MSN virus
HejEn af mine kontaktpersoner på MSN gjorde mig opmærksom på at jeg sendte mystiske beskeder ud til folk - så jeg har været igang med en bunke programmer CCleaner, Malwarebytes, Superantispyware, Combofix og så en gang Highjackthis.
Hvis der er en der ville være behjælpelig med at kigge disse logfiler igennem ville det være fedt.
Under kørslen af Combofix pingede mit normale antivirusprogram op med beskeden "contains code of the Eicar test signature virus" så den kørte jeg i karantæne.
Ellers blev der tilsyneladende ikke fundet noget.
Godt nytår folkens!
MALWAREBYTES:
Malwarebytes' Anti-Malware 1.31
Database version: 1612
Windows 5.1.2600 Service Pack 3
2009-01-05 08:19:18
mbam-log-2009-01-05 (08-19-18).txt
Skan type: Fuldstændig skanning (C:\|G:\|)
Objekter skannet: 253187
Tid tilbagelagt: 5 hour(s), 3 minute(s), 20 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
(Ingen mistænkelige filer fundet)
COMBOFIX:
ComboFix 09-01-02.01 - Mir 2009-01-05 8:27:10.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.1014.574 [GMT 1:00]
Kører fra: c:\downloads\Programmer\Antispyware\ComboFix.exe
[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((((((( Filer skabt fra 2008-12-05 til 2009-01-05 )))))))))))))))))))))))))))))))))))
.
2009-01-04 21:03 . 2009-01-04 21:03 <DIR> d-------- c:\programmer\SUPERAntiSpyware
2009-01-04 21:03 . 2009-01-04 21:03 <DIR> d-------- c:\documents and settings\mir\Application Data\SUPERAntiSpyware.com
2009-01-04 21:03 . 2009-01-04 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-30 12:36 . 2008-12-30 12:36 244 --ah----- C:\sqmnoopt10.sqm
2008-12-30 12:36 . 2008-12-30 12:36 232 --ah----- C:\sqmdata10.sqm
2008-12-30 12:35 . 2008-12-30 12:35 244 --ah----- C:\sqmnoopt09.sqm
2008-12-30 12:35 . 2008-12-30 12:35 232 --ah----- C:\sqmdata09.sqm
2008-12-29 17:01 . 2008-12-29 17:01 244 --ah----- C:\sqmnoopt08.sqm
2008-12-29 17:01 . 2008-12-29 17:01 232 --ah----- C:\sqmdata08.sqm
2008-12-28 12:41 . 2008-12-28 12:41 244 --ah----- C:\sqmnoopt07.sqm
2008-12-28 12:41 . 2008-12-28 12:41 232 --ah----- C:\sqmdata07.sqm
2008-12-27 08:44 . 2008-12-27 08:44 244 --ah----- C:\sqmnoopt06.sqm
2008-12-27 08:44 . 2008-12-27 08:44 232 --ah----- C:\sqmdata06.sqm
2008-12-26 00:38 . 2008-12-26 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\MemeoCommon
2008-12-26 00:37 . 2008-12-26 00:37 <DIR> d-------- c:\documents and settings\mir\Application Data\WD
2008-12-26 00:29 . 2008-12-26 00:29 <DIR> d-------- c:\programmer\WD
2008-12-26 00:29 . 2008-12-26 00:29 <DIR> d-------- c:\programmer\Fælles filer\eSellerate
2008-12-25 21:00 . 2008-12-25 21:00 <DIR> d-------- c:\programmer\Western Digital Technologies
2008-12-25 20:59 . 2008-12-25 21:00 <DIR> d-------- c:\programmer\Western Digital
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:38 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-27 22:31 --------- d-----w c:\programmer\Fælles filer\Skype
2008-11-27 22:31 --------- d-----w c:\documents and settings\mir\Application Data\skypePM
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 21:54 --------- d-----w c:\documents and settings\mir\Application Data\Flickr
2008-11-07 21:53 --------- d-----w c:\programmer\Flickr Uploadr
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:41 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:41 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:37 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-13 12:32 6,656 ----a-w c:\windows\system32\haspvdd.dll
2008-08-20 19:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
2008-08-20 19:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008082020080821\index.dat
2008-08-20 19:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DAEMON Tools"="c:\programmer\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"avgnt"="c:\programmer\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 266497]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"PDService.exe"="c:\programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TkBellExe"="c:\programmer\Fælles filer\Real\Update_OB\realsched.exe" [2008-06-25 185896]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"WD Drive Manager"="c:\programmer\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"WD Anywhere Backup"="c:\programmer\WD\WD Anywhere Backup\MemeoLauncher2.exe" [2008-11-07 197856]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DWQueuedReporting"="c:\progra~1\FÆLLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Dataviz Messenger.lnk - c:\windows\DvzCommon\DvzMsgr.exe [2003-07-01 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 15:54 89600 c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 14:52 32768 c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 20:16 24576 c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd ACGina
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Programmer\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmer\\Palm\\HOTSYNC.EXE"=
"c:\\Programmer\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"=
"c:\\Programmer\\Autodesk\\Maya8.5\\bin\\maya.exe"=
"c:\\Programmer\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-12-29 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-02-21 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-02-21 4224]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 51440]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-12-29 6528]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-02-21 57344]
R4 PrivateDisk;PrivateDisk;c:\programmer\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-13 58368]
R4 smi2;smi2;c:\programmer\SMI2\smi2.sys [2007-03-23 3968]
R4 smihlp2;SMI Helper Driver (smihlp2);c:\programmer\Fælles filer\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
S3 DFSTR2K;DATAFAB based USB Mass Storage Driver;c:\windows\system32\drivers\DfStor2K.sys [2006-12-30 37972]
S3 kwwalpgr;kwwalpgr;\??\c:\docume~1\mir\LOKALE~1\Temp\kwwalpgr.sys --> c:\docume~1\mir\LOKALE~1\Temp\kwwalpgr.sys [?]
S3 PAC7311;Cammaestro 1.0PT build 146;c:\windows\system32\drivers\PA707UCM.sys [2005-06-27 140800]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-01-01 14336]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\programmer\WD\WD Anywhere Backup\MemeoBackgroundService.exe [2008-11-07 25824]
S4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\programmer\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-02-19 106496]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - resycled\boot.com c:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1881188-0fb5-11dc-a64f-0014a4364d4e}]
\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3950d1a-99c7-11dd-a6e0-0014a4364d4e}]
\Shell\Autoplay\Command - autorun.exe
\Shell\AutoRun\command - autorun.exe
\Shell\Explore\Command - autorun.exe
\Shell\Open\Command - autorun.exe
.
Indhold af mappen 'Planlagte Opgaver'
2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send til &Bluetooth - c:\programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
c:\windows\Downloaded Program Files\Rawflow.ocx - O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00}
hxxp://downol.dr.dk/download/netradio/Rawflow.cab
c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\acpir2.dll
O16 -: {2DAD3559-2923-4935-AD49-B673D2539944}
hxxp://www-307.ibm.com/pc/support/acpir.cab
c:\windows\Downloaded Program Files\acpir.inf
c:\windows\Downloaded Program Files\tra2_5_0.rc - c:\windows\Downloaded Program Files\PIXACODnDUpload.ocx
O16 -: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA}
hxxp://www.pixaco.dk/static/download/pixacodndupload.cab
c:\windows\Downloaded Program Files\PIXACODnDUpload.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 09:00:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2993597671-1501666287-457573857-1005\Software\SecuROM\License information*NULL*]
"datasecu"=hex:ed,9e,b2,94,e6,3b,ff,af,8b,ae,5b,bd,db,27,6a,22,1b,a4,c0,96,65,\
1a,0b,f0,5f,26,20,5a,5c,ba,d3,e2,51,df,9f,4c,50,32,19,87,a2,64,6b,c6,a1,a1,\
3a,a2,66,b7,c7,09,0e,da,f0,18,59,ef,99,01,f9,e4,fa,49,c4,fe,6a,8e,2d,44,7f,\
6c,60,3a,84,49,33,aa,f0,cf,ef,48,1d,01,ea,67,2b,4a,10,58,bb,09,88,ff,2c,90,\
fe,9b,56,90,bb,7c,c7,fb,33,ae,2f,68,ea,a5,40,b5,27,55,9c,6f,c2,72,03,51,49,\
3a,b4,28,10,c4,2b,2e,66,b7,ff,f4,d6,0e,ce,6a,07,4b,58,7e,1a,57,f9,c6,be,3c,\
23,1e,0c,93,83,bf,af,35,2e,ad,6c,ed,7f,1d,3a,ae,72,cf,43,c0,67,6b,bb,34,b0,\
aa,ee,97,de,ca,da,6a,b2,82,57,1c,5b,e8,f6,78,2f,bd,82,d4,99,85,d5,19,7c,87,\
24,0d,0c,82,ae,ed,f6,ea,e1,21,bb,34,70,e2,9d,4d,bf,99,2d,fd,29,d6,6e,d4,b7,\
f6,18,6f,bd,a6,a6,46,3b,7d,a7,e6,f6,1d,c6,ae,ba,5e,9e,16,33,0a,3a,f0,6b,d0,\
b6,a8,21,a1,62,75,f6,b3,bd,07,c2,b6,30,b8,f6,a4,9e,20,c9,29,66,f0,41,2c,43,\
31,85,d0,1e,a2,af,4a,e6,c3,1f,6b,c9,37,5d,70,f1,8d,c3,5e,36,9c,75,c1,33,ae,\
7a,13,6b,7d,b2,22,98,4f,3d,22,1d,0e,4a,87,e0,a6,4c,90,27,56,f3,e0,6f,16,72,\
d2,ff,40,01,31,88,a1,5d,52,b9,99,90,58,38,a4,70,e8,63,74,1c,c6,a1,d5,1c,ea,\
92,b1,56,97,76,40,c5,ef,c6,d9,2e,4e,39,8f,fa,c5,d9,8c,64,b3,dc,9e,fa,27,d3,\
2b,19,b1,a2,7b,9d,45,60,0f,f6,0d,c3,7a,98,95,af,5c,00,37,d3,d4,c8,99,37,38,\
c3,d4,d5,c8,54,87,03,96,df,45,b2,d4,f7,34,7d,64,41,d0,a6,ea,ab,ee,90,41,bd,\
7a,b5,26,71,6e,45,03,70,7b,86,e9,74,75,e4,88,9c,63,9d,8e,47,b0,0e,7b,09,5c,\
2c,d9,74,cc,0e,1b,5c,4b,db,99,78,08,05,08,e8,b4,72,cc,c1,e4,f7,56,89,5a,71,\
6f,0b,b8,3b,9e,8b,95,8e,fa,0e,f0,23,26,7c,3b,3a,44,47,aa,7c,96,4e,69,74,af,\
aa,dc,c2,6c,e8,b4,1f,95,45,d9,7e,18,26,34,d3,03,90,92,1c,3a,b4,7c,87,b4,c1,\
96,ac,ea,4f,f7,52,91,2d,f2,55,ab,17,05,56,cf,33,a3,d0,77,ed,37,12,fc,0a,eb,\
70,97,2d,e9,db,c8,ba,37,38,25,61,0e,f2,3e,8f,0c,ab,58,36,55,d6,79,7e,c9,8a,\
7d,38,e7,e3,f9,85,ea,b1,3a,03,f5,18,ff,6e,7f,fe,76,67,07,6b,dc,a9,27,ae,70,\
c5,c2,ff,b2,61,da,23,30,d5,96,e9,f5,10,37,d9,ee,bb,da,89,16,33,ac,f8,2a,70,\
57,81,90,61,88,d3,40,d1,f2,18,ca,d9,bb,d1,2c,72,b3,aa,97,51,84,88,02,f7,49,\
35,7e,60,87,d3,53,9b,b6,9d,b3,ff,68,d0,95,15,ea,b3,e3,a2,9c,f7,85,67,eb,c9,\
f0,8f,88,1f,33,7f,43,cb,3c,92,c5,2a,ff,54,04,7f,61,67,b2,b3,d3,30,b5,e9,18,\
fd,a0,9d,cb,f2,77,a9,45,ba,3a,ca,f1,d6,87,21,95,9d,92,3d,77,6b,19,25,fb,ba,\
12,64,1e,84,0f,69,9e,2b,e4,e3,2c,27,13,58,5a,53,64,76,7e,37,b3,d1,35,fe,d5,\
ba,15,bb,4a,91,05,c3,21,8e,a2,7d,0b,a3,5d,a3,58,17,7c,e6,37,cd,5c,b4,eb,e4,\
74,9a,e9,e4,3c,52,22,cf,e3,8b,9a,58,23,74,45,79,4f,5c,ed,f2,5b,10,f1,bd,08,\
a2,4e,0e,f1,bb,5a,93,76,d0,b9,d4,57,48,32,1b,53,77,1a,8e,16,a5,a7,fb,25,ee,\
e6,97,dc,88,3f,e7,08,c7,a3,5d,05,ca,8e,52,20,73,06,45,10,c0,33,1d,07,72,27,\
4a,3f,fb,b2,f8,02,a2,82,2b,11,25,ff,ac,05,5e,8b,d8,f6,49,de,c6,ab,2b,c6,63,\
15,81,1a,d0,5e,d6,e5,4f,9c,a1,39,7f,d5,78,57,d3,e7,ce,0a,86,fa,49,15,21,3f,\
4d,f8,65,1e,89,27,51,be,4b,be,b9,93,88,73,17,3a,66,4b,9e,f0,c5,94,81,b2,22,\
2f,d6,9a,73,62,9f,bc,d0,da,a3,5c,74,39,a0,64,86,fc,01,d9,7f,94,c8,8b,c8,69,\
a0,df,28,51,25,f4,84,09,a2,00,be,c1,8e,05,21,45,fd,6f,82,7c,8c,3b,1f,e3,bd,\
ca,82,23,27,ce,60,53,07,9c,cb,d5,1a,a6,2b,38,83,7b,9f,14,5f,ee,ec,41,16,08,\
47,c6,1b,4b,01,ff,df,a1,d9,80,97,50,9f,87,e5,f6,1b,0c,a5,8b,b6,7f,fd,d0,3e,\
b8,41,d3,ab,50,a9,37,d1,6a,d9,95,a3,49,d7,41,6a,0b,1b,94,00,b4,7d,29,b8,4d,\
24,74,aa,e2,46,8b,2e,82,34,aa,c3,33,b7,f8,d1,10,ce,d3,a4,df,0e,2e,fb,5a,a2,\
0f,97,45,e9,e5,bd,40,b4,57,78,db,73,65,a9,d9,3b,4c,40,04,26,6a,2d,84,de,e8,\
aa,20,0c,71,9d,70,50,8a,25,ac,88,dc,65,50,8a,50,e6,17,36,d9,85,3c,ec,0f,25,\
56,50,99,c3,69,46,48,85,c1,19,1e,a3,5c,6d,f7,9f,b1,87,0a,76,1a,27,43,e6,bf,\
3f,d4,cf,f6,e5,a6,4a,78,a1,d7,e9,19,63,bc,2f,29,29,e3,11,36,03,67,01,84,4a,\
31,a9,70,67,c6,97,8a,59,da,f6,a0,44,1f,dc,86,1c,cf,6f,d6,0c,0e,ed,a8,64,6f,\
1e,c6,26,4e,a8,7f,ae,2e,64,86,b5,75,70,7a,d8,f3,83,ba,62,49,d7,93,eb,72,a6,\
ca,14,ef,31,c0,1a,fe,3a,8a,25,15,b3,dd,36,ed,76,c7,c4,15,7f,97,fc,aa,c4,c4,\
29,14,5e,af,e5,9b,bc,f0,e0,61,8a,42,26,28,4b,fd,a3,d9,21,6b,dd,49,b6,dd,d8,\
38,99,fb,a2,14,96,40,d6,ed,1c,1a,df,44,93,32,b3,e4,5a,60,24,36,0d,a1,08,3b,\
00,a0,85,2f,c9,bc,50,12,52,1a,fd,95,8e,63,11,1e,48,b0,01,c2,71,07,bf,83,9a,\
e0,31,4c,3a,95,c0,74,7f,1b,e0,91,4a,6c,5e,0a,49,37,7a,0e,9c,7a,20,f8,ea,05,\
27,11,7d,ac,34,de,30,39,8e,e2,99,fc,2e,23,54,30,71,bf,52,ab,a5,6c,2a,93,92,\
5c,a1,7c,ea,56,c1,cf,2e,b8,77,3e,e4,de,dc,a6,8e,97,28,a9,23,7f,27,17,b2,c8,\
03,12,b1,aa,b2,cc,1c,7d,81,e6,f7,30,c1,7f,91,54,d3,48,ca,bc,ad,28,6f,89,42,\
c5,1f,87,92,04,ae,4f,74,1e,13,f2,5a,c4,5e,b6,07,d1,2b,35,e0,7d,da,08,2f,e6,\
d7,84,e7,fd,8e,d6,df,01,b9,f7,db,1c,b9,b6,80,94,0c,fe,a5,81,ac,a8,26,a5,21,\
61,3a,ae,7f,87,ce,29,84,09,d0,dd,64,56,fa,fd,05,c4,f2,a8,00,0c,9d,94,20,43,\
db,45,d9,9a,69,0b,e1,9c,05,4d,1e,59,f4,c7,f5,1e,2a,03,cc,e8,b9,2e,82,7f,f8,\
be,e3,85,30,62,f0,f7,1b,86,89,da,36,fa,f5,90,93,1e,fb,31,0a,13,02,38,e1,73,\
9f,3d,fb,45,ea,36,b7,ea,0f,ca,b3,b6,41,4a,16,ee,fe,4c,48,1c,3e,86,d5,5d,e9,\
9a,60,38,9d,84,f1,0e,bd,47,3b,d0,72,a9,e6,0c,3b,45,73,81,66,9f,a5,cc,70,23,\
19,0d,e8,20,0b,ba,45,5b,ed,2b,92,9d,8d,2e,18,6e,92,ea,6e,a1,4e,0b,9e,a5,fc,\
d0,e1,5b,e5,1c,3f,88,61,95,21,63,ee,d5,e4,d1,7e,28,87,9b,30,21,c9,8c,6a,73,\
e1,c2,7e,4e,71,6f,e2,f7,f9,56,37,f1,1a,b8,00,92,17,15,3d,39,db,5c,b9,94,54,\
34,ce,c6,41,49,a7,6e,97,23,68,aa,76,a5,c0,f2,a8,db,79,74,ce,33,db,50,ae,6b,\
05,90,08,ec,f0,85,77,cc,ac,04,c9,80,84,15,9b,ca,29,11,1f,1a,f2,07,fb,6f,8f,\
5d,90,2e,e6,ce,8d,36,8b,72,23,d5,4d,67,b6,32,13,bd,46,65,66,7a,ea,e1,e7,7b,\
8e,f5,14,03,20,51,e7,f4,23,80,3b,66,b2,fc,23,62,96,01,bb,54,55,7e,be,7f,9f,\
66,6f,67,62,0c,3a,f7,fe,2f,3f,ff,b7,98,ad,c6,fb,fd,7e,3f,21,39,42,ec,99,78,\
39,0b,5b,3d,06,52,e6,81,60,d0,e3,7a,c7,81,b7,08,5c,05,bc,26,7a,03,8f,f9,e4,\
dc,02,db,98,62,79,6a,f5,db,ee,95,e5,c3,6a,f0,01,21,da,5a,d9,c3,fd,c4,65,8f,\
5d,88,a5,03,45,48,88,ad,1e,aa,27,f0,a8,27,d8,f1,fd,c9,f6,81,92,68,f9,27,b5,\
9d,a2,cc,6d,35,f7,32,67,d1,66,48,e3,c1,d7,c3,5b,de,f0,52,09,42,52,64,be,e5,\
77,e9,1a,09,44,7c,83,f0,43,b0,bf,96,b5,6b,cb,41,66,e6,03,a0,98,7a,d5,65,a1,\
fa,62,bc,a3,84,a5,94,d0,43,02,de,a6,26,0d,a0,56,0f,89,c3,c6,c6,c9,87,8a,b5,\
82,2b,27,0c,bc,ae,d5,51,49,97,b6,46,64,23,10,bd,7f,de,54,69,01,7d,f6,42,d0,\
4a,fe,42,d0,5a,f6
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\vrlogon.dll
c:\windows\system32\tvt_gina.dll
c:\programmer\Lenovo\Client Security Solution\css_gina_plugin.dll
c:\programmer\Lenovo\Client Security Solution\css_wait_bar.dll
c:\programmer\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
c:\programmer\Lenovo\Client Security Solution\csswait.dll
c:\programmer\Fælles filer\Lenovo\tvt_banner.dll
c:\programmer\Lenovo\Client Security Solution\cssdlgpwentry.dll
c:\programmer\Lenovo\Client Security Solution\dlganswerprompt.dll
c:\programmer\Lenovo\Client Security Solution\tvttsp.dll
c:\programmer\Lenovo\Client Security Solution\tcsrpc.dll
c:\programmer\Fælles filer\Lenovo\tvt_res.dll
c:\programmer\Bonjour\mdnsNSP.dll
c:\programmer\ThinkVantage Fingerprint Software\pscssint.dll
c:\programmer\ThinkVantage Fingerprint Software\infra.dll
c:\programmer\ThinkVantage Fingerprint Software\VTI.DLL
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\homepass.dll
c:\programmer\ThinkVantage Fingerprint Software\bio.dll
c:\programmer\ThinkVantage Fingerprint Software\ps2css.dll
c:\programmer\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\programmer\ThinkVantage Fingerprint Software\crypto.dll
- - - - - - - > 'lsass.exe'(1292)
c:\windows\system32\psqlpwd.dll
c:\programmer\ThinkVantage Fingerprint Software\homefus2.dll
c:\programmer\ThinkVantage Fingerprint Software\infra.dll
c:\programmer\ThinkPad\ConnectUtilities\ACGina.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\ACON.dll
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\programmer\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programmer\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\programmer\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\SYSTEM32\IBMPMSVC.EXE
c:\programmer\THINKPAD\CONNECTUTILITIES\ACPRFMGRSVC.EXE
c:\windows\SYSTEM32\ACS.EXE
c:\programmer\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\programmer\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\programmer\FæLLES FILER\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\programmer\BONJOUR\MDNSRESPONDER.EXE
c:\programmer\JAVA\JRE6\BIN\JQS.EXE
c:\programmer\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\System32\PAStiSvc.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\programmer\Lenovo\Client Security Solution\tvttcsd.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\programmer\Lenovo\Client Security Solution\cssauth.exe
c:\programmer\iPod\bin\iPodService.exe
c:\programmer\WD\WD Anywhere Backup\MemeoBackup.exe
.
**************************************************************************
.
Gennemført tid: 2009-01-05 9:07:49 - maskinen blev genstartet [Mir]
ComboFix-quarantined-files.txt 2009-01-05 08:07:44
Pre-Kørsel: 19,274,203,136 byte ledig
Post-Kørsel: 20,355,219,456 byte ledig
378 --- E O F --- 2008-12-18 00:51:12
HIGHJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:03, on 05-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\explorer.exe
C:\Downloads\Programmer\Antispyware\Highjackthis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programmer\PicLensIE\cooliris.dll
O2 - BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programmer\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programmer\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FÆLLES~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programmer\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167411733973
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169111713140
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Programmer\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programmer\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
--
End of file - 14474 bytes
