CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede nokia6280 Nybegynder
20. juli 2008 - 19:09 Der er 2 kommentarer og
1 løsning

Jeg har fået virus

Jeg er så uheldigt at have fået en virus på min arbejds pc.

Her er en Hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:20, on 20-07-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Citrix\PNAgent\ssonsvr.exe
C:\WINDOWS\TEMP\KGB24E.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Citrix\PNAgent\pnagent.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: search toolbar - {7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6} - C:\WINDOWS\system32\TOOLBA~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmer\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmer\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmer\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programmer\Citrix\PNAgent\pnagent.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://doc-server/qs/ScriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174317735968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176449806343
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dynaudio.net
O17 - HKLM\Software\..\Telephony: DomainName = dynaudio.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dynaudio.net
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Client Access Express - ekstern kommando (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11119 bytes
Avatar billede levich Nybegynder
20. juli 2008 - 19:32 #1
Følg vejledningen her: http://www.eksperten.dk/artikler/1123
Dog skal du bruge din nuværende version af hijackthis.
Bagefter send loggen fra SuperAntiSpyware, Combofix og hijackthis herind.
Avatar billede nokia6280 Nybegynder
20. juli 2008 - 20:45 #2
Hej
Her loggen fra SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2008 at 08:12 PM

Application Version : 4.0.1154

Core Rules Database Version : 3508
Trace Rules Database Version: 1499

Scan type      : Complete Scan
Total Scan Time : 00:29:50

Memory items scanned      : 512
Memory threats detected  : 1
Registry items scanned    : 5803
Registry threats detected : 9
File items scanned        : 22958
File threats detected    : 7

Trojan.Unclassified-Packed/Suspicious
    C:\WINDOWS\SYSTEM32\TOOLBA~1.DLL
    C:\WINDOWS\SYSTEM32\TOOLBA~1.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}\InprocServer32
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}\InprocServer32#ThreadingModel
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}\ProgID
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}\Programmable
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}\TypeLib
    HKCR\CLSID\{7D76D0EB-AE56-4DF4-AFFC-20AFF4344AC6}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\TOOLBARSRCH.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\IT\Cookies\it@adtech[2].txt
    C:\Documents and Settings\IT\Cookies\it@atdmt[1].txt
    C:\Documents and Settings\IT\Cookies\it@lenovo.112.2o7[1].txt
    C:\Documents and Settings\IT\Cookies\it@msnportal.112.2o7[1].txt

Trojan.Dropper/SFDBee-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{182CAA29-A3FB-4C35-9C7F-E6C17495D11E}\RP306\A0038906.EXE

Her er loggen fra Combofix :

ComboFix 08-07-19.1 - AB 2008-07-20 20:29:13.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.565 [GMT 2:00]
Running from: E:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-06-20 to 2008-07-20  )))))))))))))))))))))))))))))))
.

2008-07-20 19:40 . 2008-07-20 19:40    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-20 19:39 . 2008-07-20 19:39    <DIR>    d--------    C:\Documents and Settings\AB\Application Data\SUPERAntiSpyware.com
2008-07-20 19:38 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-20 19:25 . 2008-07-20 19:39    <DIR>    d--------    C:\Programmer\Allan
2008-07-20 14:19 . 2008-07-20 14:19    <DIR>    d--------    C:\Programmer\AC3Filter
2008-07-20 14:19 . 2008-07-09 10:05    421,888    --a------    C:\WINDOWS\system32\ac3filter.acm
2008-07-20 14:11 . 2008-07-20 14:11    <DIR>    d--------    C:\Programmer\Synaptics
2008-07-20 13:26 . 2008-07-20 13:26    <DIR>    d--------    C:\Programmer\Sun
2008-07-15 08:42 . 2008-07-15 08:42    268    --ah-----    C:\sqmdata03.sqm
2008-07-15 08:42 . 2008-07-15 08:42    244    --ah-----    C:\sqmnoopt03.sqm
2008-07-15 08:25 .     <DIR>        C:\Programmer\Fælles filer\Lenovo
2008-07-15 08:21 . 2008-07-15 08:21    <DIR>    d--------    C:\Documents and Settings\AB\(null)
2008-06-20 19:48 . 2008-06-20 19:48    246,784    -----c---    C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:48 . 2008-06-20 19:48    147,968    -----c---    C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51    361,600    -----c---    C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40    138,496    -----c---    C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08    225,856    -----c---    C:\WINDOWS\system32\dllcache\tcpip6.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 13:39    ---------    d-----w    C:\Programmer\Trend Micro
2008-07-20 11:26    ---------    d-----w    C:\Programmer\Java
2008-07-15 06:41    ---------    d-----w    C:\Programmer\MSN Messenger
2008-07-15 06:26    ---------    d-----w    C:\Programmer\Lenovo
2008-06-20 11:51    361,600    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40    138,496    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08    225,856    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 05:51    94    ----a-w    C:\WINDOWS\system32\drivers\IBM_1858_69G.MRK
2008-06-14 17:35    272,256    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 08:18    0    ---ha-w    C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-26 08:18    0    ---ha-w    C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-26 08:14    ---------    d-----w    C:\Programmer\Nokia
2008-05-26 08:12    ---------    d-----w    C:\Programmer\Fælles filer\Nokia
2008-05-26 08:11    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Installations
2008-05-26 08:09    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-26 08:04    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nokia
2008-05-26 07:25    ---------    d-----w    C:\Documents and Settings\AB\Application Data\Nokia
2008-05-26 06:50    ---------    d-----w    C:\Programmer\Fælles filer\PCSuite
2008-05-26 06:49    ---------    d-----w    C:\Programmer\PC Connectivity Solution
2008-05-26 06:49    ---------    d-----w    C:\Programmer\DIFX
2008-05-26 06:49    ---------    d-----w    C:\Documents and Settings\AB\Application Data\PC Suite
2008-05-21 08:54    ---------    d-----w    C:\Programmer\Microsoft Silverlight
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 03:10 442368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
"SUPERAntiSpyware"="C:\Programmer\Allan\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-20 20:19 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACTray"="C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 15:58 413696]
"ACWLIcon"="C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 15:51 126976]
"OfficeScanNT Monitor"="C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-09-01 19:30 335872]
"ibmmessages"="C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 03:10 442368]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 03:33 243248]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 02:19 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 02:19 208896]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-09-15 10:53 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-09-15 10:50 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-09-15 10:54 118784]
"Client Access Service"="C:\Programmer\IBM\Client Access\cwbsvstr.exe" [2000-11-28 06:10 20480]
"Client Access Help Update"="C:\Programmer\IBM\Client Access\cwbinhlp.exe" [2000-11-28 06:10 24576]
"Client Access Check Version"="C:\Programmer\IBM\Client Access\cwbckver.exe" [2000-11-28 06:10 49152]
"Client Access Express Welcome"="C:\Programmer\IBM\Client Access\cwbwlwiz.exe" [2000-11-28 06:10 20480]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"TpShocks"="TpShocks.exe" [2007-03-29 18:40 181808 C:\WINDOWS\system32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:05 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Cisco Systems VPN Client.lnk - C:\Programmer\Cisco Systems\VPN Client\vpngui.exe [2007-03-19 20:24:10 1528880]
Digital Line Detect.lnk - C:\Programmer\Digital Line Detect\DLG.exe [2007-03-19 18:28:21 24576]
Program Neighborhood Agent.lnk - C:\Programmer\Citrix\PNAgent\pnagent.exe [2007-03-19 20:12:07 233744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\Allan\SUPERAntiSpyware\SASSEH.DLL" [2008-07-20 20:19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\Allan\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 15:52 32768 C:\Programmer\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 14:44 3100672 C:\Programmer\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-03-02 17:49]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-03-02 17:47]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 12:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-21 02:19]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13]

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-07-20 18:34:44 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TVT Scheduler Proxy - C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 20:34:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Trend Micro\OfficeScan Client\TmListen.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmer\Lenovo\System Update\SUService.exe
C:\Programmer\Citrix\PNAgent\ssonsvr.exe
C:\WINDOWS\Temp\VHD9F.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2008-07-20 20:37:44 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-20 18:37:40

Pre-Run: 21,452,230,656 byte ledig
Post-Run: 21,397,598,208 byte ledig

169    --- E O F ---    2008-07-20 13:23:30

Og til sidst Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40, on 2008-07-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe
C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programmer\lenovo\system update\suservice.exe
C:\Programmer\Citrix\PNAgent\ssonsvr.exe
C:\WINDOWS\TEMP\VHD9F.EXE
C:\Programmer\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Programmer\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Allan\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Citrix\PNAgent\pnagent.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ACTray] C:\Programmer\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Programmer\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmer\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmer\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmer\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmer\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Programmer\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\Allan\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programmer\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programmer\Citrix\PNAgent\pnagent.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://doc-server/qs/ScriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174317735968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176449806343
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dynaudio.net
O17 - HKLM\Software\..\Telephony: DomainName = dynaudio.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dynaudio.net
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\Allan\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmer\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmer\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Client Access Express - ekstern kommando (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\programmer\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Programmer\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe

--
End of file - 11045 bytes


Mvh
Avatar billede levich Nybegynder
21. juli 2008 - 00:09 #3
Det ser meget bedre ud nu.

Genstart i fejlsikret tilstand og fix denne linje med hijackthis:
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://doc-server/qs/ScriptX/smsx.cab

Herefter skulle alt være i orden.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
51 min siden nægtet adgang til hjemmeside Af birdbrain i Søgemaskiner
I dag 16:34 ang e-mail opsætning Af made18 i E-mail
I dag 15:02 En mærkelig besked ved åbning af Outlook Af ErikHg i Windows
I dag 09:48 Delphi 7 "Modificeret binær søgning " Af snestrup2000 i Andet software
08/0820:35 Hvad har telefonen med kodelæseren at gøre ? Af valby i Apps til Android
White papers
Flere white papers »


Premium
Teaser billede
Cisco, Google, Pandora og mange flere ramt af databrud: Stribevis af globale virksomheder falder for samme finte
Læs mere »
Mens statskassen er presset, køber den offentlige sektor i Storbritannien Microsoft-licenser for milliarder
Nye krav får prisen for offentligt kæmpe-system fra Netcompany til at stige markant
En af verdens største it-distributører døjer stadig med følgerne efter ransomware-angreb: Hackere har stjålet data
Se alle »
Computerworld
Teaser billede
I næste uge kan det være slut med MitID for tusindvis af danskere: Kan din telefon håndtere den nye opdatering?
Læs mere »
Forsvarets Efterretningstjeneste lukker sit store overvågningsnetværk: Er for farligt
Test af smart robotplæneklipper: Guf for plænefans og tech-legebørn i alle aldre
Sam Altman postede et foto af Dødsstjernen fra Starwars, og straks vidste folk, hvad det betød: I aften er noget stort er på vej
Se alle »
CIO
Teaser billede
Næstkommanderende i DSV's kæmpe it-afdeling siger farvel og tak: Skifter til topstilling i dansk transport-kæmpe
Læs mere »
Sådan kom Pandora-hackerne ind: Udnyttede denne platform til at stjæle kundeoplysninger
Google udsat for databrud: Er faldet for et fupnumer selskabet selv har advaret mod
Microsoft bekræfter: Afbrød energi-gigants adgang til skyen - vil ikke svare på helt centrale spørgsmål
Se alle »
Job & Karriere
Teaser billede
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Læs mere »
Itm8 fyrer: Opsiger ansatte og reorganiserer
Lille dansk it-virksomhed fra Vanløse lander drømmekontrakt, der rækker langt ind i stifterens pension
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Se alle »
White paper
Teaser billede
Sådan får du succes med AI i hele organisationen
Læs mere »
NIS2: Sådan styrker du både cybersikkerhed og compliance
Sådan samler du virtualisering og containerdrift i én løsning
IT i front: Sådan bliver netværk en strategisk driver
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »