Nogle hjemmesider 'findes ikke'

Velkommen til E. ...

"Joooo - det skal vi nok klare sammen ..."

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Hej
Tjah - det kniber med at få fat på Malwarebytes. Min maskine kan selvfølgelig ikke tilgå de nævnte hjemmesider (har prøvet alle download-sites). Har i stedet downloadet på en anden maskine og mailet filen til den stationære. Når jeg så prøver at starte exe filen får jeg at vide at windows ikke har rettigheder til den !!

... Så kør nævnte HiJackThis i første omgang...

Hej igen,
Her er logfilen fra HiJackThis:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:29, on 17-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmer\Fælles filer\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Virusfighter\bin\Zanda.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Amitech NetBackup\SyncLive.exe
C:\Virusfighter\bin\NJEEVES.EXE
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Virusfighter\bin\ZLH.EXE
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Amitech NetBackup\SyncErr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Programmer\Amitech NetBackup\SyncMon.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Documents and Settings\Karsten Ydegaard\Dokumenter\Downloads\HiJackThis.exe
C:\Programmer\Amitech NetBackup\SyncQue.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programmer\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {54f6af0d-444e-48f6-9397-effa28d32465} - (no file)
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Virusfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SyncErr] C:\Programmer\Amitech NetBackup\SyncErr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programmer\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://externalnf.maerskdata.dk/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} (iolo.AV.OnlineVirusScanner) - http://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgDK2404.exe
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O20 - Winlogon Notify: winktf32 - winktf32.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Programmer\Fælles filer\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Virusfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Virusfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Virusfighter\bin\Zanda.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SyncLive - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncLive.exe
O23 - Service: SyncMon - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncMon.exe
O23 - Service: SyncQue - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncQue.exe
O24 - Desktop Component 0: (no name) - http://www.norefjell.com/webcams/pictures/ENONOREF_653.jpg
O24 - Desktop Component 1: (no name) - http://www.skeikampen.no/webcams/pictures/ENOSKEI_649.jpg

--
End of file - 9212 bytes

... nu viser en HiJackThis ikke 'alt' (Der er dog nogle 'snavs' elementer - dem tager vi senere...)

Nævnte Malwarebytes C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe OMDØBER du til eks C:\Programmer\Malwarebytes' Anti-Malware\BANAN.exe og SÅ start den...

og/eller

denne procedure ->
-- Hent Combofix fra et af disse links, og gem den på dit skrivebord (og derefter på andet passende medie for at overføre til den syge PC):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis HUGO.exe

-- Kør så combofix.exe (HUGO.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

.. jeg fandt Anti-Malware på CNET.COM, hvor den ikke var blokeret. Resultatet af 90 minutters scanning er:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

17-10-2009 23:45:47
mbam-log-2009-10-17 (23-45-47).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 241206
Tid tilbagelagt: 1 hour(s), 26 minute(s), 22 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 2
Inficerede Registeringsdatabase Nøgler: 24
Inficerede Registeringsdatabase Værdier: 3
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 12
Inficerede Filer: 30

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programmer\MySearch\bar\1.bin\S4PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d724f038-df89-4a1a-83d1-fd9164b78077} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{502f728b-67b8-409e-bceb-7ee8632f321a} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d2cd81e5-cc37-44b3-93b7-c52cb993ba34} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da295dae-fce7-4168-bcb8-edc3a433bd97} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ed40af28-f03f-492a-9542-e24945cd65aa} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e6bb8b70-8ad2-43b6-a952-83e462ce80de} (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winktf32 (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Documents and Settings\Jane Ydegaard\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jane Ydegaard\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Programmer\MySearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Programmer\MySearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Programmer\MySearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Programmer\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\MySearch\bar\1.bin\S4BAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\Karsten Ydegaard\Dokumenter\Downloads\setup(3).exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Dokumenter\Downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0A0979C-0068-48F9-863C-FA46C65A29C5}\RP28\A0016055.dll (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0A0979C-0068-48F9-863C-FA46C65A29C5}\RP28\A0016056.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0A0979C-0068-48F9-863C-FA46C65A29C5}\RP28\A0016057.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0A0979C-0068-48F9-863C-FA46C65A29C5}\RP28\A0016064.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E0A0979C-0068-48F9-863C-FA46C65A29C5}\RP28\A0016065.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpssc1.1.dll (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jane Ydegaard\Application Data\RegistrySmart\Log\2008 Oct 05 - 05_13_10 PM_859.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jane Ydegaard\Application Data\RegistrySmart\Log\2008 Oct 05 - 05_13_26 PM_406.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart\Log\2008 Oct 05 - 07_23_55 PM_281.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart\Log\2008 Oct 05 - 07_24_02 PM_750.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart\Registry Backups\2008-01-01_15-10-51.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Karsten Ydegaard\Application Data\RegistrySmart\Registry Backups\2008-10-02_20-16-02.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\1.bin\S4FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\1.bin\S4FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\1.bin\S4NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\1.bin\S4NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\1.bin\S4PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programmer\MySearch\bar\Cache\0005BB77 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\Cache\004A1276.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\Cache\004A191D.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programmer\MySearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Patch.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winktf32.dll (Trojan.Dialer) -> Quarantined and deleted successfully.
Og en ny HiJack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:49:04, on 17-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmer\Fælles filer\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Virusfighter\bin\Zanda.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Amitech NetBackup\SyncLive.exe
C:\Virusfighter\bin\NJEEVES.EXE
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Virusfighter\bin\ZLH.EXE
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Amitech NetBackup\SyncErr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Programmer\Amitech NetBackup\SyncMon.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Karsten Ydegaard\Dokumenter\Downloads\HiJackThis.exe
C:\Programmer\Amitech NetBackup\SyncQue.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programmer\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {54f6af0d-444e-48f6-9397-effa28d32465} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Virusfighter\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SyncErr] C:\Programmer\Amitech NetBackup\SyncErr.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programmer\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://externalnf.maerskdata.dk/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} (iolo.AV.OnlineVirusScanner) - http://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgDK2404.exe
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Programmer\Fælles filer\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Virusfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Virusfighter\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Virusfighter\bin\Zanda.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SyncLive - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncLive.exe
O23 - Service: SyncMon - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncMon.exe
O23 - Service: SyncQue - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncQue.exe
O24 - Desktop Component 0: (no name) - http://www.norefjell.com/webcams/pictures/ENONOREF_653.jpg
O24 - Desktop Component 1: (no name) - http://www.skeikampen.no/webcams/pictures/ENOSKEI_649.jpg

--
End of file - 9088 bytes

Nøøøøøj - MalwareBytes fik en del at se til der...

Hvordan er status så nu ?

... ellers ComboFix proceduren...

Ja, og jeg blev træt imens ;-). Men problemet er uændret at f.eks. Microsoft.dk ikke findes.

Filen
C:\Windows\System32\drivers\etc\hosts (også Skjulte/system mapper/filer)
er nok blevet 'pillet' ved *S* - derfor:

Hent filen http://www.funkytoad.com/download/HostsXpert.zip
Pak den ud til passende placering og kør filen HostsXpert.

Klik på "Restore Original Hosts" for at restore filen til dens oprindelige standard indhold.

Ja, undervejs har jeg prøvet at lægge www.microsoft.dk ind i Host filen for at se om det ændrede noget - det gjorde det ikke. Har kørt HostsXpert: no change

Hvordan ser filen:
C:\Windows\System32\drivers\etc\hosts (også Skjulte/system mapper/filer)
ud ? (Åbnes med Notepad)

# Copyright © 1993-1999 Microsoft Corp.
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# 
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# 
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
# 
# For example:
# 
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# 
127.0.0.1 localhost

ComboFix proceduren !!!

Se #5 ...

OK - jeg prøver. Men må lige klare et par andre ting - vender tilbage i aften

Hej... har kørt Combofix og fik adgang til www.microsoft.com - opdaterede straks min virusscanner og har scannet disk et par gange. Der er igen lukket ned for Microsoft, Norman og en masse andet. Her er Combofix loggen og en frisk HiJackThis log:
ComboFix 09-10-16.09 - Karsten Ydegaard 18-10-2009 11:56.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.45.1030.18.511.229 [GMT 2:00]
Kører fra: c:\documents and settings\Karsten Ydegaard\Dokumenter\PC\KVY.exe
AV: VIRUSfighter ver. 5.80 *On-access scanning enabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karsten Ydegaard\Application Data\Desktopicon
c:\documents and settings\Karsten Ydegaard\Application Data\Desktopicon\eBayShortcuts.exe
c:\programmer\INSTALL.LOG
c:\recycler\S-1-5-21-3952667337-2119979879-3970303382-1003
c:\windows\Installer\eeee0.msi
c:\windows\system32\ntSVc.ocx

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-09-18 til 2009-10-18  )))))))))))))))))))))))))))))))))))
.

2009-10-18 09:50 . 2009-10-18 09:52    --------    d-----w-    C:\KVY
2009-10-17 20:17 . 2009-10-17 20:17    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\Malwarebytes
2009-10-17 20:17 . 2009-09-10 12:54    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 20:17 . 2009-10-17 20:17    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-10-17 20:17 . 2009-10-17 20:17    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 20:17 . 2009-09-10 12:53    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-10-17 16:45 . 2009-10-17 16:45    --------    d-----w-    c:\programmer\CCleaner
2009-10-14 15:57 . 2009-10-14 15:57    --------    d-----w-    c:\programmer\Fælles filer\Authentium
2009-10-14 15:57 . 2009-10-14 15:57    --------    d-----w-    c:\programmer\iolo
2009-10-14 15:57 . 2009-10-14 15:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\iolo
2009-10-14 15:57 . 2009-10-14 15:57    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\iolo
2009-10-04 14:51 . 2009-10-04 14:51    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\SmartFTP
2009-10-04 14:50 . 2009-10-04 14:50    --------    d-----w-    c:\programmer\SmartFTP Client
2009-10-04 14:48 . 2009-10-04 14:48    --------    d-----w-    c:\programmer\SmartFTP Client 2.5 Setup Files
2009-10-04 14:38 . 2009-10-04 14:38    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Lokale indstillinger\Application Data\SyncEdit
2009-10-04 13:51 . 2009-10-04 13:51    --------    d-----w-    c:\windows\l2schemas
2009-10-04 13:51 . 2009-10-04 13:51    --------    d-----w-    c:\windows\system32\da
2009-10-04 13:09 . 2009-10-04 13:10    --------    d-----w-    C:\Virusfighter
2009-10-04 08:47 . 2009-10-04 11:04    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\Mp3tag
2009-10-04 08:47 . 2009-10-04 08:47    --------    d-----w-    c:\programmer\Mp3tag
2009-09-22 19:00 . 2009-10-14 19:08    --------    d-----w-    c:\programmer\Amitech NetBackup
2009-09-22 18:18 . 2009-10-04 08:06    --------    d-----w-    c:\windows\system32\NtmsData

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 10:07 . 2009-10-18 10:07    4096    ----a-w-    c:\windows\system32\03.tmp
2009-10-04 14:16 . 2003-08-02 09:23    63214    ----a-w-    c:\windows\system32\perfc006.dat
2009-10-04 14:16 . 2003-08-02 09:23    396140    ----a-w-    c:\windows\system32\perfh006.dat
2009-10-04 14:10 . 2005-11-22 13:30    96384    ----a-w-    c:\windows\system32\drivers\sptd9741.sys
2009-09-14 20:16 . 2004-03-10 20:38    --------    d-----w-    c:\programmer\Lavasoft
2009-09-14 20:16 . 2004-10-30 19:41    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\Lavasoft
2009-09-14 20:15 . 2006-06-26 17:48    --------    d-----w-    c:\programmer\CodeStuff
2009-09-14 20:09 . 2006-06-12 15:01    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\SUPERAntiSpyware.com
2009-09-14 20:08 . 2006-05-17 19:38    --------    d-----w-    c:\programmer\Fælles filer\Wise Installation Wizard
2009-09-14 17:08 . 2003-09-24 14:50    --------    d-----w-    c:\programmer\SkoleKom
2009-09-01 18:20 . 2009-09-01 17:59    --------    d-----w-    c:\documents and settings\Karsten Ydegaard\Application Data\AccurateRip
2009-09-01 17:59 . 2009-09-01 17:59    --------    d-----w-    c:\programmer\Exact Audio Copy
2009-08-31 17:32 . 2005-01-11 18:14    --------    d-----w-    c:\programmer\Winamp
2009-08-30 17:32 . 2004-09-11 15:38    --------    d-----w-    c:\programmer\Java
2009-08-23 14:56 . 2009-08-23 14:56    4096    ----a-w-    c:\windows\system32\02.tmp
2009-07-25 03:23 . 2008-12-03 15:29    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-03-21 14:21 . 2003-08-02 09:23    157577    --sha-r-    c:\windows\system32\mhxiw.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\ati-cpanel\atiptaxx.exe" [2003-06-05 335872]
"Norman ZANDA"="c:\virusfighter\bin\ZLH.EXE" [2005-03-07 135168]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ArcSoft Connection Service"="c:\programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Software Update"="c:\programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Share-to-Web Namespace Daemon"="c:\programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"CamMonitor"="c:\programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-06 90112]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"SyncErr"="c:\programmer\Amitech NetBackup\SyncErr.exe" [2008-05-16 280576]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jane Ydegaard\Menuen Start\Programmer\Start\
Webshots.lnk - c:\programmer\Webshots\Launcher.exe [2004-2-22 45056]

c:\documents and settings\Karsten Ydegaard\Menuen Start\Programmer\Start\
Webshots.lnk - c:\programmer\Webshots\Launcher.exe [2004-2-22 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4609:TCP"= 4609:TCP:bnvulush

