Hvorfor kan jeg ikke bruge computeren men min kone kan godt

sku lige sige at jeg har xp-home styresystem

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

(Jooo - jeg har 'virus' på hjernen...)


PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe


Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

skal den gemmes på min kones konto eftersom jeg kan ikke bruge min =

skal psse sige at jeg har en antivirus program så kaldt sikkerhedspakke som jeg betaler til TDC

jeg fatter ikke en pind , men har hentet HiJackThis.exe og scannet og så kommer der en hel masse alt muligt som jeg ikke ved hvad ska gøre med.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:03, on 28-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\npm\bin\ZLH.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\ANNIE\Skrivebord\Ny mappe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.skolenetvaerket.dk/index.php?id=38078
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Programmer\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programmer\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - blank (file missing)
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Programmer\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programmer\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\Online Backup Manager\bin\SystemTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150918603890
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AshampooDefragService -  - C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: Online Backup Scheduler (OnlineBackupScheduler) - Unknown owner - C:\Programmer\Online Backup Manager\bin\Scheduler.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe

--
End of file - 10831 bytes

Er det nu dette jeg sku gøre?

Jeps - det er korrekt. En 'scanningen' så også foretaget på din kones (ANNIE?) Login ?

Det skal gøres på den 'dårlige' login - altså din...

PS: Jeg kan se at du - måske mere eller mindre mod din vilje - har installeret [Yahoo Toolbar] ?
Den er dog ikke 'farlig', men bare et irriterende program/toolbar som bare fylder op .
Hvis du vil slippe af med den kan du følge guiden herfra ->
http://support.microsoft.com/kb/303047

Jeg har kørt scanningen på Annie's login fordi jeg kan ju ikke bruge min login. Så hvad gør jeg ved det?

... det bør/skal være din Login da det er den der er 'syg' ...

Ellers må du foretage proceduren herfra -> http://www.eksperten.dk/artikler/1123 via Annie's login ... så får vi se/læse ...

ok jeg prøver

jeg kan ikke installere programmer fordi den skriver error 1303
File:sasdifsk.sys
size 5632

Er der kun et at gøre ? nemlig formatere eller?????????????????

File:sasdifsk.sys - for alle programmer ???

Hvad med at 'bare' køre HiJackThis.exe i DIN Login ???

Det kan jeg ikke ingenting fungerer på min login

nu kan jeg logge in på min konto men tager lang tid og så genstarter det efter 15min.
Hvordan kunne jeg gøre HijackThis.exe

... det burde kunne lade sig gøre at skyde HiJackThis af inden for de ~15 minutter *S*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:56, on 30-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
C:\Norman\npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npc\bin\npcsvc32.exe
C:\Norman\npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\npm\bin\ZLH.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\Rainlendar\Rainlendar.exe
C:\Norman\nvc\bin\cclaw.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Norman\npf\bin\npfuser.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/?partnerid=msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Programmer\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programmer\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - blank (file missing)
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Programmer\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programmer\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\Online Backup Manager\bin\SystemTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AshSnap] C:\Programme\Ashampoo\Ashampoo Magical Snap\ashsnap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Ashampoo Magical Defrag.lnk = C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150918603890
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AshampooDefragService -  - C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: Online Backup Scheduler (OnlineBackupScheduler) - Unknown owner - C:\Programmer\Online Backup Manager\bin\Scheduler.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) - http://www.teneriferie.dk/images/spanskflag.gif

--
End of file - 12205 bytes

Nu lykkedes det vel at sende de filer fra min egen login.

Det var ju sådan at det tog måske 14 min når man hade trykket feks. start før det skete noget og så var der kun et minut tilbage at gå videre før det genstartede. Men nu har jeg så lagt ud med det der LOGFILER så jeg venter spændt at høre fra er, fordi maskinen genstarter stadig en gang imellem.

Her er det nye fra mit login

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:42, on 01-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Norman\npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npm\bin\NJEEVES.EXE
C:\Norman\npc\bin\npcsvc32.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\npm\bin\ZLH.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Norman\nvc\bin\cclaw.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Rainlendar\Rainlendar.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/?partnerid=msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Programmer\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programmer\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - blank (file missing)
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Programmer\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Programmer\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\Online Backup Manager\bin\SystemTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AshSnap] C:\Programme\Ashampoo\Ashampoo Magical Snap\ashsnap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150918603890
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AshampooDefragService - Unknown owner - C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: Online Backup Scheduler (OnlineBackupScheduler) - Unknown owner - C:\Programmer\Online Backup Manager\bin\Scheduler.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) - http://www.teneriferie.dk/images/spanskflag.gif

--
End of file - 11848 bytes

Afinstaller Morpheus og evt. andre fildelingsprogrammer.
Hent Combofix, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-- Kør så combofix.exe, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind, sammen med en frisk Hijackthislog.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:27, on 01-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Norman\npm\Bin\Zanda.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\npc\bin\npcsvc32.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\npm\bin\ZLH.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\Norman\nvc\bin\cclaw.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Rainlendar\Rainlendar.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Norman\npf\bin\npfuser.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/?partnerid=msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - blank (file missing)
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\system32\autorun.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AhsayBackupManager] C:\Programmer\Online Backup Manager\bin\SystemTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\RunOnce: [MorpheusToolbar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AshSnap] C:\Programme\Ashampoo\Ashampoo Magical Snap\ashsnap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150918603890
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AshampooDefragService - Unknown owner - C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: Online Backup Scheduler (OnlineBackupScheduler) - Unknown owner - C:\Programmer\Online Backup Manager\bin\Scheduler.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) - http://www.teneriferie.dk/images/spanskflag.gif

--
End of file - 11666 bytes

ComboFix 07-09-21.2 - "Administrator" 2007-10-01 21:53:41.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.834 [GMT 2:00]
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\autorun.ini

.
(((((((((((((((((((((((((  Files Created from 2007-09-01 to 2007-10-01  )))))))))))))))))))))))))))))))
.

2007-10-01 21:32    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-01 21:29    237,568    --a------    C:\Programmer\Uninstall Morpheus Toolbar.dll
2007-10-01 14:07    <DIR>    d--------    C:\DOCUME~1\ANNIE\APPLIC~1\Ashampoo
2007-09-30 21:50    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
2007-09-30 21:33    <DIR>    dr-------    C:\DOCUME~1\ADMINI~1\Menuen Start
2007-09-30 21:33    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Skabeloner
2007-09-30 21:33    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Printere
2007-09-30 21:33    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-09-30 21:33    <DIR>    d--h-----    C:\DOCUME~1\ADMINI~1\Andre computere
2007-09-30 21:33    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Skrivebord
2007-09-30 21:33    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Foretrukne
2007-09-30 21:33    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\Dokumenter
2007-09-30 21:20    <DIR>    d--------    C:\Programmer\Trend Micro
2007-09-28 10:43    <DIR>    d--------    C:\Programmer\F‘lles filer\Skype
2007-09-20 10:14    <DIR>    d--------    C:\Programmer\Barrel Mania
2007-09-07 10:49    <DIR>    d--------    C:\Programmer\Scan2PDF
2007-09-05 10:27    0    --a------    C:\WINDOWS\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 21:42    ---------    d--------    C:\Programmer\Ahead
2007-10-01 10:37    ---------    d--------    C:\Programmer\Ashampoo
2007-09-30 22:18    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-30 16:17    ---------    d--------    C:\Programmer\Spyware Doctor
2007-09-30 15:55    ---------    d--------    C:\Programmer\IrfanView
2007-09-28 10:43    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-08 10:20    ---------    d--------    C:\Programmer\Paint.NET
2007-08-31 14:07    ---------    d--------    C:\Programmer\Team MediaPortal
2007-08-30 10:36    ---------    d--------    C:\Programmer\Picasa2
2007-08-29 14:48    ---------    d--------    C:\Programmer\Softland
2007-08-29 14:29    43672    --a------    C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-08-28 20:59    ---------    d--------    C:\Programmer\123hjemmeside MultiUploader
2007-08-23 13:10    ---------    d--------    C:\Programmer\Google
2007-08-23 09:07    ---------    d--------    C:\Programmer\Norton Security Scan
2007-08-23 09:07    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-21 11:29    ---------    d--------    C:\Programmer\TDC
2007-08-15 16:10    ---------    d--------    C:\DOCUME~1\ANNIE\APPLIC~1\HP
2007-08-15 16:10    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-10 12:00    ---------    d--------    C:\Programmer\Microsoft Windows Vista Upgrade Advisor
2007-08-10 12:00    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
    ---------        C:\Programmer\Fælles filer\supportsoft
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer\HP
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-436325722327}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Norman ZANDA"="C:\Norman\npm\bin\ZLH.exe" [2006-10-16 11:43]
"NPCTray"="C:\Norman\npc\bin\npc_tray.exe" [2006-08-30 17:09]
"Home Theater SchSvr"="C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 13:38]
"Soltek"="C:\WINDOWS\system32\autorun.exe" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"AhsayBackupManager"="C:\Programmer\Online Backup Manager\bin\SystemTray.exe" []
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-08-22 15:45]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 09:29]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"DXDllRegExe"="dxdllreg.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"MorpheusToolbar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Gamma Loader.exe.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-21 09:21:50]
Google Updater.lnk - C:\Programmer\Google\Google Updater\GoogleUpdater.exe [2007-08-23 09:06:32]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
S1 TDI_RD;Norman Firewall TDI driver;\??\C:\WINDOWS\system32\drivers\TDI_RD.SYS
S2 CmosTime;CmosTime;\??\C:\WINDOWS\system32\CmosTime.sys
S2 Ndiskio;Ndiskio;\??\C:\Norman\Nse\bin\NDISKIO.SYS
S2 NPFSvc32;Norman Personal Firewall Service;"C:\Norman\npf\bin\npfsvc32.exe"
S2 NVOY;Norman V.O.Y.;C:\Norman\npm\bin\nvoy.exe
S2 OnlineBackupScheduler;Online Backup Scheduler;C:\Programmer\Online Backup Manager\bin\Scheduler.exe
S3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
S3 NPC;Norman Parental Control;C:\Norman\npc\bin\npcsvc32.exe
S3 NUAA;Norman User Activity Agent;C:\Norman\npc\bin\nuaa.exe
S3 nvcfsr;nvcfsr;\??\C:\Norman\Nvc\bin\nvcfsr.sys
S3 nvcoafl51;nvcoafl51;\??\C:\Norman\Nvc\bin\nvcoafl51.sys
S3 nvcoaft51;nvcoaft51;\??\C:\Norman\Nvc\bin\nvcoaft51.sys
S3 nvcoarc51;nvcoarc51;\??\C:\Norman\Nvc\bin\nvcoarc51.sys
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE
S3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 SANDRA;SANDRA;\??\C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\Sandra.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 07:48:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmer\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-01 21:56:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NUAA]
"ImagePath"="C:\Norman\npc\bin\nuaa.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\viaagp1]
"ImagePath"="system32\DRIVERS\viaagp1.sys"
.
Completion time: 2007-10-01 21:57:14
C:\ComboFix-quarantined-files.txt ... 2007-10-01 21:56
.
    --- E O F ---

Nu lykkedes det at køre ccleaner og avg antispyvare program men compofix vil ikke rigtigt endnu
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    12:06:59 02-10-2007

+ Scan result:   



C:\WINDOWS\system32\SearchTool\uninstallSE.exe -> Adware.Beginto : Ignored.
C:\WINDOWS\system32\SmartShopper\uninstallSE.exe -> Adware.Beginto : Ignored.
C:\Documents and Settings\ANNIE\Cookies\annie@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@hit.gemius[2].txt -> TrackingCookie.Gemius : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@guide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Cookies\system@skype[2].txt -> TrackingCookie.Skype : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\ANNIE\Cookies\annie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

Hvor kan jeg finde compofix?
Min login fungerer nu fint computeren genstarter ikke mere og alle programmer kører godt. Så ved jeg ikke hvorvidt det er nødvendigt at køre compofix og rootchk og hijackthis

ComboFix 07-10-02.2 - Seppo 2007-10-02 16:36:38.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.524 [GMT 2:00]
Running from: C:\Documents and Settings\Seppo\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-09-02 to 2007-10-02  )))))))))))))))))))))))))))))))
.

2007-10-02 09:49    <DIR>    d--------    C:\Programmer\Yahoo!
2007-10-02 09:49    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-01 22:25    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-01 21:32    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-01 21:29    237,568    --a------    C:\Programmer\Uninstall Morpheus Toolbar.dll
2007-10-01 14:07    <DIR>    d--------    C:\Documents and Settings\ANNIE\Application Data\Ashampoo
2007-10-01 13:58    <DIR>    d--------    C:\Documents and Settings\Seppo\Application Data\Ashampoo
2007-09-30 21:50    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
2007-09-30 21:33    <DIR>    dr-------    C:\Documents and Settings\Administrator\Menuen Start
2007-09-30 21:33    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Skabeloner
2007-09-30 21:33    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Printere
2007-09-30 21:33    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Lokale indstillinger
2007-09-30 21:33    <DIR>    d--h-----    C:\Documents and Settings\Administrator\Andre computere
2007-09-30 21:33    <DIR>    d--------    C:\Documents and Settings\Administrator\Skrivebord
2007-09-30 21:33    <DIR>    d--------    C:\Documents and Settings\Administrator\Foretrukne
2007-09-30 21:33    <DIR>    d--------    C:\Documents and Settings\Administrator\Dokumenter
2007-09-30 21:20    <DIR>    d--------    C:\Programmer\Trend Micro
2007-09-28 10:43    <DIR>    d--------    C:\Programmer\F‘lles filer\Skype
2007-09-20 10:14    <DIR>    d--------    C:\Programmer\Barrel Mania
2007-09-07 10:49    <DIR>    d--------    C:\Programmer\Scan2PDF
2007-09-05 10:27    0    --a------    C:\WINDOWS\nsreg.dat
2007-09-05 10:27    <DIR>    d--------    C:\Documents and Settings\Seppo\Application Data\Talkback

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 23:19    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-01 21:42    ---------    d--------    C:\Programmer\Ahead
2007-10-01 10:37    ---------    d--------    C:\Programmer\Ashampoo
2007-09-30 16:17    ---------    d--------    C:\Programmer\Spyware Doctor
2007-09-30 15:55    ---------    d--------    C:\Programmer\IrfanView
2007-09-28 10:43    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Skype
2007-09-28 10:42    ---------    d--------    C:\Documents and Settings\Seppo\Application Data\Ashampoo Photo Commander 4
2007-09-21 13:49    ---------    d--------    C:\Documents and Settings\Seppo\Application Data\Skype
2007-09-08 10:20    ---------    d--------    C:\Programmer\Paint.NET
2007-08-31 14:07    ---------    d--------    C:\Programmer\Team MediaPortal
2007-08-30 10:36    ---------    d--------    C:\Programmer\Picasa2
2007-08-29 14:48    ---------    d--------    C:\Programmer\Softland
2007-08-29 14:29    43672    --a------    C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-08-28 20:59    ---------    d--------    C:\Programmer\123hjemmeside MultiUploader
2007-08-23 13:10    ---------    d--------    C:\Programmer\Google
2007-08-23 09:07    ---------    d--------    C:\Programmer\Norton Security Scan
2007-08-23 09:07    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Google
2007-08-21 11:29    ---------    d--------    C:\Programmer\TDC
2007-08-16 10:27    ---------    d--------    C:\Documents and Settings\Seppo\Application Data\wsInspector
2007-08-15 16:10    ---------    d--------    C:\Documents and Settings\ANNIE\Application Data\HP
2007-08-15 16:10    ---------    d--------    C:\Documents and Settings\All Users\Application Data\HP
2007-08-10 12:00    ---------    d--------    C:\Programmer\Microsoft Windows Vista Upgrade Advisor
2007-08-10 12:00    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
    ---------        C:\Programmer\Fælles filer\supportsoft
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer\HP
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((  snapshot_2007-10-01_215622,03  )))))))))))))))))))))))))))))))))))))))))
.
----a-w          135,168 2007-09-28 07:06:08  C:\WINDOWS\catchme.exe
----a-w          844,800 2007-07-22 16:39:27  C:\WINDOWS\system32\swreg.exe
.
----a-w          109,056 2007-07-19 22:47:22  C:\WINDOWS\catchme.exe
----a-w          279,552 2007-07-22 16:39:27  C:\WINDOWS\system32\swreg.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-436325722327}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"Norman ZANDA"="C:\Norman\npm\bin\ZLH.exe" [2006-10-16 11:43]
"NPCTray"="C:\Norman\npc\bin\npc_tray.exe" [2006-08-30 17:09]
"Home Theater SchSvr"="C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 13:38]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" []
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-08-22 15:45]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-23 09:29]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"DXDllRegExe"="dxdllreg.exe" []
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 09:57]
"AshSnap"="C:\Programme\Ashampoo\Ashampoo Magical Snap\ashsnap.exe" []

C:\Documents and Settings\Seppo\Menuen Start\Programmer\Start\
Rainlendar.lnk - C:\Programmer\Rainlendar\Rainlendar.exe [2006-01-21 14:31:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 NDIS_RD;Norman Firewall NDIS driver;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys
R1 TDI_RD;Norman Firewall TDI driver;\??\C:\WINDOWS\system32\drivers\TDI_RD.SYS
R2 CmosTime;CmosTime;\??\C:\WINDOWS\system32\CmosTime.sys
R2 Ndiskio;Ndiskio;\??\C:\Norman\Nse\bin\NDISKIO.SYS
R2 NPFSvc32;Norman Personal Firewall Service;"C:\Norman\npf\bin\npfsvc32.exe"
R2 NVOY;Norman V.O.Y.;C:\Norman\npm\bin\nvoy.exe
R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
R3 NPC;Norman Parental Control;C:\Norman\npc\bin\npcsvc32.exe
R3 NUAA;Norman User Activity Agent;C:\Norman\npc\bin\nuaa.exe
R3 nvcfsr;nvcfsr;\??\C:\Norman\Nvc\bin\nvcfsr.sys
R3 nvcoafl51;nvcoafl51;\??\C:\Norman\Nvc\bin\nvcoafl51.sys
R3 nvcoaft51;nvcoaft51;\??\C:\Norman\Nvc\bin\nvcoaft51.sys
R3 nvcoarc51;nvcoarc51;\??\C:\Norman\Nvc\bin\nvcoarc51.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe
R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S2 OnlineBackupScheduler;Online Backup Scheduler;C:\Programmer\Online Backup Manager\bin\Scheduler.exe
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE
S3 SANDRA;SANDRA;\??\C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\Sandra.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 07:48:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmer\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 16:39:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NUAA]
"ImagePath"="C:\Norman\npc\bin\nuaa.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\viaagp1]
"ImagePath"="system32\DRIVERS\viaagp1.sys"
.
Completion time: 2007-10-02 16:40:34
C:\ComboFix-quarantined-files.txt ... 2007-10-02 16:40
C:\ComboFix2.txt ... 2007-10-01 21:57
.
    --- E O F ---

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
02-10-2007 19:16:31,93

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 19:16:32
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - blank (file missing)
O2 - BHO: ohb Class - {5ED7D3DE-6DBE-4516-8712-436325722327} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
---------------------------------------
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog.

Nu er igen lidt problemer fodi min login er begynd at genstarte igen. Men det lykkerdes at komme til det at jeg fik fjernet de6 linier med fix cheked.
Men nu siger du at jeg skal scanne igen men programmet er meget stor i fejlsikret tikstand og jeg kan ikke rigtigt førstå og se det med prik i perform complete scan?

SUPERAntiSpyware Scan Log
Generated 10/03/2007 at 09:57 AM

Application Version : 3.5.1016

Core Rules Database Version : 3165
Trace Rules Database Version: 1176

Scan type      : Complete Scan
Total Scan Time : 00:32:52

Memory items scanned      : 174
Memory threats detected  : 0
Registry items scanned    : 5488
Registry threats detected : 0
File items scanned        : 33876
File threats detected    : 49

Adware.Tracking Cookie
    C:\Documents and Settings\Seppo\Cookies\seppo@serving-sys[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@doubleclick[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@ad1.emediate[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@advertising[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@track.adform[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@adtech[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@bs.serving-sys[2].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@adfair[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@ads.gamers-globe[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@adserver.banneradministration[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@adtech[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@bs.serving-sys[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@click.tdc-online[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@doubleclick[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@imrworldwide[2].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@server.iad.liveperson[3].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@serving-sys[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@track.adform[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@www.googleadservices[1].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@www.googleadservices[2].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@www.googleadservices[3].txt
    C:\Documents and Settings\ANNIE\Cookies\annie@xiti[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@ad.ofir[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@ad1.emediate[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@adfair[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@ads.estart[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@ads2.jubii[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@adserver.banneradministration[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@adservicemedia[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@adultfriendfinder[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@adultlounge[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@analsexpiger[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@azjmp[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@bonnier.banneradministration[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@click.tdc-online[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@gallys.legsex[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@imrworldwide[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@indextools[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@legsex[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@sexaben[3].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@sexfriends[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@stat.postdanmark[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@track.adform[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@www.googleadservices[1].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@www.googleadservices[2].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@www.googleadservices[3].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@www.googleadservices[4].txt
    C:\Documents and Settings\Seppo\Cookies\seppo@www.sexlir[1].txt

Trojan.Security Toolbar
    C:\Documents and Settings\Seppo\Foretrukne\Antivirus Test Online.url

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:34, on 03-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Norman\npm\bin\ZLH.EXE
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Norman\npm\Bin\Zanda.exe
C:\Programmer\Rainlendar\Rainlendar.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\nvc\BIN\NIP.EXE
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\npc\bin\npcsvc32.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\npm\bin\NJEEVES.EXE
C:\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\nvc\bin\cclaw.exe
C:\Norman\npf\bin\npfuser.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk/?partnerid=msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150918603890
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AshampooDefragService - Unknown owner - C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: Online Backup Scheduler (OnlineBackupScheduler) - Unknown owner - C:\Programmer\Online Backup Manager\bin\Scheduler.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O24 - Desktop Component 0: (no name) - http://www.teneriferie.dk/images/spanskflag.gif

--
End of file - 10523 bytes

Loggen er ren, men der var en "grimmert" i SaS loggen, så for en sikkerheds skyld:
Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Eller her:
http://72.232.135.12/siri/SmitfraudFix.exe
Til roden af C:drevet

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


Dobbeltklik på C:\Smitfraud exe. Vælg option #2 - Clean.
Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden sammen med en ny hijackthis log

Til roden af C:drevet ??????
Kopier denne ind i tråden ????

SmitFraudFix v2.235

Scan done at 16:16:07,39, 03-10-2007
Run from C:\Documents and Settings\All Users\Dokumenter\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA PCI 10/100Mb Fast Ethernet-netværkskort - Miniport til Packet Scheduler
DNS Server Search Order: 193.162.153.164
DNS Server Search Order: 194.239.134.83

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D736A14A-3762-40BE-9E99-2C9EAC506124}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D736A14A-3762-40BE-9E99-2C9EAC506124}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D736A14A-3762-40BE-9E99-2C9EAC506124}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
o nej det sku vare i fejlsikkert tilstand jeg gør det om igen

her er den i fejlsikret tilstand lavet:
SmitFraudFix v2.235

Scan done at 16:16:07,39, 03-10-2007
Run from C:\Documents and Settings\All Users\Dokumenter\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA PCI 10/100Mb Fast Ethernet-netværkskort - Miniport til Packet Scheduler
DNS Server Search Order: 193.162.153.164
DNS Server Search Order: 194.239.134.83

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D736A14A-3762-40BE-9E99-2C9EAC506124}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D736A14A-3762-40BE-9E99-2C9EAC506124}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D736A14A-3762-40BE-9E99-2C9EAC506124}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

og her hijacjthis osse lavet i fejlsikret tilstand.Jeg hoper det var meningen at gøre sådan.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:51, on 03-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Seppo\Skrivebord\Virus beskyttelse\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainlendar.lnk = C:\Programmer\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\norman\npc\bin\nlf.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (Snapfish Drag and Drop upload plugin) - http://www.pixaco.dk/static/download/pixacodndupload.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4445EA6A-9008-40D5-9160-035FDE5214C4} (MultiUpload Class) - http://www.123hjemmeside.dk/builder/pages/Mpu-dk-1-0-0-8.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/15.11/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150918603890
O16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) - http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AshampooDefragService - Unknown owner - C:\Programmer\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman V.O.Y. (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: Online Backup Scheduler (OnlineBackupScheduler) - Unknown owner - C:\Programmer\Online Backup Manager\bin\Scheduler.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programmer\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

--
End of file - 8208 bytes

Der er ikke mere at komme efter, har det hjulpet?

Tusen tak for hjælpen det ser ud til at vare i orden . Nu ska du bare svare for at få pointerne.

Det kommer her. :-)

Nu var jeg måske lidt for ivrig, det har genstartet igen.????????????????????

Det vil se at formatering er oundgåeligt???????????????????????

nu ser det ud til at det er ok.

har du fået pointerne

Ja det er i orden, tak for point. :-)

OK