Tjek af log
ComboFix 08-06-20.4 - Administrator 2008-06-24 16:18:25.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.275 [GMT 2:00]
Running from: D:\spyware\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Programmer\3
C:\Programmer\3\3Connect\3ConnectGettingStarted.pdf
C:\Programmer\3\3Connect\3ConnectGettingStarted.txt
C:\Programmer\3\3Connect\3ConnectHelp.chm
C:\Programmer\3\3Connect\3ConnectUserGuide.pdf
C:\Programmer\3\3Connect\AceDb.encrypt
C:\Programmer\3\3Connect\AutoUpdateSrv.exe
C:\Programmer\3\3Connect\BlacklistedProcesses.xml
C:\Programmer\3\3Connect\capicom.dll
C:\Programmer\3\3Connect\CiscoApiWrapper.dll
C:\Programmer\3\3Connect\Config.encrypt
C:\Programmer\3\3Connect\Config.xml
C:\Programmer\3\3Connect\Config_23806.encrypt
C:\Programmer\3\3Connect\Config_23806.xml
C:\Programmer\3\3Connect\Config_24002.encrypt
C:\Programmer\3\3Connect\Config_24002.xml
C:\Programmer\3\3Connect\Config_Default.encrypt
C:\Programmer\3\3Connect\Config_Default.xml
C:\Programmer\3\3Connect\ConfigAup.encrypt
C:\Programmer\3\3Connect\ConfigAup.xml
C:\Programmer\3\3Connect\DeviceInstaller.exe
C:\Programmer\3\3Connect\HuaweiCardReset.exe
C:\Programmer\3\3Connect\HuaweiE220.dll
C:\Programmer\3\3Connect\HuaweiE620.dll
C:\Programmer\3\3Connect\ImportConfiguration.exe
C:\Programmer\3\3Connect\LanDevice.dll
C:\Programmer\3\3Connect\Logger.dll
C:\Programmer\3\3Connect\mfc80u.dll
C:\Programmer\3\3Connect\Microsoft.VC80.CRT.manifest
C:\Programmer\3\3Connect\Microsoft.VC80.MFC.manifest
C:\Programmer\3\3Connect\modemcust.cfg
C:\Programmer\3\3Connect\modeminfo.cfg
C:\Programmer\3\3Connect\Modems\Huawei Modems.exe
C:\Programmer\3\3Connect\msvcp80.dll
C:\Programmer\3\3Connect\msvcr80.dll
C:\Programmer\3\3Connect\NetworkCodes.cfg
C:\Programmer\3\3Connect\OperatorList.xml
C:\Programmer\3\3Connect\OptGlobetrotterGTMax72.dll
C:\Programmer\3\3Connect\Res.dll
C:\Programmer\3\3Connect\Skins\FlashSkin\gui.swf
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\exit.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\globe.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\graph.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\signal.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\sms.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
C:\Programmer\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
C:\Programmer\3\3Connect\Sms.xml
C:\Programmer\3\3Connect\SmsApp2.dll
C:\Programmer\3\3Connect\SocketMgr.dll
C:\Programmer\3\3Connect\SoftOpt.encrypt
C:\Programmer\3\3Connect\strings.txt
C:\Programmer\3\3Connect\SysConfig.dat
C:\Programmer\3\3Connect\SystemInfo.txt
C:\Programmer\3\3Connect\Update\ConfigAup.encrypt
C:\Programmer\3\3Connect\Update\ConfigAup.xml
C:\Programmer\3\3Connect\Wilog.exe
C:\Programmer\3\3Connect\WWanDevice.dll
----- BITS: Possible infected sites -----
hxxp://server1
.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-06-24 13:20 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 13:20 . 2008-06-24 13:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-24 13:17 . 2008-06-24 13:17 <DIR> d-------- C:\Programmer\CCleaner
2008-06-24 13:00 . 2008-06-24 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-24 12:59 . 2008-06-24 12:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Birdstep Technology
2008-06-24 12:59 . 2008-06-24 12:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BeoMediaDatabase
2008-06-23 22:09 . 2008-06-23 22:12 <DIR> d-------- C:\Programmer\VAG-COM
2008-06-21 20:02 . 2008-06-21 20:02 47 --a------ C:\WINDOWS\system32\drivers\IBM_8932_FDG.MRK
2008-06-19 14:27 . 2008-06-19 14:27 <DIR> d-------- C:\Programmer\Huawei technologies
2008-06-16 20:54 . 1999-07-17 03:21 4,608 --a------ C:\WINDOWS\system32\W95Inf32.DLL
2008-06-16 20:54 . 1999-07-17 03:21 2,272 --a------ C:\WINDOWS\system32\W95Inf16.DLL
2008-06-12 12:37 . 2008-06-12 12:37 <DIR> d-------- C:\Programmer\DIFX
2008-06-12 11:57 . 2008-06-12 11:57 <DIR> d-------- C:\Documents and Settings\jch\Application Data\Birdstep Technology
2008-06-12 11:57 . 2008-06-12 11:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
2008-06-12 11:57 . 2007-05-28 17:00 10,240 --------- C:\WINDOWS\system32\drivers\mdvrmng.sys
2008-06-12 11:28 . 2008-06-12 11:28 <DIR> d-------- C:\Documents and Settings\jch\WINDOWS
2008-06-12 11:28 . 2008-06-12 11:46 <DIR> d-------- C:\CBLMGR
2008-06-12 11:28 . 1996-01-09 11:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-06-11 08:43 . 2008-05-07 07:11 1,292,288 --------- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-11 08:43 . 2008-06-14 19:35 272,256 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 08:43 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-08 10:08 . 2008-06-08 10:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-08 10:08 . 2008-06-08 10:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-05 14:16 . 2000-08-19 19:29 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll
2008-06-05 14:10 . 2008-06-05 14:10 <DIR> d-------- C:\Documents and Settings\jch\Application Data\Sonic
2008-06-05 14:09 . 2008-06-05 14:09 <DIR> d-------- C:\Documents and Settings\jch\Application Data\Leadertech
2008-06-04 22:38 . 2008-06-04 22:38 <DIR> d-------- C:\WINDOWS\system32\da
2008-06-04 22:38 . 2008-06-04 22:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-04 22:38 . 2008-06-04 22:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-04 22:36 . 2008-06-04 22:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-04 22:33 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\003132_.tmp
2008-05-30 23:40 . 2008-06-16 20:56 0 --ah----- C:\WINDOWS\msds.dat
2008-05-30 22:58 . 2008-05-30 22:59 <DIR> d-------- C:\Programmer\AGV Supertool
2008-05-30 22:42 . 2003-07-16 14:27 43,264 --------- C:\WINDOWS\system32\drivers\ser2pl.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 10:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-06-24 05:45 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-06-21 18:46 --------- d-----w C:\Programmer\Lenovo
2008-06-21 18:01 --------- d-----w C:\Programmer\Fælles filer\Lenovo
2008-06-14 17:35 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-04 19:54 --------- d-----w C:\Programmer\Microsoft Silverlight
2008-05-19 19:15 --------- d-----w C:\Programmer\Picasa2
2008-05-17 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-28 18:49 --------- d-----w C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-04-26 11:03 --------- d-----w C:\Programmer\Microsoft ActiveSync
2008-04-26 11:02 --------- d-----w C:\Programmer\Windows Mobile Device Handbook
2008-04-24 17:39 --------- d-----w C:\Programmer\Java
2008-04-14 07:06 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 07:06 284,672 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 07:06 150,528 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 07:05 69,632 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 07:05 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 07:05 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 07:05 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 07:05 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 07:05 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 07:05 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 07:05 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 07:05 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-14 07:05 1,034,752 ----a-w C:\WINDOWS\explorer.exe
2008-02-24 14:49 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Application Data\Microsoft\Feeds Cache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:05 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-12 12:13 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-05 18:18 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-05 18:18 208896]
"TPFNF7"="C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 20:03 58416]
"TPHOTKEY"="C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 07:49 66176]
"Apoint"="C:\Programmer\Apoint2K\Apoint.exe" [2007-03-05 15:27 172032]
"TpShocks"="TpShocks.exe" [2007-09-28 14:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 19:32 243248]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-09-07 03:27 141848]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-09-07 03:27 162328]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-09-07 03:27 137752]
"TVT Scheduler Proxy"="C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"AwaySch"="C:\Programmer\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 12:51 91688]
"AMSG"="C:\Programmer\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 20:00 419376]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-07-12 19:11 124256]
"nmapp"="C:\Programmer\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 16:42 321088]
"DiskeeperSystray"="C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 17:24 196696]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 15:58 413696]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 15:51 126976]
"cssauth"="C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 17:35 2630968]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 09:05 143872]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"itype"="C:\Programmer\Microsoft IntelliType Pro\itype.exe" [2006-07-08 01:14 576320]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"Beoplayertray"="C:\Programmer\Bang & Olufsen\BeoPort\Beotray.exe" [2007-10-16 11:45 406528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 09:05 15360]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
BeoPort.lnk - C:\Programmer\Bang & Olufsen\BeoPort\BeoPlayer.exe [2008-04-13 16:38:32 705024]
BTTray.lnk - C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 18:43:30 561213]
Digital Line Detect.lnk - C:\Programmer\Digital Line Detect\DLG.exe [2008-02-24 16:45:21 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 15:52 32768 C:\Programmer\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-14 23:17 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Programmer\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 09:37 34344 C:\Programmer\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Programmer\Lenovo\HOTKEY\tphklock.dll 2006-12-14 04:06 28672 C:\Programmer\Lenovo\HOTKEY\tphklock.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Programmer\Microsoft ActiveSync\rapimgr.exe"= C:\Programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Programmer\Microsoft ActiveSync\wcescomm.exe"= C:\Programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Programmer\Microsoft ActiveSync\WCESMgr.exe"= C:\Programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 17:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 17:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 12:24]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [2008-04-04 12:17]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-05 18:18]
R2 mdvrmng;Mobile IP Route Manager;C:\WINDOWS\system32\drivers\mdvrmng.sys [2007-05-28 17:00]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2008-04-04 12:17]
R2 smihlp;SMI Helper Driver (smihlp);C:\Programmer\Fælles filer\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Programmer\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-07-11 21:38]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 16:59]
S3 beopcusb;beopcusb;C:\WINDOWS\system32\drivers\beopcusb.sys [2007-08-28 14:57]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 17:35:52 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-06-24 15:04:54 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 17:04:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Programmer\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Programmer\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\PavPrSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmer\Pure Networks\Network Magic\nmsrvc.exe
C:\Programmer\Lenovo\System Update\SUService.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Apoint2K\ApMsgFwd.exe
C:\Programmer\Lenovo\ZOOM\TpScrex.exe
C:\Programmer\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\ThinkVantage Fingerprint Software\enrollbtn.exe
.
**************************************************************************
.
Completion time: 2008-06-24 17:07:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-24 15:07:36
Pre-Run: 131,638,960,128 byte ledig
Post-Run: 132,709,478,400 byte ledig
314 --- E O F --- 2008-06-20 18:56:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:54, on 24-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
c:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Programmer\Pure Networks\Network Magic\nmsrvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Fælles filer\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Programmer\Lenovo\HOTKEY\TPONSCR.exe
C:\Programmer\Apoint2K\ApMsgFwd.exe
C:\Programmer\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
C:\Programmer\ThinkVantage\AMSG\Amsg.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Programmer\Pure Networks\Network Magic\nmapp.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Lenovo\Client Security Solution\cssauth.exe
C:\Programmer\Microsoft IntelliType Pro\itype.exe
C:\Programmer\Microsoft IntelliPoint\ipoint.exe
C:\Programmer\Bang & Olufsen\BeoPort\Beotray.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Bang & Olufsen\BeoPort\BeoPlayer.exe
C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Documents and Settings\Administrator\Skrivebord\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eksperten.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Programmer\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Programmer\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Programmer\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Programmer\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [nmapp] "C:\Programmer\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Programmer\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Programmer\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Beoplayertray] C:\Programmer\Bang & Olufsen\BeoPort\Beotray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BeoPort.lnk = C:\Programmer\Bang & Olufsen\BeoPort\BeoPlayer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Programmer\Digital Line Detect\DLG.exe
O4 - Global Startup: Opdateringsagent.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Send til &Bluetooth-enhed... - C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programmer\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://server1/ConnectComputer/nshelp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214320237906
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mec.local
O17 - HKLM\Software\..\Telephony: DomainName = mec.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mec.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mec.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = mec.local
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Programmer\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Programmer\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Programmer\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programmer\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Programmer\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 14035 bytes
