CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede kirkelund Nybegynder
28. januar 2010 - 18:20 Der er 22 kommentarer og
1 løsning

hi jack

Hej. Er der en der vil se denne log igennem og finde fejlene :)
Avatar billede kirkelund Nybegynder
28. januar 2010 - 18:22 #1
Ja ja,,,, kan gå for stærkt
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:05:26, on 28-01-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Windows\pp14.exe
C:\Windows\freddy82.exe
C:\Program Files\3\3Connect\WilogApp.exe
C:\Windows\system32\taskeng.exe
C:\Users\Torben\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZRSR4GD7\hijackthis-2.0.0-beta[1].exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Torben\Desktop\hijackthis-2.0.0-beta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy82.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp14.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.y8.com/games/Tiger_Cross"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm (file missing)
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} (proXSign Class) - https://www.borgerblanketter.dk/bb/proXSign1.cab
O16 - DPF: {6274F636-00DB-42BE-8995-B92E46F853F7} (sigSrvClnt Class) - https://eservice.logiva.dk/signServerClient.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Tjenesten Google Update (gupdate1c9c390a84e8960) (gupdate1c9c390a84e8960) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14777 bytes
Avatar billede f-arn Guru
28. januar 2010 - 18:35 #2
Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra Hijackthis som du finder her:

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Kør HijackThis, klik på "Do a systemscan scan and save a logfile"  kopier loggens tekst og send den herind.

Bemærk Hijackthis skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.

Jo - brug den Hijackthis
Avatar billede Computer Hjælp (Gratis) Mester
28. januar 2010 - 18:53 #3
Velkommen til E. ...

(Du har vist været på Facebook ? *S*)

c:\windows\freddy82.exe
c:\windows\pp14.exe
Avatar billede kirkelund Nybegynder
28. januar 2010 - 19:20 #4
Jepp :) Her kommer så lidt fakta:
Malwarebytes' Anti-Malware 1.44
Database version: 3652
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

28-01-2010 18:52:36
mbam-log-2010-01-28 (18-52-36).txt

Skan type: Hurtig skanning
Objekter skannet: 113665
Tid tilbagelagt: 11 minute(s), 3 second(s)

Inficerede Hukommelses Processer: 2
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 14

Inficerede Hukommelses Processer:
C:\Windows\pp14.exe (Worm.KoobFace) -> Unloaded process successfully.
C:\Windows\freddy82.exe (Worm.KoobFace) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:59, on 28-01-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\UMStor\Res.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\3\3Connect\WilogApp.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Torben\Desktop\HiJackThis.exe
C:\Windows\system32\sdclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.y8.com/games/Tiger_Cross"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm (file missing)
O13 - Gopher Prefix:
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} (proXSign Class) - https://www.borgerblanketter.dk/bb/proXSign1.cab
O16 - DPF: {6274F636-00DB-42BE-8995-B92E46F853F7} (sigSrvClnt Class) - https://eservice.logiva.dk/signServerClient.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{23A5465C-6B04-4DEC-9CCB-8A0B0FA7E20E}: NameServer = 80.251.201.177 80.251.201.178
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
O23 - Service: Tjenesten Google Update (gupdate1c9c390a84e8960) (gupdate1c9c390a84e8960) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OKI OPHD DCS Loader - Oki Data Corporation - C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHDLDCS.EXE
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14580 bytes
Avatar billede f-arn Guru
28. januar 2010 - 20:59 #5
Hent og gem Combofix på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

--------------

Killall::
Snapshot::

-------------

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif


Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt som ligger her C:\ Combofix.txt

