Søg
Avatar billede andershl Mester
13. december 2007 - 12:40 Der er 3 kommentarer og
1 løsning

Crapware - er jeg ren nu?

Jeg har brugt jeres fine service ti lat hjælpe en del, der have fået snavs i maskinen, men nu er det sket for mig selv: Jeg havde brug for at omsætte en WMA fil til MP3 og fandt et gratisværktøj:
http://www.download.com/Free-WMA-to-MP3-Converter/3000-2321_4-10494268.html

Desværre fulgte der Yahoo toolbar (kunne afvælges) og noget, der hed Dealio (kunne ikke afvælges, men angiveligt afinstalleres 'any time' bagefter). Så jeg installerede, og fik konverteet min audiofil..

Så bemærkede jeg, at Dealio havde smækket sin egen side ind i 'nyt faneblad' på Firefox. Skide irriterende, så jeg ville havde det væk med det vuns. Det var bare ikke lige til.

Det viste sig desværre, at det kun kunne afinstalleres efter det var FULDT installeret. Tilsyneladende fungerede det således: Det installerede først færdig når man havde aktiveret det, og herunder ville det (skjult) downloade et installationsprogram, SearchSettings.exe . Og det satte alle folderopslag - Dokumenter, Min computer, you name it - på skrivebordet til først at starte SearchSettings.exe.

Men installitionen var syg: SearchSettings.exe var IKKE blevet downlodet til temp folder.

Resultatet var, at alle aktiveringer af næsten hvad som helst startede med tre forgæves forsøg på at installere det skide program. Som jo altså ikke kunne afinstalleres før det var installeret.

Ret generende. Jeg prøvede en masse uden resultat.

Derefter jeres standardrutine, og faktisk fjernede allerede CrapCleaner de umiddelbart synlige problemer. Men der kunne jo være mere. Derfor har jeg kørt hele processen og kopieret logfilerne ind nedenfor....

Combofix log
-----
ComboFix 07-12-12.3 - Anders Hedelund 2007-12-13 10:24:34.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1330 [GMT 1:00]
Running from: C:\Documents and Settings\Anders Hedelund\Skrivebord\Cleanup\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-11-13 to 2007-12-13  )))))))))))))))))))))))))))))))
.

2007-12-12 14:54 . 2004-08-27 01:53    452,096    --a--c---    C:\WINDOWS\system32\fxsapi.dll
2007-12-12 14:54 . 2004-08-27 01:53    452,096    --a--c---    C:\WINDOWS\system32\dllcache\fxsapi.dll
2007-12-12 14:48 . 2007-12-12 14:54    3,788    --a--c---    C:\WINDOWS\imsins.BAK
2007-12-12 14:24 . 2007-12-12 22:32    <DIR>    d----c---    C:\Programmer\SUPERAntiSpyware
2007-12-12 14:24 . 2007-12-12 14:24    <DIR>    d----c---    C:\Documents and Settings\Anders Hedelund\Application Data\SUPERAntiSpyware.com
2007-12-12 14:24 . 2007-12-12 14:24    <DIR>    d----c---    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-12 14:19 . 2007-12-12 14:19    <DIR>    d----c---    C:\Programmer\CCleaner
2007-12-12 03:53 . 2007-12-12 14:52    <DIR>    d----c---    C:\Programmer\RegistrySmart
2007-12-12 03:53 . 2007-12-12 03:53    <DIR>    d----c---    C:\Documents and Settings\Anders Hedelund\Application Data\RegistrySmart
2007-12-10 19:29 . 2007-12-12 14:18    <DIR>    d----c---    C:\Documents and Settings\Anders Hedelund\Application Data\Search Settings
2007-12-10 19:05 . 2007-12-12 02:44    <DIR>    d----c---    C:\Programmer\Free Audio Pack
2007-12-10 19:05 . 1998-07-12 23:00    141,312    --a--c---    C:\WINDOWS\system32\MSCMCFR.DLL
2007-12-10 19:05 . 2000-10-01 19:00    119,568    --a--c---    C:\WINDOWS\system32\VB6FR.DLL
2007-12-10 19:05 . 1998-07-12 23:00    59,904    --a--c---    C:\WINDOWS\system32\Mscc2fr.dll
2007-12-10 19:05 . 1998-07-12 19:00    32,768    --a--c---    C:\WINDOWS\system32\CMDLGFR.DLL
2007-12-10 19:05 . 1998-07-12 23:00    21,504    --a--c---    C:\WINDOWS\system32\TABCTFR.DLL
2007-12-10 19:05 . 1998-07-12 23:00    15,360    --a--c---    C:\WINDOWS\system32\inetfr.DLL
2007-12-10 18:05 . 2007-12-10 18:05    <DIR>    d----c---    C:\Documents and Settings\Anders Hedelund\Application Data\DivX
2007-12-10 18:03 . 2007-12-10 18:03    <DIR>    d----c---    C:\Programmer\DivX
2007-12-09 07:03 . 2007-12-09 07:03    <DIR>    d----c---    C:\IBM_Support
2007-12-07 14:38 . 2007-04-23 15:54    100,488    -ra--c---    C:\WINDOWS\system32\drivers\s115mgmt.sys
2007-12-07 14:38 . 2007-04-23 15:54    98,568    -ra--c---    C:\WINDOWS\system32\drivers\s115obex.sys
2007-12-07 14:37 . 2007-04-23 15:54    108,680    -ra--c---    C:\WINDOWS\system32\drivers\s115mdm.sys
2007-12-07 14:37 . 2007-04-23 15:54    83,208    -ra--c---    C:\WINDOWS\system32\drivers\s115bus.sys
2007-12-07 14:37 . 2007-04-23 15:54    15,112    -ra--c---    C:\WINDOWS\system32\drivers\s115mdfl.sys
2007-12-07 14:37 . 2007-04-23 15:54    12,424    -ra--c---    C:\WINDOWS\system32\drivers\s115whnt.sys
2007-12-07 14:37 . 2007-04-23 15:54    12,424    -ra--c---    C:\WINDOWS\system32\drivers\s115wh.sys
2007-12-07 14:37 . 2007-04-23 15:54    12,424    -ra--c---    C:\WINDOWS\system32\drivers\s115cmnt.sys
2007-12-07 14:37 . 2007-04-23 15:54    12,424    -ra--c---    C:\WINDOWS\system32\drivers\s115cm.sys
2007-12-06 23:41 . 2007-12-07 14:38    <DIR>    d----c---    C:\Documents and Settings\Anders Hedelund\Application Data\Teleca
2007-12-06 23:38 .     <DIR>        C:\Programmer\Fælles filer\Sony Ericsson Shared
2007-12-06 23:37 . 2007-12-06 23:39    <DIR>    d----c---    C:\Documents and Settings\All Users\Application Data\Teleca
2007-12-05 18:21 . 2007-12-05 18:21    <DIR>    d----c---    C:\Programmer\UltraISO
2007-12-05 18:21 .     <DIR>        C:\Programmer\Fælles filer\EZB Systems
2007-12-04 02:33 . 2007-12-04 02:33    823,296    --a--c---    C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 02:33 . 2007-12-04 02:33    823,296    --a--c---    C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 02:33 . 2007-12-04 02:33    802,816    --a--c---    C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 02:33 . 2007-12-04 02:33    682,496    --a--c---    C:\WINDOWS\system32\DivX.dll
2007-12-04 02:33 . 2007-12-04 02:33    630,784    --a--c---    C:\WINDOWS\system32\divxdec.ax
2007-12-02 16:30 . 2007-12-09 06:29    5,427    --a--c---    C:\WINDOWS\EGATHDRV.TMP
2007-11-29 23:30 . 2007-11-29 23:30    3,596,288    --a--c---    C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 23:30 . 2007-11-29 23:30    1,044,480    --a--c---    C:\WINDOWS\system32\libdivx.dll
2007-11-29 23:30 . 2007-11-29 23:30    524,288    --a--c---    C:\WINDOWS\system32\DivXsm.exe
2007-11-29 23:30 . 2007-11-29 23:30    200,704    --a--c---    C:\WINDOWS\system32\ssldivx.dll
2007-11-29 23:30 . 2007-11-29 23:30    4,816    --a--c---    C:\WINDOWS\system32\divxsm.tlb
2007-11-29 23:28 . 2007-11-29 23:28    196,608    --a--c---    C:\WINDOWS\system32\dtu100.dll
2007-11-29 23:28 . 2007-11-29 23:28    81,920    --a--c---    C:\WINDOWS\system32\dpl100.dll
2007-11-29 23:28 . 2007-11-29 23:28    416    --a--c---    C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 23:28 . 2007-11-29 23:28    416    --a--c---    C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 22:55 . 2007-11-28 22:55    156,992    --a--c---    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 22:53 . 2007-11-28 22:53    593,920    --a--c---    C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 22:53 . 2007-11-28 22:53    352,401    --a--c---    C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 22:53 . 2007-11-28 22:53    344,064    --a--c---    C:\WINDOWS\system32\dpus11.dll
2007-11-28 22:53 . 2007-11-28 22:53    294,912    --a--c---    C:\WINDOWS\system32\dpu11.dll
2007-11-28 22:53 . 2007-11-28 22:53    294,912    --a--c---    C:\WINDOWS\system32\dpu10.dll
2007-11-28 22:53 . 2007-11-28 22:53    57,344    --a--c---    C:\WINDOWS\system32\dpv11.dll
2007-11-28 22:53 . 2007-11-28 22:53    53,248    --a--c---    C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 22:52 . 2007-11-28 22:52    12,288    --a--c---    C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-16 17:39 . 2007-11-16 17:39    387    --a--c---    C:\ZB20071116173958001.xml
2007-11-16 15:57 . 2007-11-16 15:57    1,077    --a--c---    C:\ZB20071116155659001.xml

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 09:32    ---------    dc----w    C:\Programmer\SPAMfighter
2007-12-13 09:18    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\SiteAdvisor
2007-12-13 08:57    ---------    dc----w    C:\Programmer\Mozilla Thunderbird
2007-12-12 13:24    ---------    dc----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-12 13:22    ---------    dc----w    C:\Programmer\ewido anti-malware
2007-12-12 13:22    ---------    dc----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-07 14:53    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\AVG7
2007-12-06 22:40    ---------    dc----w    C:\Programmer\Fælles filer\Teleca Shared
2007-12-06 22:39    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\Sony Ericsson
2007-12-06 22:39    ---------    dc----w    C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-12-06 22:38    ---------    dc----w    C:\Programmer\Sony Ericsson
2007-12-05 07:00    ---------    dc----w    C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-24 19:03    ---------    dc-h--w    C:\Programmer\InstallShield Installation Information
2007-11-24 10:23    ---------    dc----w    C:\Documents and Settings\All Users\Application Data\avg7
2007-11-24 04:29    ---------    dc----w    C:\Programmer\FreeRIP2
2007-11-18 18:36    ---------    dc----w    C:\Programmer\WinFamily
2007-11-15 21:45    ---------    dc----w    C:\Programmer\SpywareBlaster
2007-11-13 21:50    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\dvdcss
2007-11-13 21:35    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\Ahead
2007-11-13 16:20    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\OpenOffice.org2
2007-11-13 10:25    20,480    -c----w    C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 16:54    ---------    dc----w    C:\Programmer\Stellarium
2007-11-10 12:26    94    -c--a-w    C:\WINDOWS\system32\drivers\IBM_2887_K2G.MRK
2007-11-10 12:26    ---------    dc----w    C:\Programmer\Lenovo
2007-11-05 21:51    ---------    dc----w    C:\Programmer\Xvid
2007-11-05 18:58    ---------    dc----w    C:\Programmer\Canon
2007-11-05 07:19    ---------    dc----w    C:\Programmer\Java
2007-11-03 11:52    ---------    dc----w    C:\Documents and Settings\Anders Hedelund\Application Data\JDiskReport
2007-10-30 07:44    ---------    dc----w    C:\Programmer\Fælles filer\Application
2007-10-30 07:44    ---------    dc----w    C:\Programmer\Fælles filer\Ankiro
2007-10-14 17:43    ---------    dc----w    C:\Programmer\X10 Hardware
2007-10-14 17:43    ---------    dc----w    C:\Programmer\Common Files
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="C:\Programmer\TClockEx\TCLOCKEX.EXE" [2000-03-09 00:15]
"Mmm"="C:\Programmer\HACE\Mmm\Mmm.exe" [2005-12-01 17:04]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-27 17:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 02:10]
"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 07:32 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 18:07]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 18:07]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]
"TPKMAPHELPER"="C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 21:00]
"TpShocks"="TpShocks.exe" [2006-12-25 21:15 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19]
"TP4EX"="tp4ex.exe" [2005-10-17 01:11 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 02:30]
"BMMGAG"="RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" []
"BMMLREF"="C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 09:37]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 09:37]
"Dimension4"="C:\Programmer\D4\D4.exe" [2004-02-04 00:26]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-31 06:46]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 12:41]
"TPKBDLED"="C:\WINDOWS\system32\TpScrLk.exe" [2002-10-08 22:28]
"PRONoMgrWired"="C:\Programmer\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 16:08]
"CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-06 09:00]
"QuickTime Task"="C:\Programmer\QuickTime Alternative\qttask.exe" [2006-01-14 16:27]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 01:53 C:\WINDOWS\system32\bthprops.cpl]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 17:05]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38]
"MediaFace Integration"="C:\Programmer\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 16:46]
"cssauth"="C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 17:13]
"TVT Scheduler Proxy"="C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 07:54]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 10:46]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 10:41]
"PDService.exe"="C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 15:38]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 02:10]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2005-01-27 17:17]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 01:08]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2007-10-25 15:29]
"NetSoftware"="C:\Program Files\NetSoftware\Starter.exe" [2007-10-31 10:19]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 01:53]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 07:54]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="cmd /c rmdir /q C:\config.msi" []
"supportdir"="cmd /c rmdir /q /s C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2006-02-01 15:09 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\getmail]
            C:\Programmer\PaulB\GetHotmail\GetMail\GetMail.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-12-20 20:54    278528    --a------    C:\Programmer\iTunes\iTunesHelper.exe

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys
R2 Par1284;Par1284;\??\C:\Programmer\Roland CutChoice\Program\Par1284.sys
R2 PrivateDisk;PrivateDisk;\??\C:\Programmer\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
R2 smi2;smi2;\??\C:\Programmer\SMI2\smi2.sys
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Programmer\SPAMfighter\sfus.exe
R3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
S3 ADM8511;ADMtek ADM8511/AN986 USB til Fast Ethernet-converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys
S3 GEMPC430;GEMPLUS GemPC430 USB-chipkortlæser;C:\WINDOWS\system32\DRIVERS\grclass.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys
S3 rtl8180;PCM1000 Wireless LAN Card Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys
S3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
S3 USBFVNETR;WIRELESS USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 13:46:16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 10:36:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2007-12-13 10:38:03 - machine was rebooted
.
2007-12-12 13:55:36    --- E O F --- 

-----
HIJACKTHIS LOG
-----
Logfile of HijackThis v1.99.1
Scan saved at 10:20:33, on 13-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\system32\oodag.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Canon\CAL\CALWLESS.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Programmer\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmer\HACE\Mmm\Mmm.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetSoftware\NetSoftware.exe
C:\Programmer\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\AdSubtract\adsub.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\Programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Documents and Settings\Anders Hedelund\Skrivebord\Cleanup\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = MsIE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmer\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programmer\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmer\SiteAdvisor\saIE.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Programmer\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [Dimension4] C:\Programmer\D4\D4.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Programmer\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [MediaFace Integration] C:\Programmer\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Programmer\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NetSoftware] "C:\Program Files\NetSoftware\Starter.exe" /path="C:\Program Files\NetSoftware"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [TClockEx] C:\Programmer\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Mmm] "C:\Programmer\HACE\Mmm\Mmm.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AdSubtract.lnk = C:\Programmer\AdSubtract\adsub.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Opdatér ThinkPad-programmer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programmer\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://147.29.62.20/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geograf.com/viewer/v65/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137532528500
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B6982537-59D6-4A4B-9AE8-B4EC9DB0E223} (NavisWorks Lite Control) - http://cadcon.niras.dk/visualiseringer/nw_ax.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\programmer\fælles filer\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


-----
ROOTCHK LOG
------
********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
13-12-2007 10:21:39,62

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 10:21:39
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000fb39a2653]
"000ad9edd814"=hex:ca,47,5c,f3,8a,df,29,11,e4,61,7c,78,e8,3c,79,e4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000fb39a2653]
"000ad9edd814"=hex:ca,47,5c,f3,8a,df,29,11,e4,61,7c,78,e8,3c,79,e4

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG04.00.00.01SERVER"="1D483406EB040486258DB16DAB16CD6250ADE43560585D305C4E359A6A5B05809DEADA7927BC3A797754D56DFC125B24F10E68CEF2A9F091506BB3F84E920FC6C4054F655679BA803101058E8F5968426CA48EB197730437AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34526D8F72F39FC864C7D617F31414AC35095D6F5C0B3217BF566943EB413C51EC86B91672C8853F7553710402B473E243B981947DFA49F79B635B1B6BF2BD22AA2A742F2354F220C9241D26C0D2AA1FA342A3B0F3C2D30FA6014A71914DE88F43A2073A02B99EE97C819F4873C5591ACAEC0815E886816DC69918418DE51A27339A127DE22030C1C1787615B1649633BDC62679D7F1F549F8595AE8E0D79E99088166A0ECB34471DBD7CD1F678AED6A979F2A769332467F4AB5592C61C23D39690A8A309A23EDE525B48CDD549A5AE7850E750BBE77010E5EE115B2B8C82EFD0EABB91CB9A3302F8AE649278C77CF744B6A1D1B53F8A1976ED9BC08E3119A84C1A2E2B86F6C84820F8BCDBB770D35FCBD52E7EA9EEE1DE2C35A379A3544250D65EB273FAFB858B8C5029B3AD1C3E115C726D3273F98D95B3FE69D3F5393607AEDCCDE4B47470DCED8EDE62AA98E26F1688C105CAB36B38F52C43D2C3730D555624A93DE535DF6E506B714F3E362C26DB06D837D2E8EF7B3057E18FCAED080495FB1035BC842DEC29E0D41E4B8B66F85C676456060E9EA1C736263B2DA3050269610A08B6DC003CE875B3D2F3389535CE598A0C03597C445CC0289AEB30E29DF4ABA131CDAA99395B8D90C66B3DA10375C88183C6FE82E4FD23326B980ABE38E53C7B41B01CF364A417E64066C2F34800CC05F552AB247F95E918C7DE050CBED1F91937F238B82BE4285326BE70EC7C66B7C5F72D04FA2AFD97A420B444722DD2CB7739F56B8076E70EF14D67F87C43A05BE335DA49BC8F7458F7ED473DC9863901F49B98735C47416825F6DE3A718B1754B2DC63AF9B184B238B13306665924F26C406DF3E6AE130E439A3997872528F0ACD1BD7A4F50274B1E7BE06A39806E908CB6BEAEB3B02FCB7F0228753C41393D2FD8BAA18604D5482EB27DE2B01CAF3A2D40951F88A5CF55C8038B26653629B4E3AE98C00DA62D7A9B608C05AAB17ED243A3407FD360A4C0714397AB21C25C442073933DD281EAC4DC41F4BA0A3A10D284586DDD8AA47CBE911A675815985C70FC7D504FCF55721DAB478240B59EC247EB10B21FA22B4D0F069176D36ADCD84ED753D384FB53CA910619642918C19551BAAB87F79921AF06EEEA289BCDABA28751B289BCD5231EBEAE0F2E5A9F76ABA2F0424974EE29600E3098C0FCEE102FDB4F0C3FAC5E5F3C59"
"OODEFRAG08.00.00.01WORKSTATION"="29744EAE23226D4C59ABB793AE0333F9BBA0FBF13023E24255A57F9B54A78C6F4EB1854959927D2DF36426C7142FF260425B517007CEE9C084D7DF6F0AD4F74C832EB45D809335874512F4A79D79B8105A24C3C83D0D20F83BDA97514BB9AB7CBAB39E41B668EA80003BAEAD7AF372FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DBA7FD869164D6794C038D530D6EB3452455C653B152454D8B59E68B6DFA073AE4E6921B01C1CF2D85F7FAEA93A5E2854EA607D02231A3297A14C4F69DBF7E446365092E206A9077DFCE502D49D105C31DB1C99B119F404130DDD5FA1514EA68DAABC73CCB4976ED094CDF52BD734D5EB201BBC63476BC6769320D543B16A82C97D5ADD3E61DC5F50CE6523820712595CD2AA9A97CD376991E621A4964317B3E3929922E696F6059CE31DD5151B799E7BA1DD9DB2A11851D84AB4F349A1256DE764AD445DB4667C7DA32A8F02D83BCEE8D18AE37A0ECF55E396F11D693CE6D3878190F91A6F3058DA6F85834C582C0968B9C93E9B3026C1EEB7332E6ED4B5FE18887DB1FA4D5D1D43BD6C9BD888A7E05F457BB124F964565A2D986BAD036C7D9130F30841ABF8466898DF73F3A709DDDAF3BFF80930D9C7280D044A66306ACF91C0B7D212B99542221F26DBC9CA347908D77E8021EDD8BD817E1DF4379D146AD899D218F77BC5716782C658ED5C0DA53998E06AA6A13AD333BDD0CA255BCFB6CBA91193DEC724AA580A8F23D619FEC16771D58C3B8BD49B2C9B4CDD17D18A91F27701B5184CCB39358F91285F8FF628ACB28FEE60C00A97FEFB8274DB3A334D7C9C78A15B07DED86580A20744A6652147BE03517EADBBBF66D6AB09A2A5BD2DB8458FAD3F4C813D72E05B162A96C16E9A0D6BA3608D5002BCB8434B00F421EA9C3321674344DB8C8845985C15EB84C02D28460C3673333C8042879C6DE05A3341BBCD0D48691ADE7C59FC167107ABBFAA3056639346D2C25828FA94C4F16828E249F912120EEEC3425A6BB50D1EB886615821B8EDBC21DD0BB167FBC7874E5D63D64E1FCBD30C3D749A0E5E1938B125C368714B226715CA04BB55D31B5515DD4776368E0333ADC1500252E7AD33211DEA3B55926F26293853B514CB4861C6A3B64F62EF28770E39B888E9DFC4BF92670FBE9EB7F9B05D4BADA4B8CCB80874237F18460711C06D84323EC887BC6118EB10F8E217470FB21BE92118EF4075B0BE921F9ACBF6041273E744A8D15773C88CF17E7DC3459FB03385D6CE04102D14D00446DA697707444DA8D186693BA0BD9BD97C8C83C01461141E07BC0CC28739268D8248401466CF4B633024A8736A93DE1430714D6FF2D333788303BE53AEC1FE0CDCE662B192069BAFBE06A06EA56D920F6F"
"OODEFRAG10.00.00.01WORKSTATION"="F2FBBBD0A09CD21B862F11B2A58AA43ACD4C33E71458056B30F911F6E585C1E1C16A46ED47FD3BABDC0C0B95046B56C7CC8BB1FA6F658F1C0921B53EED6601A8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B5555D575E7D6A3B98080B37369C2E33A111325C55EF1203E23AF2ED147C1C492215A5621BBA855BCB97BAF0122EBE81C4DE796837B76C6E7FF0C4CA74BA8089A0C2F843118F56863B9B56DF71CC66CE123A78A966558DB6705A65FC0842580B8F78A6C22695EB650F736EE848BD7356F775DB38B7EAA85DD736BCF226345FB36181EC44510AAC61AA16BD04CBFC16266BD37542C3D0D9B5D934532D66E23A3C0C9BAE3F4C5CE4B7F3701F3C7737E1A2628E390865929C671E7B5743A6596D3187FAF2BD14B4C27BD66391338B50CF80D954C05FBC6FD3EE512799DF8753E4F3D2C5E460ECEA5B9140C1BA9C8BDD3DCBD143C833AEDAC31AA5439241EEBFEEB7EE17D25ADA0DA434A4D461C1BC2BE7634CF2B1FC64FC158F4FD25A390645BB86627F3072A95D7A71F9D6717D2CB6F5F852EC01D1C730D7C4074B2F2D39BAE4BC3680938467509D293AF87BC127327094EEAB60550B057B858797F29939AEE20CF79239FEE4102F93E4DEB211C285C19032221BBFA03E55739495AB8A7D6094F8B89D7D66B879B83AFBA07084554A3B1BAEB3236042542081701704A33CC3BC5A1004E5D0BD9E237807CA2EC879CE13B77D3B8C176A72F776E461C71A750280DE151817E912C4C0030F5D0D9C0F965FBC3A84115A5BF75EEEBDAF6A3AE8F7EB87681FDD701766C15EA4CAD0D6B8579CD583D08C3317F839DACB30825F9A36EC2828D5A739F3AFC0E3D9FCE25D5E7BAC807CD5023DE6BBD2FDE483487ED501556A7DEB882A1303B7C1C4CF4CAD2AA25310CF3B142C573CD6EEE0BF1B1CA6CF5B4A1081B6BE21F585F90091BFD70C1EB82C25200C4337AAD69B9B71FAD35ED09A988D300D0710516E62AA080F8036F4E84EAF1358DC1C6A4A42F61390D312E410F928020AA5979219A3E7EBB3DE21E0D445A09B8865DC1287F6D699A25C9A1E1FE79576D1D1B1EB91BD5D66C8BF8752D0B530B0D1DF17EECEA1A4E9A1C516470E2F0F802BD69BC2C60036990E04E76A95141BC00DDF2AFEBF7DCC5D9EF9645C086FD286011558B08C122219E69F8580BE2CA02C370FB9F5DF9B3FC24FF6AB0D981FA263E0FD2D041AEC516DDC1B691DCC9C03C772AB2F3C995E71DB8D4F55BEB58542E7FD1925BB8A5EFB121B125C0125D70B5C010635EBB97E5BDF57A88D89B3407E5530030E8F5E085C7671B4ED9E102685A84D043DD67187FA77CE3E45BACD4022E2F2EAF96977DF32FE54C7F19B38A0405BE39D7A7D5659CF40"

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0

__________
SUPERANTISPYWARE LOG
---------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2007 at 00:53 AM

Application Version : 3.7.1018

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type      : Complete Scan
Total Scan Time : 02:20:35

Memory items scanned      : 197
Memory threats detected  : 0
Registry items scanned    : 7400
Registry threats detected : 0
File items scanned        : 55628
File threats detected    : 5

Adware.Tracking Cookie
    C:\Documents and Settings\Anders Hedelund\Cookies\anders_hedelund@e2.emediate[2].txt
    C:\Documents and Settings\Anders Hedelund\Cookies\anders_hedelund@eas.apm.emediate[1].txt
    C:\Documents and Settings\Anders Hedelund\Cookies\anders_hedelund@stats.edenweb[1].txt
    C:\Documents and Settings\Anders Hedelund\Cookies\anders_hedelund@web-stats[1].txt

Trojan.TSKMAN
    C:\WINDOWS\SYSTEM32\TSKMAN.EXE
---------
----------
------
Avatar billede Computer Hjælp (Gratis) Mester
14. december 2007 - 11:21 #1
Du er 'ren' ...

Du ka' selv afgøre om du vil have denne 'Planlagte opgave' ->
"2007-12-12 13:46:16 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"

Fornuftigt med CCleaner proceduren...
Avatar billede andershl Mester
14. december 2007 - 16:12 #2
Tak, hovsa, Registry mart var bare noget, jeg havde testet. Faktisk er/var det da alerede afinstalleret. Så det stod stadig scheduleret. Interessant.

Men mange tak for en fin service....
Avatar billede Computer Hjælp (Gratis) Mester
14. december 2007 - 18:26 #3
Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...
Avatar billede andershl Mester
14. december 2007 - 18:37 #4
Det er ganske fantastisk :-) Jeg glemte helt at nævne, at skidtet også fik 'Systemgendannelse' og 'Hjælp og Support' til at 'forsvinde'. Filerne var der, men de lavede no-operation. Jeg brugte min reservecomputer til at slå op i Hjælp og Support.

Mange tak fra en tidligere oldgammel hardcore mainframenørd.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
I går 19:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »