april 2008 - 11:26 #13
Nej. Der ligger intet i udbakken ved opstart. Kontrol-freaken i mig sørger altid for at mine mails er sendt inden jeg lukker ned. ;-)
Avatar billede Computer Hjælp (Gratis) Mester
08. april 2008 - 11:44 #14
Næstsidste skud ->

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; hvis du har 'mod' på det så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede chilip Nybegynder
08. april 2008 - 12:20 #15
Selvfølgelig har jeg det. (Skrev manden uden at vide hvad han gik ind til..!) ;-)
Avatar billede chilip Nybegynder
08. april 2008 - 22:18 #16
Så er det gjort.

Vil du have alle log'sne her i tråden, eller skal jeg smide dem i virus-kategorien..??
Avatar billede Computer Hjælp (Gratis) Mester
08. april 2008 - 22:19 #17
(La' os bare bliver her *S*)
Avatar billede chilip Nybegynder
08. april 2008 - 22:45 #18
Oki-Doki.

Here goes..! ;-)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/08/2008 at 06:09 PM

Application Version : 4.0.1154

Core Rules Database Version : 3433
Trace Rules Database Version: 1425

Scan type      : Complete Scan
Total Scan Time : 00:26:25

Memory items scanned      : 226
Memory threats detected  : 0
Registry items scanned    : 6948
Registry threats detected : 0
File items scanned        : 18220
File threats detected    : 63

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad1.emediate[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[3].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@telmore.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@lenovo.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@singlesex[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@bankdata.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@autocom.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@sonyeurope.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@pulz.banneradministration[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@coopdev.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.revsci[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.findsvar[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.banneradministration[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.guru3d[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@eas.apm.emediate[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@videoegg.adbureau[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.singlesex[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@politiken.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.planetactive[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@socialmedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@rocku.adbureau[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:31, on 08-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\Logger\logmon.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Programmer\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Programmer\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pr-film.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programmer\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StatusClient 2.5] C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {B6905E70-4B33-11D3-A498-0008C7DB06E6} (Navision Axapta Web Deployment Client) - http://87.48.152.168/AxaptaWebDeploy/AxWebDeploy.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = holmstrup.local
O17 - HKLM\Software\..\Telephony: DomainName = holmstrup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = holmstrup.local
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AwayNotify - C:\Programmer\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 14338 bytes

ComboFix 08-04-07.5 - Administrator 2008-04-08 22:09:57.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.248 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\HiJack\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-03-08 to 2008-04-08  )))))))))))))))))))))))))))))))
.

2008-04-08 17:28 . 2008-04-08 21:58    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-04-08 17:28 . 2008-04-08 17:28    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 17:28 . 2008-04-08 17:28    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-08 17:17 . 2008-04-08 17:17    <DIR>    d--------    C:\Programmer\CCleaner
2008-04-07 14:57 . 2008-04-07 14:57    <DIR>    d--------    C:\Programmer\Trend Micro
2008-03-31 11:55 . 2008-03-31 11:55    <DIR>    d--------    C:\Programmer\Fælles filer\xing shared
2008-03-31 10:37 . 2008-03-29 19:31    75,856    ---------    C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 10:37 . 2008-03-29 19:35    20,560    ---------    C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-30 20:35 . 2008-03-30 20:35    <DIR>    d--------    C:\Programmer\Fælles filer\Macromedia
2008-03-30 20:34 . 2008-03-30 20:35    <DIR>    d--------    C:\Programmer\Macromedia
2008-03-30 17:29 . 2008-03-30 17:29    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\DivX
2008-03-24 14:08 . 2008-03-24 14:08    <DIR>    d--------    C:\WINDOWS\system32\NtmsData
2008-03-18 00:31 . 2008-03-18 00:31    <DIR>    d--------    C:\Programmer\Navision
2008-03-18 00:04 . 2008-03-18 00:04    <DIR>    d--------    C:\Programmer\XP Codec Pack
2008-03-18 00:04 . 2008-03-18 00:04    <DIR>    d--------    C:\Programmer\Codec
2008-03-17 15:45 . 2008-04-01 13:05    171    ---------    C:\WINDOWS\hpbafd.ini
2008-03-17 13:23 . 2008-03-17 18:01    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-03-11 17:45 . 2008-03-11 17:45    <DIR>    d--------    C:\Documents and Settings\Administrator\Bluetooth Software
2008-03-10 17:59 . 2008-03-10 17:59    <DIR>    d--------    C:\Documents and Settings\Administrator\Application Data\InterVideo

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 15:28    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-06 20:47    5,427    ------w    C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-02 09:44    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-31 09:55    ---------    d-----w    C:\Programmer\Fælles filer\Real
2008-03-30 18:35    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-03-29 17:45    1,146,232    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35    94,544    ------w    C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29    23,152    ------w    C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27    42,912    ------w    C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26    26,944    ------w    C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23    95,608    ----a-w    C:\WINDOWS\system32\AvastSS.scr
2008-03-27 17:49    ---------    d-----w    C:\Programmer\Java
2008-03-26 11:20    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-06 21:27    ---------    d--h--w    C:\Programmer\Zero G Registry
2008-03-06 21:27    ---------    d-----w    C:\Programmer\Hewlett-Packard
2008-03-06 21:22    ---------    d-----w    C:\Programmer\Fælles filer\SWF Studio
2008-03-06 15:29    962,560    ------w    C:\WINDOWS\system32\VSFilter.dll
2008-03-03 13:02    ---------    d-----w    C:\Programmer\iTunes
2008-03-03 13:02    ---------    d-----w    C:\Programmer\iPod
2008-03-03 13:02    ---------    d-----w    C:\Programmer\Fælles filer\Apple
2008-03-03 12:57    ---------    d-----w    C:\Programmer\Windows Live
2008-03-03 12:42    ---------    d-----w    C:\Programmer\QuickTime
2008-03-03 12:41    ---------    d-----w    C:\Programmer\Apple Software Update
2008-03-03 12:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-03 12:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Apple
2008-03-03 11:40    ---------    d-----w    C:\Programmer\SkoleKom
2008-03-03 11:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\FirstClass
2008-03-03 11:40    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\FirstClass
2008-03-02 17:53    ---------    d-----w    C:\Programmer\Microsoft SQL Server Compact Edition
2008-03-02 17:49    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-03-02 17:46    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 12:52    ---------    d-----w    C:\Programmer\Microsoft SQL Server
2008-03-01 12:48    ---------    d-----w    C:\Programmer\MSXML 6.0
2008-03-01 12:48    ---------    d-----w    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-03-01 12:43    ---------    d-----w    C:\Programmer\MSXML 4.0
2008-02-29 23:53    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-02-29 22:05    ---------    d-----w    C:\Programmer\Windows Media Connect 2
2008-02-29 22:03    ---------    d-----w    C:\Programmer\Real
2008-02-29 21:36    ---------    d-----w    C:\Programmer\Microsoft ActiveSync
2008-02-29 21:30    ---------    d-----w    C:\Programmer\Microsoft Silverlight
2008-02-29 18:16    21,376    ------w    C:\WINDOWS\system32\drivers\psadd.sys
2008-02-29 18:01    47    ------w    C:\WINDOWS\system32\drivers\IBM_6372_63G.MRK
2008-02-29 18:01    ---------    d-----w    C:\Programmer\Lenovo
2008-02-29 18:01    ---------    d-----w    C:\Programmer\Fælles filer\Lenovo
2008-02-29 18:01    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-29 18:01    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-02-29 17:02    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2008-02-29 17:01    ---------    d-----w    C:\Programmer\Windows Desktop Search
2008-02-29 16:55    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2008-02-29 16:21    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-02-29 16:17    ---------    d-----w    C:\Programmer\MSBuild
2008-02-29 16:17    ---------    d-----w    C:\Programmer\Microsoft Works
2008-02-29 16:13    ---------    d-----w    C:\Programmer\Microsoft Visual Studio 8
2008-02-29 16:03    ---------    d-----w    C:\Documents and Settings\Rune\Application Data\Lenovo
2008-02-29 16:03    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Lenovo
2008-02-29 16:03    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-02-29 15:49    ---------    d-----w    C:\Programmer\Alwil Software
2008-02-29 13:35    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-02-29 13:31    ---------    d-----w    C:\Programmer\Symantec Client Security
2008-02-29 13:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-29 12:58    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2008-02-29 12:57    50    ------w    C:\WINDOWS\system32\drivers\LENOVO_6372_63G.MRK
2008-02-29 12:49    ---------    d-----w    C:\Programmer\Microsoft Small Business
2008-02-29 12:43    ---------    d-----w    C:\Programmer\Microsoft.NET
2008-02-29 12:40    ---------    d-----w    C:\WINDOWS\system32\config\systemprofile\Application Data\ThinkVantage
2008-02-29 12:40    ---------    d-----w    C:\WINDOWS\system32\config\systemprofile\Application Data\Lenovo
2008-02-29 12:40    ---------    d-----w    C:\Documents and Settings\Rune\Application Data\ThinkVantage
2008-02-29 12:40    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\ThinkVantage
2008-02-29 12:34    23,552    ------w    C:\WINDOWS\system32\drivers\psasrv.exe
2008-02-29 12:33    7,012    ------w    C:\WINDOWS\system32\drivers\pmemnt.sys
2008-02-29 12:33    ---------    d-----w    C:\Programmer\TVT SMBus
2008-02-29 12:33    ---------    d-----w    C:\Programmer\ThinkPad
2008-02-29 12:33    ---------    d-----w    C:\Programmer\SMI2
2008-02-29 12:33    ---------    d-----w    C:\Programmer\Picasa2
2008-02-29 12:32    ---------    d-----w    C:\Programmer\Diskeeper Corporation
2008-02-29 12:28    ---------    d-----w    C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-02-29 12:28    ---------    d-----w    C:\Documents and Settings\Rune\Application Data\Symantec
2008-02-29 12:28    ---------    d-----w    C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-29 12:27    ---------    d-----w    C:\Programmer\PCDR5
2008-02-29 12:25    ---------    d-----w    C:\Programmer\Sonic Icons for Lenovo
2008-02-29 12:25    ---------    d-----w    C:\Programmer\Sonic
2008-02-29 12:25    ---------    d-----w    C:\Programmer\Multimedia Center for Think Offerings
2008-02-29 12:25    ---------    d-----w    C:\Programmer\Fælles filer\SureThing Shared
2008-02-29 12:25    ---------    d-----w    C:\Programmer\Fælles filer\Sonic Shared
2008-02-29 12:25    ---------    d-----w    C:\Programmer\Fælles filer\Installshield
2008-02-29 12:25    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-29 12:24    ---------    d-----w    C:\Programmer\InterVideo
2008-02-29 12:24    ---------    d-----w    C:\Programmer\Fælles filer\InterVideo
2008-02-29 12:23    ---------    d-----w    C:\Programmer\ThinkVantage
2008-02-29 12:22    ---------    d-----w    C:\Programmer\Fælles filer\Java
2008-02-29 12:20    ---------    d-----w    C:\Documents and Settings\NetworkService\Application Data\Intel
2008-02-29 12:18    ---------    d-----w    C:\Programmer\CONEXANT
2008-02-29 12:18    ---------    d-----w    C:\Programmer\Analog Devices
2008-02-29 12:18    ---------    d-----w    C:\Documents and Settings\LocalService\Application Data\Intel
2008-02-29 12:17    0    ---h--r    C:\WINDOWS\system32\drivers\IBM_6372_63G_TP.MRK
2008-02-29 12:16    21,419    ------w    C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-29 12:16    ---------    d-----w    C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-02-29 12:16    ---------    d-----w    C:\Programmer\ThinkVantage Fingerprint Software
2008-02-29 12:16    ---------    d-----w    C:\Programmer\Intel
2008-02-29 12:16    ---------    d-----w    C:\Programmer\Fælles filer\ThinkVantage Fingerprint Software
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-28 01:00 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 18:13 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 18:13 208896]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 07:17 110592]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 07:16 512000]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 19:22 237568]
"TPKMAPHELPER"="C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064]
"TpShocks"="TpShocks.exe" [2006-03-15 20:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 03:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Programmer\Analog Devices\Core\smax4pnp.exe" [2005-05-20 02:11 925696]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 16:06 716800]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-25 08:21 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-25 08:17 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-25 08:21 118784]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 18:11 110592]
"AMSG"="C:\Programmer\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 08:23 487424]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"AwaySch"="C:\Programmer\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 19:07 69632]
"DiskeeperSystray"="C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 17:24 196696]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-02-19 17:10 409600]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-02-19 17:02 110592]
"PDService.exe"="C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 17:38 41472]
"cssauth"="C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 19:13 2341632]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"StatusClient 2.5"="C:\Programmer\Hewlett-Packard\Toolbox\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2003-10-01 00:39 61440]
"TomcatStartup 2.5"="C:\Programmer\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2003-06-10 18:47 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-28 01:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BTTray.lnk - C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 15:51:02 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-29 14:18:26 24576]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Programmer\Lenovo\AwayTask\AwayNotify.dll 2006-08-16 19:07 49152 C:\Programmer\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 20:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 16:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 13:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Programmer\Microsoft ActiveSync\rapimgr.exe"= C:\Programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmer\Microsoft ActiveSync\wcescomm.exe"= C:\Programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmer\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-15 18:08]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 01:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 13:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-25 18:13]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;"C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 12:01]
R2 PrivateDisk;PrivateDisk;C:\Programmer\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 17:05]
R2 smi2;smi2;C:\Programmer\SMI2\smi2.sys [2006-07-14 16:55]
R2 smihlp;SMI helper driver;C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 20:00]
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-04-25 20:13]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E}]
C:\WINDOWS\system32\msiexec.exe  /fup {9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E} /q
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 12:41:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-04-08 19:55:07 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-04-08 20:08:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 22:13:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-04-08 22:14:38
ComboFix-quarantined-files.txt  2008-04-08 20:14:18
Pre-Run: 28,186,656,768 byte ledig
Post-Run: 28,166,643,712 byte ledig
.
2008-03-13 01:57:47    --- E O F --- 

Goffernøjerlse..! ;-)
Avatar billede Computer Hjælp (Gratis) Mester
09. april 2008 - 08:19 #19
For en go' ordens skyld - der er ikke noget at gi' af ifølge loggen...
Avatar billede chilip Nybegynder
09. april 2008 - 13:27 #20
Du mener altså at jeg har en helt ren maskine nu..??
Avatar billede Computer Hjælp (Gratis) Mester
09. april 2008 - 13:31 #21
Jeps - bortset fra den generelle virus kaldet Microsoft *S*
Avatar billede chilip Nybegynder
09. april 2008 - 15:41 #22
Hvilket program fjerner den virus..?? *GG*

Skriv et svar, så får du point.
Avatar billede Computer Hjælp (Gratis) Mester
09. april 2008 - 18:07 #23
http://www.killdisk.com/downloadfree.htm - ka' fjerne alle former for vira *GH*
Avatar billede Computer Hjælp (Gratis) Mester
09. april 2008 - 18:08 #24
Ping...
(Det var et [svar]...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
Manglende plads Af Prado i Windows 10 16/07/202416:11 17/07/202406:01
Windows 11 problem!!! Af Lion i Windows 9 16/07/202415:05 18/07/202419:43
Reduseret lydstyrke i Windows Af valby i Windows 25 12/07/202419:01 16/07/202415:56
Pixeline cd’er til PC Af Mathilde i Windows 13 05/07/202414:04 16/07/202416:03
Windows 10 - IIS 10 Af bsn i Windows 1 05/07/202401:14 19/07/202421:57
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
I går 15:27 Billeder kan ikke åbnes Jpeg.modd Af KristinaS i Billedbehandling
I går 13:44 eM Client Af valby i E-mail programmer
I går 13:33 Facebook gruppe Af Btimmer i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Læs mere »
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Sådan forbereder energiselskabet OK sig på cyberangreb: "Prisen for ikke at gøre noget kan være forfærdeligt høj"
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Sådan får du overblik og beskytter dine cloudapplikationer
Læs mere »
Sådan: Sikker, hurtig og fleksibel storage til dine kritiske data
Opdag fordelene ved cloud-baseret backup og recovery
SASE: Træf det rette valg – første gang
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »