Avatar billede annej Nybegynder
16. oktober 2009 - 21:01 Der er 17 kommentarer

Virus på bærbar

Hej med jer.

Jeg sidder og prøver at få en bærbar til at blive virusfri. Det er en bekendt, der aldrig har brugt antivirussoftware, så den er vist lidt inficeret :-)

Jeg har kørt Ccleaner, Mailvarebytes (se rapport nedenfor - de samme 3 beskeder kommer hver gang selvom jeg beder om at få dem fjernet)) og har forsøgt at installere Avast uden held. Tror noget virus stopper installeringen.

Er der nogen der kan hjælpe?

Her er en rapport fra HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:31, on 16-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32 \smss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lexmark 6500 Series\lxdfamon.exe
C:\Programmer\Lexmark 6500 Series\lxdfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Camilla Ravn\Skrivebord\jack.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Windows Live\Toolbar\wltuser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Programmer\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Programmer\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Programmer\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device -  - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CAMILL~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 11773 bytes



Og resultatet fra Malwarebytes:


Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3

16-10-2009 14:54:37
mbam-log-2009-10-16 (14-54-33).txt

Skan type: Hurtig skanning
Objekter skannet: 111542
Tid tilbagelagt: 4 minute(s), 47 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\WINDOWS\system32 \smss.exe" "%1" %*) Good: ("%1" %*) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe,) Good: (Userinit.exe) -> No action taken.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
16. oktober 2009 - 21:32 #1
Hvad tror du dette betyder: No action taken... ...

Du har glemt denne 'detalje' mht MalwareBytes -> "Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" ..."

Så en ny omgang med Malwarebytes ...

Efter en genstart eller to en frisk log fra HiJackThis...

---

Der er en del 'oprydning' - det tager vi bagefter...
Avatar billede johnstigers Seniormester
16. oktober 2009 - 22:05 #2
Kan se du kører Hijackthis direkte fra skrivebordet...

Flyt den til sin egen mappe inden ny log.
Avatar billede Naddo Nybegynder
16. oktober 2009 - 22:07 #3
Gem dataen, og formater..
Avatar billede johnstigers Seniormester
16. oktober 2009 - 22:13 #4
Naddo???

Hvorfor lægger du det som et svar?
Avatar billede Naddo Nybegynder
16. oktober 2009 - 22:17 #5
ingen ide er ny her : /

Hvad er forskellen og hvornår skal man bruge hvad?
Avatar billede annej Nybegynder
17. oktober 2009 - 10:43 #6
Hmmm... Har kørt Mailwarebytes 10 gange inkl. "fjern det valgte" og genstart. De samme 3 filer dukker op hver gang...

Her er en ny log fra HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:50, on 17-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32 \smss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lexmark 6500 Series\lxdfmon.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Lexmark 6500 Series\lxdfamon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Camilla Ravn\Skrivebord\Jack\jack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Programmer\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Programmer\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Programmer\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device -  - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CAMILL~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 10894 bytes


Og ny fil fra Mailwarebytes:
Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3

17-10-2009 10:21:01
mbam-log-2009-10-17 (10-21-01).txt

Skan type: Hurtig skanning
Objekter skannet: 111084
Tid tilbagelagt: 5 minute(s), 10 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 3
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\WINDOWS\system32 \smss.exe" "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)
Avatar billede johnstigers Seniormester
17. oktober 2009 - 10:56 #7
Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vigtigt: Luk ned for evt. sikkerhedsprogrammer inden du kører ComboFix.
Avatar billede f-arn Guru
17. oktober 2009 - 11:29 #8
OT:
@john_stigers: Tillykke med dagen ;-)
Avatar billede annej Nybegynder
17. oktober 2009 - 11:32 #9
Ja, tillykke med dagen :-)

Så har jeg kørt Combofix og har genstartet. Her er logfilen:

ComboFix 09-10-16.09 - Camilla Ravn 17-10-2009 11:16.2.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1023.649 [GMT 2:00]
Kører fra: c:\documents and settings\Camilla Ravn\Skrivebord\Combo.exe
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Camilla Ravn\Dokumenter\smss.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-17 til 2009-10-17  )))))))))))))))))))))))))))))))))))
.

2009-10-16 12:24 . 2009-10-16 12:24    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2009-10-16 10:35 . 2009-10-16 10:35    --------    d-----w-    C:\$AVG
2009-10-16 10:34 . 2009-10-16 10:58    --------    d-----w-    c:\programmer\AVG
2009-10-16 10:34 . 2009-10-16 12:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg9
2009-10-16 08:00 . 2009-10-16 08:00    --------    d-----w-    c:\programmer\CCleaner
2009-10-15 18:49 . 2009-10-15 18:49    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2009-10-15 18:16 . 2009-10-15 18:16    --------    d-----w-    c:\documents and settings\Camilla Ravn\Application Data\Malwarebytes
2009-10-15 18:16 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 18:16 . 2009-10-15 18:16    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-10-15 18:16 . 2009-10-15 18:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-15 18:16 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-10-15 16:50 . 2009-10-15 16:50    --------    d-----w-    c:\windows\l2schemas
2009-10-15 16:50 . 2009-10-15 16:50    --------    d-----w-    c:\windows\system32\da
2009-10-15 16:50 . 2009-10-15 16:50    --------    d-----w-    c:\windows\system32\bits
2009-10-15 13:42 . 2008-04-14 16:05    1358848    ----a-w-    c:\windows\system32\wbem\cimwin32.dll
2009-10-15 13:41 . 2008-04-14 16:06    507904    ------w-    c:\windows\system32\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 19:05 . 2008-03-15 11:03    --------    d-----w-    c:\programmer\Google
2009-10-16 10:40 . 2009-06-16 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 18:16 . 2004-09-17 14:18    84770    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-15 18:16 . 2004-09-17 14:18    461268    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-15 17:56 . 2005-08-09 16:10    --------    d-----w-    c:\programmer\Microsoft Works
2009-10-15 16:21 . 2005-08-09 16:12    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-10-15 14:04 . 2005-08-09 16:12    --------    d-----w-    c:\programmer\Symantec
2009-10-15 13:54 . 2005-08-09 16:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-10-15 13:41 . 2005-08-09 16:14    --------    d-----w-    c:\programmer\Norton Internet Security
2009-09-16 09:01 . 2009-09-16 09:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2009-09-14 09:01 . 2009-09-14 09:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 14:19 . 2009-10-15 13:41    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2009-10-15 13:42    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-09-03 11:34 . 2005-08-13 14:18    75744    ----a-w-    c:\documents and settings\Camilla Ravn\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 12:38 . 2009-09-02 12:38    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-08-29 07:58 . 2004-09-17 14:18    916480    ------w-    c:\windows\system32\wininet.dll
2009-08-28 06:52 . 2009-08-28 06:51    --------    d-----w-    c:\programmer\iTunes
2009-08-28 06:51 . 2009-08-28 06:51    --------    d-----w-    c:\programmer\iPod
2009-08-28 06:51 . 2007-07-18 09:36    --------    d-----w-    c:\programmer\Fælles filer\Apple
2009-08-28 06:48 . 2009-08-28 06:47    --------    d-----w-    c:\programmer\QuickTime
2009-08-26 08:02 . 2004-09-17 14:18    247326    ----a-w-    c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33    1193832    ----a-w-    c:\windows\system32\FM20.DLL
2009-08-05 09:00 . 2009-10-15 13:42    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2009-10-15 13:41    2191744    ------w-    c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2009-10-15 13:41    2068608    ------w-    c:\windows\system32\ntkrnlpa.exe
2008-03-15 11:02 . 2008-03-15 11:01    13413048    ----a-w-    c:\programmer\Google_Earth_BZXV.exe
2007-06-13 13:22 . 2004-09-17 14:18    425984    --sha-w-    c:\windows\system32 \smss.exe
.

(((((((((((((((((((((((((((((  SnapShot@2009-10-16_10.02.19  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:54 . 2009-07-11 18:54    65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 23:07 . 2009-07-11 23:07    57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 23:19 . 2009-07-11 23:19    69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 17:41 . 2009-07-11 17:41    97280              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-06-16 08:27 . 2009-10-16 10:40    35088              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    35088              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    18704              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    18704              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    20240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    20240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-02 12:23 . 2009-04-02 12:23    10104              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\XLCALL32.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    54088              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 15:24 . 2009-03-04 15:24    75608              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    38240              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-01-06 19:31 . 2009-01-06 19:31    48512              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    52072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2008-11-24 20:32 . 2008-11-24 20:32    46928              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLRPC.DLL
+ 2008-10-30 19:24 . 2008-10-30 19:24    21368              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MLSHEXT.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    34192              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    87392              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58    33080              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-07-11 23:12 . 2009-07-11 23:12    632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09    554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08    479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-05-26 16:53 . 2009-05-26 16:53    579072              c:\windows\Installer\21e7c2.msp
+ 2009-10-16 10:33 . 2009-10-16 10:33    424448              c:\windows\Installer\1e84e1.msi
- 2009-06-16 08:27 . 2009-10-15 18:26    888080              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    888080              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    272648              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    272648              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    922384              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    922384              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    845584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    845584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    217864              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    217864              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 16:11 . 2009-04-03 16:11    408424              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-04 15:24 . 2009-03-04 15:24    282032              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    273320              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 00:06 . 2009-03-06 00:06    407904              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-06 01:41 . 2009-03-06 01:41    589704              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 08:59 . 2009-01-08 08:59    624520              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    420696              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2008-10-25 04:21 . 2008-10-25 04:21    136072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2009-10-15 17:58 . 2009-10-15 17:58    350064              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 16:04 . 2009-04-03 16:04    521064              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-20 22:49 . 2008-11-20 22:49    169360              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 00:05 . 2009-03-06 00:05    593288              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-30 19:24 . 2008-10-30 19:24    137552              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2009-03-06 02:55 . 2009-03-06 02:55    194448              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 02:55 . 2009-03-06 02:55    661888              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    253808              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2008-11-03 22:04 . 2008-11-03 22:04    498072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    340304              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    138072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2008-11-20 22:48 . 2008-11-20 22:48    155016              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\ENVELOPE.DLL
+ 2008-11-20 22:48 . 2008-11-20 22:48    116600              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 00:05 . 2009-03-06 00:05    127336              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\CONTAB32.DLL
- 2009-10-15 17:58 . 2009-10-15 17:58    350064              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-10-16 10:39 . 2009-10-16 10:39    350064              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46    1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46    1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-05-26 16:54 . 2009-05-26 16:54    4192768              c:\windows\Installer\21e828.msp
+ 2009-05-04 05:47 . 2009-05-04 05:47    9124864              c:\windows\Installer\21e810.msp
+ 2009-08-05 05:49 . 2009-08-05 05:49    3457024              c:\windows\Installer\21e7ec.msp
+ 2009-04-24 10:28 . 2009-04-24 10:28    4450816              c:\windows\Installer\21e7d7.msp
+ 2009-08-18 11:08 . 2009-08-18 11:08    1373696              c:\windows\Installer\21e7b0.msp
+ 2009-04-24 10:29 . 2009-04-24 10:29    9013760              c:\windows\Installer\21e765.msp
+ 2009-06-16 08:27 . 2009-10-16 10:40    1172240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    1172240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-16 08:26 . 2009-10-16 10:40    1165584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-06-16 08:26 . 2009-10-15 18:26    1165584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-21 01:12 . 2008-11-21 01:12    3750256              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 07:35 . 2008-10-25 07:35    1847160              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2009-04-03 16:04 . 2009-04-03 16:04    8468840              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 00:05 . 2009-03-06 00:05    2964336              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-03-06 01:41 . 2009-03-06 01:41    9589096              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2008-11-20 21:06 . 2008-11-20 21:06    1194848              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2009-08-18 10:50 . 2009-08-18 10:50    12022272              c:\windows\Installer\21e79d.msp
+ 2009-04-03 16:11 . 2009-04-03 16:11    17740136              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 00:06 . 2009-03-06 00:06    12707696              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-04-03 16:11 . 2009-04-03 16:11    18330984              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\EXCEL.EXE
.
-- Snapshot sat til dags dato --
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmer\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-10-11 77824]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"IntelWireless"="c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\programmer\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\programmer\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"EPSON Stylus C48 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-17 99840]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"lxdfmon.exe"="c:\programmer\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]
"lxdfamon"="c:\programmer\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\programmer\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2005-8-9 24576]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32 \smss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08    110592    ----a-w-    c:\programmer\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdfcoms.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\lxdfamon.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\frun.exe"=
"c:\\Programmer\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\LXDFFax.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\lxdfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\Wireless\\lxdfwpss.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfwbgw.exe"=
"c:\\WINDOWS\\SYSTEM~1\\smss.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [24-03-2009 12:02 55152]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [06-01-2009 17:28 99248]
S3 4f639401-eeb2-4df0-a153-af0e7446d7da;4f639401-eeb2-4df0-a153-af0e7446d7da;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [06-01-2008 21:01 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8BB7AA-34B8-4058-85C7-5F750A62BE2D}]
c:\windows\system32\msiexec.exe  /fup {8D8BB7AA-34B8-4058-85C7-5F750A62BE2D} /q
.
Indhold af mappen 'Planlagte Opgaver'

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{6099E199-E4CE-4764-92DD-777B98C8E3C4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
.
------- Fil Associationer -------
.
exefile="c:\windows\system32 \smss.exe" "%1" %*
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-HijackThis - c:\documents and settings\Camilla Ravn\Skrivebord\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 11:21
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\programmer\Intel\Wireless\Bin\LgNotify.dll
.
Gennemført tid: 2009-10-17 11:23
ComboFix-quarantined-files.txt  2009-10-17 09:23
ComboFix2.txt  2009-10-16 10:05

Pre-Kørsel: 27.616.256.000 byte ledig
Post-Kørsel: 27.617.718.272 byte ledig

273    --- E O F ---    2009-10-16 10:40
ComboFix 09-10-16.09 - Camilla Ravn 17-10-2009 11:16.2.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.1023.649 [GMT 2:00]
Kører fra: c:\documents and settings\Camilla Ravn\Skrivebord\Combo.exe
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Camilla Ravn\Dokumenter\smss.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-17 til 2009-10-17  )))))))))))))))))))))))))))))))))))
.

2009-10-16 12:24 . 2009-10-16 12:24    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2009-10-16 10:35 . 2009-10-16 10:35    --------    d-----w-    C:\$AVG
2009-10-16 10:34 . 2009-10-16 10:58    --------    d-----w-    c:\programmer\AVG
2009-10-16 10:34 . 2009-10-16 12:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg9
2009-10-16 08:00 . 2009-10-16 08:00    --------    d-----w-    c:\programmer\CCleaner
2009-10-15 18:49 . 2009-10-15 18:49    --------    d-sh--w-    c:\documents and settings\LocalService\IETldCache
2009-10-15 18:16 . 2009-10-15 18:16    --------    d-----w-    c:\documents and settings\Camilla Ravn\Application Data\Malwarebytes
2009-10-15 18:16 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-15 18:16 . 2009-10-15 18:16    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-10-15 18:16 . 2009-10-15 18:16    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-15 18:16 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-10-15 16:50 . 2009-10-15 16:50    --------    d-----w-    c:\windows\l2schemas
2009-10-15 16:50 . 2009-10-15 16:50    --------    d-----w-    c:\windows\system32\da
2009-10-15 16:50 . 2009-10-15 16:50    --------    d-----w-    c:\windows\system32\bits
2009-10-15 13:42 . 2008-04-14 16:05    1358848    ----a-w-    c:\windows\system32\wbem\cimwin32.dll
2009-10-15 13:41 . 2008-04-14 16:06    507904    ------w-    c:\windows\system32\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 19:05 . 2008-03-15 11:03    --------    d-----w-    c:\programmer\Google
2009-10-16 10:40 . 2009-06-16 08:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 18:16 . 2004-09-17 14:18    84770    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-15 18:16 . 2004-09-17 14:18    461268    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-15 17:56 . 2005-08-09 16:10    --------    d-----w-    c:\programmer\Microsoft Works
2009-10-15 16:21 . 2005-08-09 16:12    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-10-15 14:04 . 2005-08-09 16:12    --------    d-----w-    c:\programmer\Symantec
2009-10-15 13:54 . 2005-08-09 16:12    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-10-15 13:41 . 2005-08-09 16:14    --------    d-----w-    c:\programmer\Norton Internet Security
2009-09-16 09:01 . 2009-09-16 09:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee
2009-09-14 09:01 . 2009-09-14 09:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-11 14:19 . 2009-10-15 13:41    136192    ----a-w-    c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2009-10-15 13:42    58880    ----a-w-    c:\windows\system32\msasn1.dll
2009-09-03 11:34 . 2005-08-13 14:18    75744    ----a-w-    c:\documents and settings\Camilla Ravn\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 12:38 . 2009-09-02 12:38    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2009-08-29 07:58 . 2004-09-17 14:18    916480    ------w-    c:\windows\system32\wininet.dll
2009-08-28 06:52 . 2009-08-28 06:51    --------    d-----w-    c:\programmer\iTunes
2009-08-28 06:51 . 2009-08-28 06:51    --------    d-----w-    c:\programmer\iPod
2009-08-28 06:51 . 2007-07-18 09:36    --------    d-----w-    c:\programmer\Fælles filer\Apple
2009-08-28 06:48 . 2009-08-28 06:47    --------    d-----w-    c:\programmer\QuickTime
2009-08-26 08:02 . 2004-09-17 14:18    247326    ----a-w-    c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33    1193832    ----a-w-    c:\windows\system32\FM20.DLL
2009-08-05 09:00 . 2009-10-15 13:42    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2009-10-15 13:41    2191744    ------w-    c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2009-10-15 13:41    2068608    ------w-    c:\windows\system32\ntkrnlpa.exe
2008-03-15 11:02 . 2008-03-15 11:01    13413048    ----a-w-    c:\programmer\Google_Earth_BZXV.exe
2007-06-13 13:22 . 2004-09-17 14:18    425984    --sha-w-    c:\windows\system32 \smss.exe
.

(((((((((((((((((((((((((((((  SnapShot@2009-10-16_10.02.19  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 18:54 . 2009-07-11 18:54    65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32    40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 23:07 . 2009-07-11 23:07    57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 23:19 . 2009-07-11 23:19    69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 17:41 . 2009-07-11 17:41    97280              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-06-16 08:27 . 2009-10-16 10:40    35088              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    35088              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    18704              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    18704              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    20240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    20240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-02 12:23 . 2009-04-02 12:23    10104              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\XLCALL32.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    54088              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCANOST.EXE
+ 2009-03-04 15:24 . 2009-03-04 15:24    75608              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RM.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    38240              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RECALL.DLL
+ 2009-01-06 19:31 . 2009-01-06 19:31    48512              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PUBTRAP.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    52072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLVBA.DLL
+ 2008-11-24 20:32 . 2008-11-24 20:32    46928              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLRPC.DLL
+ 2008-10-30 19:24 . 2008-10-30 19:24    21368              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MLSHEXT.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    34192              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\DUMPSTER.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    87392              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\DLGSETP.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58    33080              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.4518\VPREVIEW.EXE
+ 2009-07-11 23:12 . 2009-07-11 23:12    632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09    554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08    479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2009-05-26 16:53 . 2009-05-26 16:53    579072              c:\windows\Installer\21e7c2.msp
+ 2009-10-16 10:33 . 2009-10-16 10:33    424448              c:\windows\Installer\1e84e1.msi
- 2009-06-16 08:27 . 2009-10-15 18:26    888080              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    888080              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    272648              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    272648              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    922384              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    922384              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    845584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    845584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    217864              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-06-16 08:27 . 2009-10-16 10:40    217864              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-03 16:11 . 2009-04-03 16:11    408424              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2009-03-04 15:24 . 2009-03-04 15:24    282032              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCNPST64.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    273320              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\SCNPST32.DLL
+ 2009-03-06 00:06 . 2009-03-06 00:06    407904              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\RTFHTML.DLL
+ 2009-03-06 01:41 . 2009-03-06 01:41    589704              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PUBCONV.DLL
+ 2009-01-08 08:59 . 2009-01-08 08:59    624520              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PTXT9.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    420696              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PSTPRX32.DLL
+ 2008-10-25 04:21 . 2008-10-25 04:21    136072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PRTF9.DLL
+ 2009-10-15 17:58 . 2009-10-15 17:58    350064              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PPTPIA.DLL
+ 2009-04-03 16:04 . 2009-04-03 16:04    521064              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\POWERPNT.EXE
+ 2008-11-20 22:49 . 2008-11-20 22:49    169360              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLPH.DLL
+ 2009-03-06 00:05 . 2009-03-06 00:05    593288              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLMIME.DLL
+ 2008-10-30 19:24 . 2008-10-30 19:24    137552              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLCTL.DLL
+ 2009-03-06 02:55 . 2009-03-06 02:55    194448              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OMSXP32.DLL
+ 2009-03-06 02:55 . 2009-03-06 02:55    661888              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OMSMAIN.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    253808              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OLKFSTUB.DLL
+ 2008-11-03 22:04 . 2008-11-03 22:04    498072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    340304              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MIMEDIR.DLL
+ 2009-03-04 15:24 . 2009-03-04 15:24    138072              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\IMPMAIL.DLL
+ 2008-11-20 22:48 . 2008-11-20 22:48    155016              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\ENVELOPE.DLL
+ 2008-11-20 22:48 . 2008-11-20 22:48    116600              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\EMABLT32.DLL
+ 2009-03-06 00:05 . 2009-03-06 00:05    127336              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\CONTAB32.DLL
- 2009-10-15 17:58 . 2009-10-15 17:58    350064              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-10-16 10:39 . 2009-10-16 10:39    350064              c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46    1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46    1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-05-26 16:54 . 2009-05-26 16:54    4192768              c:\windows\Installer\21e828.msp
+ 2009-05-04 05:47 . 2009-05-04 05:47    9124864              c:\windows\Installer\21e810.msp
+ 2009-08-05 05:49 . 2009-08-05 05:49    3457024              c:\windows\Installer\21e7ec.msp
+ 2009-04-24 10:28 . 2009-04-24 10:28    4450816              c:\windows\Installer\21e7d7.msp
+ 2009-08-18 11:08 . 2009-08-18 11:08    1373696              c:\windows\Installer\21e7b0.msp
+ 2009-04-24 10:29 . 2009-04-24 10:29    9013760              c:\windows\Installer\21e765.msp
+ 2009-06-16 08:27 . 2009-10-16 10:40    1172240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-06-16 08:27 . 2009-10-15 18:26    1172240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-06-16 08:26 . 2009-10-16 10:40    1165584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-06-16 08:26 . 2009-10-15 18:26    1165584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-11-21 01:12 . 2008-11-21 01:12    3750256              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VVIEWER.DLL
+ 2008-10-25 07:35 . 2008-10-25 07:35    1847160              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\VVIEWDWG.DLL
+ 2009-04-03 16:04 . 2009-04-03 16:04    8468840              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\PPCORE.DLL
+ 2009-03-06 00:05 . 2009-03-06 00:05    2964336              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OLMAPI32.DLL
+ 2009-03-06 01:41 . 2009-03-06 01:41    9589096              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSPUB.EXE
+ 2008-11-20 21:06 . 2008-11-20 21:06    1194848              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2009-08-18 10:50 . 2009-08-18 10:50    12022272              c:\windows\Installer\21e79d.msp
+ 2009-04-03 16:11 . 2009-04-03 16:11    17740136              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2009-03-06 00:06 . 2009-03-06 00:06    12707696              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\OUTLOOK.EXE
+ 2009-04-03 16:11 . 2009-04-03 16:11    18330984              c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\EXCEL.EXE
.
-- Snapshot sat til dags dato --
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmer\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-10-11 77824]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"IntelWireless"="c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\programmer\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\programmer\r\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"DMXLauncher"="c:\programmer\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"EPSON Stylus C48 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE" [2005-05-17 99840]
"AppleSyncNotifier"="c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"lxdfmon.exe"="c:\programmer\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]
"lxdfamon"="c:\programmer\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\programmer\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Digital Line Detect.lnk - c:\programmer\Digital Line Detect\DLG.exe [2005-8-9 24576]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32 \smss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08    110592    ----a-w-    c:\programmer\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdfcoms.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\lxdfamon.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\frun.exe"=
"c:\\Programmer\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\LXDFFax.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\lxdfmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdftime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfjswx.exe"=
"c:\\Programmer\\Lexmark 6500 Series\\Wireless\\lxdfwpss.exe"=
"c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdfwbgw.exe"=
"c:\\WINDOWS\\SYSTEM~1\\smss.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [24-03-2009 12:02 55152]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [06-01-2009 17:28 99248]
S3 4f639401-eeb2-4df0-a153-af0e7446d7da;4f639401-eeb2-4df0-a153-af0e7446d7da;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?]
S3 fsssvc;Windows Live Family Safety;c:\programmer\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [06-01-2008 21:01 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8BB7AA-34B8-4058-85C7-5F750A62BE2D}]
c:\windows\system32\msiexec.exe  /fup {8D8BB7AA-34B8-4058-85C7-5F750A62BE2D} /q
.
Indhold af mappen 'Planlagte Opgaver'

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{6099E199-E4CE-4764-92DD-777B98C8E3C4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
.
.
------- Fil Associationer -------
.
exefile="c:\windows\system32 \smss.exe" "%1" %*
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-HijackThis - c:\documents and settings\Camilla Ravn\Skrivebord\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 11:21
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll
c:\programmer\Intel\Wireless\Bin\LgNotify.dll
.
Gennemført tid: 2009-10-17 11:23
ComboFix-quarantined-files.txt  2009-10-17 09:23
ComboFix2.txt  2009-10-16 10:05

Pre-Kørsel: 27.616.256.000 byte ledig
Post-Kørsel: 27.617.718.272 byte ledig

273    --- E O F ---    2009-10-16 10:40
Avatar billede anders-j Nybegynder
17. oktober 2009 - 12:02 #10
Start med at højreklik på denne computer -> egenskaber, vælg fanen system gendannelse, og fjern hakket, så den ikke gendanner.

Dernæst går du ind i

c:\windows\system32\drivers\etc

Herinde åbner du filen hosts med notepad.

Herinde står der en masse pladder..
Men under linjen:

127.0.0.1      localhost

Hvis der herunder står en masse adresser o lign. skal du fjerne dem, dog ikke ovenstående linje, kun alt under den.

Dernæst kører du først en omgang med malwarebytes, med systemscan, og når den så er færdig, så fjerner du det den har fundet, og genstarter i fejlsikret tilstand.

Kør én gang til med malwarebytes her, og se om den finder noget.
Gør den, så fjern det, og gør den ikke, så genstart og se hvad der så er sket.

De fleste vira lægger en masse adresser i filen hosts, så man ikke kan komme ind på div. virus scan sider mm. så derfor skulle de linjer slettes.

Vend tilbage når du har gjort dette.
Avatar billede anders-j Nybegynder
17. oktober 2009 - 12:03 #11
Hvis du fjerner virus/spyware osv. og systen gendannelse er sat til, så vil det bare være der igen efter en genstart, derfor jeg beder dig om at fjerne hakket i det.
Avatar billede annej Nybegynder
18. oktober 2009 - 20:05 #12
Øv øv. Har gjort nøjagtigt som du skrev - anders-j. Der stod dog intet andet i hostsfilen end

127.0.0.1      localhost

Mailwarebytes finder nøjagtigt de samme linjer som tidligere beskrevet, og jeg får stadig ikke lov til at installere antivirus.

Andre idéer?

Foreløbig tak for hjælpen:-)
Avatar billede annej Nybegynder
18. oktober 2009 - 20:11 #13
Her er for resten en frisk log fra HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:55, on 18-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32 \smss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Lexmark 6500 Series\lxdfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Lexmark 6500 Series\lxdfamon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Camilla Ravn\Skrivebord\Jack\jack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Programmer\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Programmer\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Programmer\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device -  - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Unknown owner - C:\Programmer\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CAMILL~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 10854 bytes
18. oktober 2009 - 20:30 #14
Så længe at der stadig et noget mere eller mindre aktivt Symantec/Norton kørende så vil det drille ...

Kør denne procedure -> http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/0/9a57cc9677c3957280256fe00051ba24?OpenDocument&seg=hm&lg=da&ct=dk

------------------------------------------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

Genstart normalt...

------------------------------------------------------------------------

Hvordan kører PC'en så nu ?
Avatar billede annej Nybegynder
19. oktober 2009 - 08:09 #15
God morgen :-)

Desværre ingen ændringer...

Sådan ser loggen ud nu:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:07:44, on 19-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\WINDOWS\system32\lxdfcoms.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32 \smss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
C:\Programmer\Lexmark 6500 Series\lxdfamon.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Lexmark 6500 Series\lxdfmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Camilla Ravn\Skrivebord\Jack\jack.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32 \smss.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Lexmark Værktøjslinje - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programmer\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmer\r\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 "EPSON Stylus C48 Series" /O6 "USB002" /M "Stylus C48"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Programmer\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Programmer\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Programmer\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device -  - C:\WINDOWS\system32\lxdfcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/CAMILL~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 10775 bytes
19. oktober 2009 - 08:42 #16
Øhhh - fik du 'fixet' i HiJackThis som beskrevet ?
Avatar billede annej Nybegynder
19. oktober 2009 - 09:02 #17
Ja, det har jeg, men når jeg klikker på Fix Checked sker der kun det at alle linier i loggen bliver slettet, og så er der en tomt felt. Der kommer ingen besked om, at nu er det fixet eller lignende. Tror måske det er virussen, der blokerer.

HijackThis ser præcis ud som hvis man åbner med knappen None of the above, just start the program i opstartsvinduet.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester



IT-JOB

Cognizant Technology Solutions Denmark ApS

Azure Architect

Københavns Professionshøjskole

Cloudarkitekt

Unik System Design A/S

Strategic Customer Success Manager