Logfiler
SUPERAntiSpyware Scan Loghttp://www.superantispyware.com
Generated 11/05/2009 at 11:04 AM
Application Version : 4.29.1004
Core Rules Database Version : 4232
Trace Rules Database Version: 2129
Scan type : Complete Scan
Total Scan Time : 00:57:53
Memory items scanned : 228
Memory threats detected : 0
Registry items scanned : 6173
Registry threats detected : 0
File items scanned : 122670
File threats detected : 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:36, on 05-11-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmer\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wuauclt.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\UM8142.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Programmer\Picasa2\PicasaPhotoViewer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bruger\Skrivebord\Ny mappe\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Programmer\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Programmer\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Indstillinger til Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmer\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\unibetpokerMPP\MPPoker.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.danid.dk
O15 - Trusted Zone: http://*.danid.dk (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} (IssueUtilCtrl Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200387432281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226995097296
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9ee792dc7a262) (gupdate1c9ee792dc7a262) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 17260 bytes
ComboFix 09-11-04.05 - Bruger 05-11-2009 11:24.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2038.1379 [GMT 1:00]
Kører fra: d:\dokumenter\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {AF2BBE65-76A1-4286-B42C-418ED590D913}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bruger\Application Data\0200000051aeee23691C.manifest
c:\documents and settings\Bruger\Application Data\0200000051aeee23691O.manifest
c:\documents and settings\Bruger\Application Data\0200000051aeee23691P.manifest
c:\documents and settings\Bruger\Application Data\0200000051aeee23691S.manifest
c:\recycler\S-1-5-21-100074971-2744194993-4051501289-1005
c:\recycler\S-1-5-21-1097359926-3659370271-2712727501-1005
c:\recycler\S-1-5-21-1146180306-3322260357-3040964421-1005
c:\recycler\S-1-5-21-1179624747-1545966933-3963451091-1005
c:\recycler\S-1-5-21-1194502474-2711158995-2678240101-1005
c:\recycler\S-1-5-21-1622155489-2104867749-420798656-1005
c:\recycler\S-1-5-21-1675066399-302439635-1907809114-1005
c:\recycler\S-1-5-21-1692149972-2173604958-259586686-1005
c:\recycler\S-1-5-21-1734540027-2524208754-78308607-1005
c:\recycler\S-1-5-21-173948909-4172311750-1299733137-1005
c:\recycler\S-1-5-21-1768927646-1788175832-3759828416-500
c:\recycler\S-1-5-21-2003386960-2040214627-946755419-1005
c:\recycler\S-1-5-21-206151170-156836180-549832528-1005
c:\recycler\S-1-5-21-2233696710-835238226-557601828-1005
c:\recycler\S-1-5-21-2395454379-479886246-2548166038-1005
c:\recycler\S-1-5-21-2525365062-1810557652-2093360118-1005
c:\recycler\S-1-5-21-2565468947-3030691786-1412983449-1005
c:\recycler\S-1-5-21-2584293008-770757676-4189557666-1005
c:\recycler\S-1-5-21-2679024053-3179854121-203396595-1005
c:\recycler\S-1-5-21-2788284254-4124929488-855286063-1005
c:\recycler\S-1-5-21-3017995216-3278278292-33721686-1005
c:\recycler\S-1-5-21-3020578235-3543016786-2918309094-1005
c:\recycler\S-1-5-21-3039669553-1092088804-3717478188-1005
c:\recycler\S-1-5-21-3131643336-1608245955-4138068662-1005
c:\recycler\S-1-5-21-331390686-1695248578-476934219-1005
c:\recycler\S-1-5-21-3358458307-369828566-1237282652-1005
c:\recycler\S-1-5-21-3422487744-2894836419-3537849896-1005
c:\recycler\S-1-5-21-3575571364-266189388-2385675963-1005
c:\recycler\S-1-5-21-3637944744-3470559854-1262370359-1005
c:\recycler\S-1-5-21-3672704921-3520808187-1703940148-1005
c:\recycler\S-1-5-21-3919957412-1349673217-2610719757-1005
c:\recycler\S-1-5-21-4017305065-2314134394-2602781601-1005
c:\recycler\S-1-5-21-410194103-2725734759-2212980666-1005
c:\recycler\S-1-5-21-4143840931-3138016623-2814062827-1005
c:\recycler\S-1-5-21-4205201786-139811432-4270504326-1005
c:\recycler\S-1-5-21-4237473887-3915082379-3227721796-1005
c:\recycler\S-1-5-21-607875520-3951207710-3764861605-1005
c:\recycler\S-1-5-21-707452768-2741938073-1514737985-1005
c:\recycler\S-1-5-21-720887660-200833535-540061214-1005
c:\recycler\S-1-5-21-788706770-3950817190-3580050910-1005
c:\recycler\S-1-5-21-801047230-1418585522-2449423606-1005
c:\windows\AegisP.inf
c:\windows\GnuHashes.ini
c:\windows\system\oeminfo.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\LocalService\321.crack.zip
c:\windows\system32\LocalService\321.crack.zip.kwd
c:\windows\system32\LocalService\322.keygen.zip
c:\windows\system32\LocalService\322.keygen.zip.kwd
c:\windows\system32\LocalService\323.serial.zip
c:\windows\system32\LocalService\323.serial.zip.kwd
c:\windows\system32\LocalService\324.setup.zip
c:\windows\system32\LocalService\324.setup.zip.kwd
c:\windows\system32\LocalService\325.music.au
c:\windows\system32\LocalService\325.music.au.kwd
c:\windows\system32\LocalService\326.music2.au
c:\windows\system32\LocalService\326.music2.au.kwd
c:\windows\system32\LocalService\327.music3.au
c:\windows\system32\LocalService\327.music3.au.kwd
c:\windows\system32\LocalService\328.music4.au
c:\windows\system32\LocalService\328.music4.au.kwd
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-10-05 til 2009-11-05 )))))))))))))))))))))))))))))))))))
.
2009-11-05 08:54 . 2009-11-05 08:54 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-05 08:54 . 2009-11-05 08:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-11-05 08:54 . 2009-11-05 08:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-11-05 08:54 . 2009-11-05 08:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-11-05 08:41 . 2009-11-05 08:41 -------- d-----w- c:\programmer\CCleaner
2009-11-04 19:27 . 2009-11-05 08:32 -------- d-----w- c:\windows\Downloaded Program Files
2009-11-04 14:24 . 2009-11-04 19:27 152576 ----a-w- c:\documents and settings\Bruger\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 16:10 . 2009-10-31 16:10 -------- d-----w- c:\documents and settings\Bruger\Lokale indstillinger\Application Data\Help
2009-10-30 12:13 . 2009-10-30 12:21 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-30 12:13 . 2009-10-30 12:21 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-30 12:12 . 2009-11-05 10:55 786464 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-30 12:12 . 2009-11-05 10:55 4182560 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 12:12 . 2009-11-05 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-10-30 12:12 . 2009-10-30 12:12 -------- d-----w- c:\programmer\Kaspersky Lab
2009-10-30 06:13 . 2009-10-30 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-10-28 21:08 . 2009-11-05 08:50 117760 ----a-w- c:\documents and settings\Bruger\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-28 21:07 . 2009-10-28 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-28 21:07 . 2009-10-28 21:07 -------- d-----w- c:\programmer\SUPERAntiSpyware
2009-10-28 21:07 . 2009-10-28 21:07 -------- d-----w- c:\documents and settings\Bruger\Application Data\SUPERAntiSpyware.com
2009-10-28 21:07 . 2009-10-28 21:07 -------- d-----w- c:\programmer\Fælles filer\Wise Installation Wizard
2009-10-28 20:49 . 2009-10-28 20:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-10-28 20:48 . 2009-10-28 20:50 -------- d-----w- c:\programmer\Taskbar Hide
2009-10-28 18:31 . 2009-10-28 18:31 -------- d-----w- c:\windows\BDOSCAN8
2009-10-28 16:50 . 2009-10-28 16:50 -------- d-----w- c:\documents and settings\NetworkService\Dokumenter
2009-10-28 13:36 . 2009-10-28 13:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-28 13:33 . 2009-10-28 13:33 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-28 13:31 . 2009-10-28 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-27 18:58 . 2009-11-05 10:52 -------- d-sh--w- c:\windows\system32\LocalService
2009-10-21 04:43 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-16 21:32 . 2009-10-16 21:32 -------- d-----w- c:\programmer\Winamp
2009-10-16 21:32 . 2009-10-20 05:06 -------- d-----w- c:\programmer\EvilLyrics
2009-10-14 22:34 . 2009-10-14 22:35 -------- d-----w- C:\6aa7528e009ba80233ed4a
2009-10-09 16:43 . 2009-10-09 16:43 -------- d-----w- c:\documents and settings\Bruger\Application Data\Cryptomathic
2009-10-09 16:42 . 2009-09-23 06:42 3102072 -c--a-w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}\csp.exe
2009-10-09 16:42 . 2009-10-09 16:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
2009-10-09 16:42 . 2009-10-09 16:42 -------- d-----w- c:\programmer\DanID
2009-10-09 16:42 . 2009-10-09 16:42 -------- d-----w- c:\documents and settings\Bruger\Lokale indstillinger\Application Data\PackageAware
2009-10-07 16:06 . 2009-10-28 13:12 0 ----a-w- c:\documents and settings\Bruger\temp.dat
2009-10-07 16:05 . 2009-10-07 16:06 -------- d-----w- c:\documents and settings\Bruger\.oces
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 10:55 . 2009-10-30 12:12 4816 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-05 10:55 . 2009-10-30 12:12 34804 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-05 10:10 . 2006-02-18 04:32 482626 ----a-w- c:\windows\system32\perfh006.dat
2009-11-05 10:10 . 2006-02-18 04:32 93182 ----a-w- c:\windows\system32\perfc006.dat
2009-11-05 08:32 . 2008-01-04 14:34 -------- d-----w- c:\programmer\Multimedia Center for Think Offerings
2009-11-05 08:30 . 2008-01-04 14:35 -------- d-----w- c:\programmer\Fælles filer\Adobe
2009-11-04 19:29 . 2009-06-03 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 19:19 . 2008-01-04 14:33 -------- d-----w- c:\programmer\Java
2009-11-04 17:36 . 2008-01-04 14:41 -------- d-----w- c:\programmer\Google
2009-10-28 16:39 . 2009-08-23 12:32 -------- d-----w- c:\programmer\Full Tilt Poker
2009-10-28 16:39 . 2008-01-04 14:25 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-10-28 16:38 . 2009-08-23 12:20 -------- d-----w- c:\programmer\PokerStars
2009-10-27 18:29 . 2009-06-13 08:48 -------- d-----w- c:\documents and settings\Bruger\Application Data\FrostWire
2009-10-27 18:09 . 2004-08-27 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-21 04:43 . 2009-06-03 22:22 -------- d-----w- c:\programmer\Windows Live
2009-10-18 17:25 . 2009-09-26 13:49 -------- d-----w- c:\programmer\PPLive
2009-10-04 14:08 . 2009-10-04 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-10-04 14:08 . 2009-10-04 14:08 -------- d-----w- c:\programmer\TVUPlayer
2009-10-03 11:42 . 2009-10-03 11:42 -------- d-----w- c:\programmer\Microsoft SQL Server Compact Edition
2009-10-01 09:29 . 2009-10-02 21:50 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-26 13:49 . 2009-09-26 13:49 -------- d-----w- c:\documents and settings\Bruger\Application Data\PPLive
2009-09-25 14:38 . 2009-09-25 14:36 -------- d-----w- c:\programmer\iTunes
2009-09-25 14:36 . 2009-09-25 14:36 -------- d-----w- c:\programmer\iPod
2009-09-25 14:36 . 2009-06-03 22:27 -------- d-----w- c:\programmer\Fælles filer\Apple
2009-09-25 14:29 . 2009-09-25 14:29 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-25 14:26 . 2009-06-03 22:29 -------- d-----w- c:\documents and settings\Bruger\Application Data\Apple Computer
2009-09-22 15:49 . 2009-09-22 15:49 160512 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-09-22 08:05 . 2009-09-22 08:05 -------- d-----w- c:\programmer\iPhone Configuration Utility
2009-09-22 08:04 . 2009-09-22 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 08:01 . 2009-09-22 08:01 -------- d-----w- c:\programmer\QuickTime
2009-09-21 07:35 . 2008-11-17 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-20 17:56 . 2009-06-05 15:05 -------- d-----w- c:\documents and settings\Bruger\Application Data\Microgaming
2009-09-20 11:14 . 2009-09-20 11:13 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-11 14:19 . 2004-08-27 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:04 . 2008-11-18 08:36 -------- d-----w- c:\programmer\Microsoft Silverlight
2009-09-04 21:04 . 2004-08-27 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:58 . 2004-08-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 17:42 . 2009-06-03 22:28 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-06-03 22:28 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 10:12 . 2009-08-27 10:12 219664 ----a-w- c:\windows\system32\klogon.dll
2009-08-27 10:08 . 2009-08-27 10:08 27099 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-08-27 07:51 . 2009-08-27 07:51 76360 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English\setup.exe
2009-08-26 08:02 . 2004-08-27 12:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-07 19:41 . 2008-10-28 15:02 68840 ----a-w- c:\documents and settings\Bruger\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
- 2009-10-27 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
- 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
- 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 208896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-10 58416]
"TPHOTKEY"="c:\programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TVT Scheduler Proxy"="c:\programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programmer\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-27 120368]
"AMSG"="c:\programmer\ThinkVantage\AMSG\Amsg.exe" [2009-03-06 458752]
"ACTray"="c:\programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"DiskeeperSystray"="c:\programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"cssauth"="c:\programmer\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2007-01-28 925696]
"OfficeScanNT Monitor"="c:\programmer\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-06-16 702072]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Message Center Plus"="c:\programmer\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"AVP"="c:\programmer\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-08-27 208616]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-09-28 181544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\programmer\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\programmer\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\programmer\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 13:52 32768 ----a-w- c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ ACGina scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\PPLive\\PPLive.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\SopCast\\SopCast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16679:TCP"= 16679:TCP:Trend Micro OfficeScan Listener
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15-12-2008 20:41 33808]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28-09-2007 16:28 19504]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [12-10-2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [12-10-2009 21:24 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [21-10-2009 05:43 54752]
R2 TmFilter;Trend Micro Filter;c:\programmer\Trend Micro\OfficeScan Client\TmXpflt.sys [16-06-2008 10:24 205328]
R2 TmPreFilter;Trend Micro PreFilter;c:\programmer\Trend Micro\OfficeScan Client\TmPreflt.sys [16-06-2008 10:24 36368]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programmer\Lenovo\Rescue and Recovery\rrpservice.exe [12-07-2007 01:38 569344]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13-05-2009 17:46 31760]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [12-10-2009 21:24 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [16-06-2008 10:24 307984]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [13-09-2006 12:42 30336]
S2 gupdate1c9ee792dc7a262;Google Update Service (gupdate1c9ee792dc7a262);c:\programmer\Google\Update\GoogleUpdate.exe [16-06-2009 12:54 133104]
S3 fsssvc;Windows Live-tjenesten Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [05-08-2009 21:48 704864]
S3 TmPfw;OfficeScan NT Firewall;c:\programmer\Trend Micro\OfficeScan Client\TmPfw.exe [16-06-2008 10:24 943696]
S3 TmProxy;OfficeScan NT Proxy Service;c:\programmer\Trend Micro\OfficeScan Client\TmProxy.exe [16-06-2008 10:24 575064]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [03-06-2009 23:28 40448]
--- Andre Services/Drivers i Hukommelsen ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E}]
c:\windows\system32\msiexec.exe /fup {9E4C88F5-F8EB-45C5-A0B3-08BC50AB9B1E} /q
.
Indhold af mappen 'Planlagte Opgaver'
2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-06-16 11:54]
2009-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-06-16 11:54]
2009-11-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-04 00:19]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: danid.dk
DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 12:04
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(736)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\programmer\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programmer\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'lsass.exe'(796)
c:\programmer\ThinkPad\ConnectUtilities\ACGina.dll
c:\programmer\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programmer\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programmer\ThinkPad\ConnectUtilities\ACON.dll
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\programmer\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programmer\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\programmer\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\programmer\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Intel\Wireless\Bin\EvtEng.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programmer\Lenovo\Client Security Solution\tvttcsd.exe
c:\programmer\Lenovo\Rescue and Recovery\rrservice.exe
c:\programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
c:\windows\TEMP\XP6F25.EXE
c:\programmer\Trend Micro\OfficeScan Client\tmlisten.exe
c:\programmer\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\programmer\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
c:\windows\system32\rundll32.exe
c:\programmer\Lenovo\HOTKEY\TPONSCR.exe
c:\programmer\Lenovo\Zoom\TpScrex.exe
c:\programmer\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\igfxsrvc.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2009-11-05 12:07 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-11-05 11:07
Pre-Kørsel: 16.732.237.824 byte ledig
Post-Kørsel: 17.489.481.728 byte ledig
