ComboFix 09-04-29.07 - Tore 30.04.2009 19:51.1 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.47.1044.18.2038.1088 [GMT 2:00] Kjører fra: c:\users\Tore\Downloads\ComboFix1.exe AV: Norton Internet Security *On-access scanning disabled* (Outdated) FW: Norton Internet Security *disabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\x64 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-05-28 til 2009-4-30 ))))))))))))))))))))))))))))))))) . 2009-04-28 20:02 . 2009-04-28 20:35 -------- d-----w c:\users\Tore\rep 2009-04-28 19:17 . 2009-04-28 19:17 -------- d-----w c:\program files\Trend Micro 2009-04-28 19:07 . 2009-04-28 19:07 -------- d-----w c:\programdata\SUPERAntiSpyware.com 2009-04-28 19:07 . 2009-04-28 19:07 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com 2009-04-28 19:06 . 2009-04-28 19:06 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-28 19:06 . 2009-04-28 19:06 -------- d-----w c:\users\Tore\AppData\Roaming\SUPERAntiSpyware.com 2009-04-28 19:05 . 2009-04-28 19:05 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-16 16:01 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll 2009-04-16 16:01 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll 2009-04-16 16:01 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll 2009-04-16 16:01 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-30 17:55 . 2008-08-31 09:06 836 ----a-w c:\windows\bthservsdp.dat 2009-04-23 17:33 . 2008-08-31 18:55 536530 ----a-w c:\windows\system32\perfh014.dat 2009-04-23 17:33 . 2008-08-31 18:55 111956 ----a-w c:\windows\system32\perfc014.dat 2009-04-22 01:23 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail 2009-04-22 01:07 . 2008-08-31 10:27 -------- d-----w c:\program files\Microsoft SQL Server 2009-04-20 15:23 . 2008-08-31 09:17 -------- d-----w c:\program files\ThinkPad 2009-04-20 15:20 . 2008-08-31 10:06 -------- d-----w c:\program files\Picasa2 2009-04-20 15:19 . 2008-08-31 09:17 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-28 15:21 . 2009-03-28 15:21 -------- d-----w c:\program files\B2BPOKER 2009-03-17 03:38 . 2009-04-16 16:00 40960 ----a-w c:\windows\AppPatch\apihex86.dll 2009-03-17 03:38 . 2009-04-16 16:00 13824 ----a-w c:\windows\system32\apilogen.dll 2009-03-17 03:38 . 2009-04-16 16:00 24064 ----a-w c:\windows\system32\amxread.dll 2009-03-03 04:46 . 2009-04-16 16:00 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-03-03 04:46 . 2009-04-16 16:00 3547632 ----a-w c:\windows\system32\ntoskrnl.exe 2009-03-03 04:40 . 2009-04-16 16:00 827392 ----a-w c:\windows\system32\wininet.dll 2009-03-03 04:39 . 2009-04-16 16:00 183296 ----a-w c:\windows\system32\sdohlp.dll 2009-03-03 04:39 . 2009-04-16 16:00 551424 ----a-w c:\windows\system32\rpcss.dll 2009-03-03 04:39 . 2009-04-16 16:00 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll 2009-03-03 04:37 . 2009-04-16 16:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-03-03 04:37 . 2009-04-16 16:00 98304 ----a-w c:\windows\system32\iasrecst.dll 2009-03-03 04:37 . 2009-04-16 16:00 54784 ----a-w c:\windows\system32\iasads.dll 2009-03-03 04:37 . 2009-04-16 16:00 44032 ----a-w c:\windows\system32\iasdatastore.dll 2009-03-03 03:04 . 2009-04-16 16:00 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe 2009-03-03 02:38 . 2009-04-16 16:00 17408 ----a-w c:\windows\system32\iashost.exe 2009-03-03 02:28 . 2009-04-16 16:00 26624 ----a-w c:\windows\system32\ieUnatt.exe 2009-02-17 15:22 . 2009-02-17 15:22 92 ------w c:\users\Tore\AppData\Local\fusioncache.dat 2009-02-13 08:49 . 2009-04-16 16:00 72704 ----a-w c:\windows\system32\secur32.dll 2009-02-11 20:15 . 2009-02-11 20:15 56 ---h--w c:\users\All Users\ezsidmv.dat 2009-02-11 20:15 . 2009-02-11 20:15 56 ---h--w c:\programdata\ezsidmv.dat 2009-02-09 03:10 . 2009-03-11 06:26 2033152 ----a-w c:\windows\system32\win32k.sys 2009-02-06 18:59 . 2009-02-06 18:59 308104 ------w c:\windows\WLXPGSS.SCR 2009-02-06 17:52 . 2009-02-06 17:52 49504 ------w c:\windows\system32\sirenacm.dll 2009-02-06 17:08 . 2009-02-27 21:04 55280 ------w c:\windows\system32\drivers\fssfltr.sys 2009-02-05 21:06 . 2008-11-15 14:09 1356 ------w c:\users\Tore\AppData\Local\d3d9caps.dat 2008-01-21 02:43 . 2006-11-02 12:50 174 --sh--w c:\program files\desktop.ini 2008-08-31 18:58 . 2008-08-31 18:58 8192 --sh--w c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 324896] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2007-12-06 214576] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "TrackPointSrv"="tp4serv.exe" - c:\windows\System32\tp4serv.exe [2007-04-26 91184] "TpShocks"="TpShocks.exe" - c:\windows\System32\TpShocks.exe [2007-11-22 181536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] c:\users\Tore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-3-29 719664] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-31 50688] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{0F5EF6D5-911E-45F1-B24D-DDE781B2501C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{5BF5638C-F237-4A2E-A2D9-1D9591D96D71}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{D2CB8A6E-349C-4E55-A9F9-D8E429EA3AFC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B422FEA2-A63E-4485-ADB8-E114AF218C91}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0B5DA220-8B6F-471E-AAB1-9CCE846DBF10}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4CAFFD59-2C27-433A-81F9-C53CC82DF272}"= c:\program files\Skype\Phone\Skype.exe:Skype "{28A388B2-A09F-4063-9D5F-A54DC2AF7D56}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 1 (0x1) R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] S0 Shockprf;Shockprf;c:\windows\System32\DRIVERS\Apsx86.sys [2007-10-16 103472] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504] S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090129.001\IDSvix86.sys [2008-10-07 270384] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944] S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwr32v.sys [2007-12-06 12080] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] S2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280] S2 fsssvc;Windows Live Tryggere for familien;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S2 TPHKSVC;Visning på skjermen;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-02 179712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-15 99376] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936] S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2007-04-26 22832] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST *Deregistered* - comHost [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-29 c:\windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:25] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://lenovo.live.com IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-30 19:58 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\users\Tore\AppData\Roaming\skypePM\2009-04-27-0.ezlog 1376 bytes c:\users\Tore\AppData\Roaming\skypePM\2009-04-27-1.ezlog c:\users\Tore\AppData\Roaming\skypePM\2009-04-27-2.ezlog skanning vellykket skjulte filer: 3 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" [HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe" [HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" [HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" [HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_USERS\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(5420) c:\windows\system32\btmmhook.dll c:\windows\system32\btncopy.dll c:\program files\Lenovo\Drag-to-Disc\Shellex.dll c:\windows\system32\DLAAPI_W.DLL c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\ibmpmsvc.exe c:\windows\System32\audiodg.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe c:\windows\System32\IPSSVC.EXE c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Lenovo\System Update\SUService.exe c:\windows\System32\WUDFHost.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE c:\program files\Lenovo\ZOOM\TpScrex.exe c:\windows\System32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Media Player\wmplayer.exe c:\program files\ThinkPad\Bluetooth Software\BTStackServer.exe . ************************************************************************** . Tidspunkt ferdig: 2009-04-30 20:06 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-30 18:06 Pre-Run: 70 978 711 552 byte ledig Post-Run: 70 648 139 776 byte ledig 324 --- E O F --- 2009-04-30 01:05