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [16-09-2003 20:38 9344]
S2 nzcqrhwz;Center Network;c:\windows\system32\svchost.exe -k netsvcs [02-08-2003 11:23 14336]
S2 SyncLive;SyncLive;c:\programmer\Amitech NetBackup\SyncLive.exe [10-04-2007 10:14 23552]
S2 SyncMon;SyncMon;c:\programmer\Amitech NetBackup\SyncMon.exe [06-05-2008 11:42 69120]
S2 SyncQue;SyncQue;c:\programmer\Amitech NetBackup\SyncQue.exe [06-05-2008 12:30 237568]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [16-09-2003 20:38 468480]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
nzcqrhwz
.
Indhold af mappen 'Planlagte Opgaver'

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
.
.
------- Yderligere scanning -------
.
uStart Page = www.google.com
mSearch Bar =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {A590956F-AE99-4419-BB39-3C721276C625} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
DPF: {F9408298-9658-482C-8B02-93F09A80225F} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
FF - ProfilePath - c:\documents and settings\Karsten Ydegaard\Application Data\Mozilla\Firefox\Profiles\m5bh5trs.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:da:official
FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\programmer\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

Toolbar-{54f6af0d-444e-48f6-9397-effa28d32465} - (no file)
WebBrowser-{54F6AF0D-444E-48F6-9397-EFFA28D32465} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 12:07
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nzcqrhwz]
"ServiceDll"="c:\windows\system32\mhxiw.dll"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1495406720-3153813357-156863503-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6FFB0C0E-568A-BA03-C93E-4B55AD702C68}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaojdekipdafhehehheg"=hex:6b,61,6b,65,62,6b,62,69,63,64,62,6d,6e,66,6a,6a,6d,
  68,69,65,6a,6d,00,01
"iaijjdjhdijbenemcf"=hex:6b,61,6d,65,61,6a,63,61,69,68,61,62,62,6b,70,6c,68,63,
  70,6b,66,67,00,01
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\programmer\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programmer\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\programmer\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
c:\programmer\Fælles filer\Authentium\AntiVirus\dvpapi.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\virusfighter\Bin\Zanda.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe
c:\programmer\Webshots\Webshots.scr
c:\programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\programmer\Windows Media Player\wmpnetwk.exe
c:\windows\system32\msiexec.exe
c:\virusfighter\Bin\Njeeves.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Gennemført tid: 2009-10-18 12:12 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-10-18 10:12

Pre-Kørsel: 65.875.177.472 byte ledig
Post-Kørsel: 68.761.825.280 byte ledig

188    --- E O F ---    2009-10-04 14:04


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:20, on 18-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Virusfighter\Npm\bin\ELOGSVC.EXE
C:\Virusfighter\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Media Player\WMPNetwk.exe
C:\Virusfighter\Npm\bin\NJEEVES.EXE
C:\Virusfighter\Nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Virusfighter\Nvc\BIN\NVCSCHED.EXE
C:\Virusfighter\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Virusfighter\Npm\bin\ZLH.EXE
C:\Virusfighter\Nvc\BIN\NIP.EXE
C:\Virusfighter\Nvc\bin\cclaw.exe
C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Amitech NetBackup\SyncErr.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Virusfighter\Nvc\BIN\nvcod.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Karsten Ydegaard\Dokumenter\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programmer\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Virusfighter\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SyncErr] C:\Programmer\Amitech NetBackup\SyncErr.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Programmer\Webshots\Launcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programmer\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://externalnf.maerskdata.dk/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {819F8533-D935-4183-B692-587F8D56AC3C} (iolo.AV.OnlineVirusScanner) - http://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Programmer\Fælles filer\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Programmer\Fælles filer\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Virusfighter\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Virusfighter\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Virusfighter\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Virusfighter\Nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Virusfighter\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Virusfighter\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SyncLive - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncLive.exe
O23 - Service: SyncMon - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncMon.exe
O23 - Service: SyncQue - Amitech Danmark A/S - C:\Programmer\Amitech NetBackup\SyncQue.exe
O24 - Desktop Component 0: (no name) - http://www.norefjell.com/webcams/pictures/ENONOREF_653.jpg
O24 - Desktop Component 1: (no name) - http://www.skeikampen.no/webcams/pictures/ENOSKEI_649.jpg

--
End of file - 9321 bytes

Øhhhh - du har lige 'lukket' tråden - se #2 ... ???

Ups. Det var ikke meningen.