Indholdet af denne fil må du gerne lægge herind.
Avatar billede kirkelund Nybegynder
28. januar 2010 - 22:11 #6
Kommer her. Jeg skal køre mine programmer som admin. er det normalt eller kommer løsningen senere :)
ComboFix 10-01-27.06 - Torben 28-01-2010  21:40:14.2.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.45.1030.18.3061.1622 [GMT 1:00]
Kører fra: c:\users\Torben\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Torben\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1689095640-780087886-3370951399-500
c:\$recycle.bin\S-1-5-21-1980901630-1387125616-1149383210-1176
c:\$recycle.bin\S-1-5-21-1980901630-1387125616-1149383210-500
c:\$recycle.bin\S-1-5-21-2352288461-954959840-994521942-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{371AB09E-E124-49F2-884E-F60E0DECEB7C}\setup.msi
c:\program files\QUAD Utilities
c:\program files\QUAD Utilities\QUAD Registry Cleaner\program.log
c:\program files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner website.url
c:\program files\QUAD Utilities\QUAD Registry Cleaner\Styles\Vista.cjstyles
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Torben\AppData\Roaming\Desktopicon
c:\users\Torben\AppData\Roaming\Desktopicon\config.ini
c:\users\Torben\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Torben\AppData\Roaming\QUAD Backups

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-28 til 2010-01-28  )))))))))))))))))))))))))))))))))))
.

2010-01-28 20:49 . 2010-01-28 20:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-01-28 17:38 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 17:38 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-01-28 10:11 . 2010-01-28 10:11    --------    d-----w-    c:\users\Torben\AppData\Local\Threat Expert
2010-01-28 09:34 . 2010-01-28 09:34    --------    d-----w-    c:\users\Torben\AppData\Roaming\AVG8
2010-01-13 12:15 . 2009-10-19 13:38    156672    ------w-    c:\windows\system32\t2embed.dll
2010-01-13 12:15 . 2009-10-19 13:35    72704    ------w-    c:\windows\system32\fontsub.dll
2010-01-07 17:55 . 2010-01-07 17:55    --------    d-----w-    c:\users\Torben\AppData\Roaming\PC Suite
2010-01-07 17:55 . 2010-01-07 17:55    --------    d-----w-    c:\users\Torben\AppData\Roaming\GARMIN
2010-01-06 12:10 . 2010-01-06 12:24    --------    d-----w-    c:\users\Torben\{b9ec9257-c4b1-4fc9-8ad4-bbe60526b739}
2010-01-06 12:02 . 2010-01-06 12:02    --------    d-----w-    C:\OkiDriver
2010-01-05 08:57 . 2010-01-05 09:36    --------    d-----w-    c:\users\Torben\{8bd04b57-744f-4674-bc64-df6f55132445}
2010-01-05 08:52 . 2004-04-20 14:18    36992    ------w-    c:\windows\system32\drivers\OkiPar.sys
2010-01-05 08:52 . 2001-01-15 14:17    808    ------w-    c:\windows\system32\OKIPAR.DAT
2010-01-05 08:52 . 2010-01-05 08:52    --------    d-----w-    c:\program files\Okidata
1601-01-01 00:00 . 1601-01-01 00:00    --------    d-----w-    C:\F

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:50 . 2008-02-12 11:40    --------    d-----w-    c:\programdata\Symantec
2010-01-28 20:49 . 2007-12-23 00:43    12    ----a-w-    c:\windows\bthservsdp.dat
2010-01-28 20:23 . 2008-02-12 11:40    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-01-28 20:23 . 2008-02-12 11:41    --------    d-----w-    c:\program files\Symantec
2010-01-28 17:38 . 2009-06-08 07:10    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-01-23 02:19 . 2008-07-01 12:04    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-01-14 10:12 . 2009-10-03 00:17    181120    ------w-    c:\windows\system32\MpSigStub.exe
2010-01-14 02:07 . 2007-12-23 02:03    --------    d-----w-    c:\programdata\Microsoft Help
2010-01-14 02:06 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-01-10 11:27 . 2009-06-03 14:19    0    ------w-    c:\users\Torben\temp.dat
2010-01-06 12:24 . 2008-02-22 13:05    --------    d-----w-    c:\programdata\pdf995
2010-01-05 09:36 . 2007-12-23 01:29    --------    d-----w-    c:\programdata\Lenovo
2010-01-05 08:52 . 2007-12-23 00:58    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-01-02 06:38 . 2010-01-22 03:27    916480    ------w-    c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 03:27    109056    ------w-    c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 03:27    71680    ------w-    c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 03:27    133632    ------w-    c:\windows\system32\ieUnatt.exe
2009-12-17 12:48 . 2007-12-23 01:48    --------    d-----w-    c:\program files\Google
2009-11-14 14:04 . 2009-06-09 14:40    71253    ------w-    c:\windows\Huawei ModemsUninstall.exe
2009-11-09 12:31 . 2009-12-10 02:06    24064    ------w-    c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 02:06    30720    ------w-    c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 02:06    411648    ------w-    c:\windows\system32\drivers\http.sys
2007-12-23 00:23 . 2007-12-23 00:15    8192    --sh--w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-06-23 434176]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-09-05 319488]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-22 820520]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-09-28 181544]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-23 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoRegistration.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LenovoRegistration.lnk
backup=c:\windows\pss\LenovoRegistration.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-09-05 17:07    214576    ------w-    c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):40,d2,6b,50,6c,fe,c9,01

R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [29-09-2007 01:28 19504]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [19-02-2007 05:12 13744]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [26-08-2009 15:51 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [26-08-2009 15:51 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [08-09-2009 19:41 90112]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [09-07-2007 07:23 55936]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [09-01-2007 05:03 569344]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [08-09-2009 19:41 27632]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\System32\drivers\tvti2c.sys [23-05-2007 00:59 30336]
S2 gupdate1c9c390a84e8960;Tjenesten Google Update (gupdate1c9c390a84e8960);c:\program files\Google\Update\GoogleUpdate.exe [22-04-2009 22:23 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02-11-2006 11:25 167936]
S3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [23-06-2008 08:31 21504]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [06-04-2009 08:13 13224]
S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\System32\spool\drivers\w32x86\3\OPHDLDCS.EXE [30-11-2006 10:05 24576]
S3 PCD5SRVC{DF187064-5DA14001-05040000};PCD5SRVC{DF187064-5DA14001-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PCDR5\PCD5SRVC.pkms [22-08-2007 20:12 25760]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [08-09-2009 19:41 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [08-09-2009 19:41 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [08-09-2009 19:41 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [08-09-2009 19:41 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [08-09-2009 19:41 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [08-09-2009 19:41 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [08-09-2009 19:41 115752]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [08-09-2009 19:41 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [08-09-2009 19:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [08-09-2009 19:41 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [08-09-2009 19:41 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [08-09-2009 19:41 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [08-09-2009 19:41 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [08-09-2009 19:41 109736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs    REG_MULTI_SZ      BthServ
WindowsMobile    REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted    REG_MULTI_SZ      WcesComm RapiMgr
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:23]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 21:23]

2010-01-28 c:\windows\Tasks\User_Feed_Synchronization-{7FB51E8E-F57E-4D8A-916A-1207E2509139}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: cpr.dk\web
Trusted Zone: csc.dk\login.service
Trusted Zone: danid.dk
Trusted Zone: hadstenbank.dk\portal4
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} - hxxps://www.borgerblanketter.dk/bb/proXSign1.cab
DPF: {6274F636-00DB-42BE-8995-B92E46F853F7} - hxxps://eservice.logiva.dk/signServerClient.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 21:53
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\TEMP\TMP0000000891DE171BDA738230 524288 bytes

scanning gennemført med succes
skjulte filer: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{DF187064-5DA14001-05040000}]
"ImagePath"="\??\c:\progra~1\PCDR5\PCD5SRVC.pkms"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'Explorer.exe'(3932)
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\TpShocks.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
.
**************************************************************************
.
Gennemført tid: 2010-01-28  22:05:05 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-01-28 21:04

Pre-Kørsel: 79.458.914.304 byte ledig
Post-Kørsel: 79.190.265.856 byte ledig

- - End Of File - - 4D8C232DD8D08BFC68B062A7D77315EA
Avatar billede f-arn Guru
29. januar 2010 - 22:08 #7
Prøv at starte stifinder og fortæl hvad der ligger i denne mappe:
C:\F

Hent og installer denne scanner:
http://kortlink.dk/7bgk

Start superantispyware, klik på Check for updates, når det er opdateret skal du lade det skanne din computer
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.

Start så superantispyware, klik på preferences, statistics/logs, view log. Indholdet af denne log må du gerne kopiere herind.
Avatar billede kirkelund Nybegynder
29. januar 2010 - 22:39 #8
Kan ikke hitte ud af hvad der er i C:\F
Avatar billede kirkelund Nybegynder
30. januar 2010 - 00:07 #9
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/29/2010 at 11:51 PM

Application Version : 4.33.1000

Core Rules Database Version : 4536
Trace Rules Database Version: 2348

Scan type      : Complete Scan
Total Scan Time : 01:00:46

Memory items scanned      : 841
Memory threats detected  : 0
Registry items scanned    : 7419
Registry threats detected : 0
File items scanned        : 34430
File threats detected    : 71

Adware.Tracking Cookie
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@apmebf[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@fynskemedieradmin.adservinginternational[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@cdn5.specificclick[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@collective-media[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@specificclick[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@doubleclick[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@eas4.emediate[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@track.adform[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@eas.apm.emediate[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@bankdata.112.2o7[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adserver3.openadex[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adserver3.openadex[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@atdmt[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adviva[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adtech[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@tradedoubler[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@bluestreak[3].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@mediaplex[1].txt
    C:\Users\bruger\AppData\Roaming\Microsoft\Windows\Cookies\bruger@msnportal.112.2o7[1].txt
    C:\Users\bruger\AppData\Roaming\Microsoft\Windows\Cookies\bruger@atdmt[1].txt
    C:\Users\bruger\AppData\Roaming\Microsoft\Windows\Cookies\bruger@lenovo.112.2o7[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@eas4.emediate[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@doubleclick[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@doubleclick[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@atdmt[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@www.googleadservices[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@www.googleadservices[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@atdmt[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@statcounter[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@eas4.emediate[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@adtech[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@apmebf[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@msnportal.112.2o7[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@adviva[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@eas.apm.emediate[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@fynskemedieradmin.adservinginternational[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@eas8.emediate[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@adserver3.openadex[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@bankdata.112.2o7[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@bluestreak[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@collective-media[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@adserver3.openadex[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@mediaplex[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@bs.serving-sys[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@affilate.mikkelsenmedia[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@serving-sys[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@revsci[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@tribalfusion[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@track.adform[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@specificclick[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@tradedoubler[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@cdn5.specificclick[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\Low\torben@advertising[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@doubleclick[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@atdmt[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@avgtechnologies.112.2o7[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adserver3.openadex[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adtech[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@apmebf[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@adviva[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@eas.apm.emediate[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@fynskemedieradmin.adservinginternational[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@bluestreak[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@mediaplex[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@fastclick[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@revsci[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@trafficmp[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@specificclick[2].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@tradedoubler[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@advertising[1].txt
    C:\Users\Torben\AppData\Roaming\Microsoft\Windows\Cookies\torben@track.adform[1].txt
Avatar billede f-arn Guru
30. januar 2010 - 11:20 #10
Hvordan kører computeren nu?
Jeg synes ikke jeg kan se et antivirus program?
Avatar billede kirkelund Nybegynder
30. januar 2010 - 11:32 #11
Hej. er ved at geninstalere anti virus program. Den kører godt i forhold til tidligere. Dog har jeg en irriterende melding om at stifinder fungerer ikke.....stifinder genstarter og opdaterer skrivebordret. kan du fixe det også :)
Avatar billede f-arn Guru
30. januar 2010 - 11:48 #12
Klik start -> kør og kopier dette Sfc /Scannow
Klik ok
Hvis du bliver bedt om at indsætte din Windows CD så gør det.
Avatar billede kirkelund Nybegynder
30. januar 2010 - 12:08 #13
Den vil ikke starte programmet. Jeg kan sagtens indtaste men der sker ikke mere. Jeg har ikke vistaskiven da det er en firmacom og den ligger på vores administration men kan selvfølgelig skaffe den :)
Avatar billede f-arn Guru
30. januar 2010 - 14:31 #14
Prøv at følge denne guide:
http://peter.mpbrun.dk/20070705/kontroller-og-reparer-systemfiler-med-sfc/

Det er ikke sikkert du behøvver en CD/DVD.
Avatar billede kirkelund Nybegynder
30. januar 2010 - 16:01 #15
Så kom den igang. Indtil videre kører den som en drøm igen.... skal der gøres mere eller skal jeg takke for hjælpen med et svar :)
Avatar billede f-arn Guru
30. januar 2010 - 17:09 #16
Lykkedes det med sfc så stifinder virker igen?

http://www.eksperten.dk/faq#faq-3
Avatar billede kirkelund Nybegynder
30. januar 2010 - 17:20 #17
det lykkedes med sfc.stifinder virker efter planen og kommer ikke med fejl mere. den kører super igen. skal der gøres mere
Avatar billede f-arn Guru
30. januar 2010 - 17:47 #18
Hvis du ikke har den så:

Hent og installér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Den bør du sige nej til.
Lad programmer foretage en oprydning.

http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763

------

Klik start, kør og kopier dettte: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves

De andre programmer kan du afinstallere normalt
Avatar billede kirkelund Nybegynder
30. januar 2010 - 18:31 #19
så er den i vinkel. den kører perfekt nu
Avatar billede kirkelund Nybegynder
30. januar 2010 - 18:37 #20
Jeg takker mange gange.....
Avatar billede f-arn Guru
30. januar 2010 - 22:05 #21
Det er ikke meningen du selv skal komme med et svar. Svar er forbeholdt den der kom med løsningen.

Læs dette:
http://www.eksperten.dk/faq#faq-3
Avatar billede kirkelund Nybegynder
30. januar 2010 - 22:31 #22
Det var heller ikke meningen :( hvordan får jeg givet point til dig. Du har jo i den grad fortjent dem med den super hjælp du har givet her. Både hurtige svar og prof hjælp der udførligt var til at forstå
Avatar billede f-arn Guru
31. januar 2010 - 01:33 #23
Takker for point :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:15 Personlige indstillinger på Facebook Af nu_igen i Sociale medier
I går 17:56 Bluetooth Højttalersæt Af valby i Andet hardware
I går 16:52 Flextids registrering Af Kenneth Kirsgart i Excel
I går 14:28 Telenor og Iphone skal genstarte ofte Af Carpathia i Mobilnetværk
I går 13:47 Kan man sælge et ApS Af LHans i Fri debat
White papers
Flere white papers »


Premium
Teaser billede
Efter forbud fra Datatilsynet: Nu ændres data-håndteringen i din kørekort-app
Læs mere »
Halter mange år bagefter: Sløve software-udviklere står i vejen for kæmpe digitalt løft af Billund Lufthavn
Disse 10 it-virksomheder klarer sig bedst i Computerworlds store image-undersøgelse
Rejsekort skal aflevere fuld redegørelse om brug af GPS-data i Rejsekort-appen inden for få uger: Datatilsynet åbner sag
Se alle »
Computerworld
Teaser billede
Softwarefirmaet Teamviewer med 640.000 kunder globalt ramt af avanceret hackerangreb
Læs mere »
En pladesaks, 1000W og et Nvidia-grafikkort til 14.000 kroner - sådan opgraderede jeg min pc
Dansk-stiftet ingeniørfirma blev franarret 178 millioner kroner i deepfake-svindel
Test: Endelig en skærm der er god til alt - lige fra gaming og underholdning til kontorbrug
Se alle »
CIO
Teaser billede
Efter stort hackerangreb mod Teamviewer: Stop dine opdateringer og tjek opsætningen nu
Læs mere »
I dag træder nye de regler om registrering af din arbejdstid i kraft: Er du klar?
Frygtet melding: Russiske hackere har stjålet Microsoft-kunders e-mails
Russisk hack af Microsoft er meget større end først antaget
Se alle »
Job & Karriere
Teaser billede
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
Kontorer er ofte øde og tomme - især efter frokost og op til ferier: Nu vil Dell give de ansatte farve-stempler efter deres fremmøde
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
SASE: Træf det rette valg – første gang
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »