kan ikke systemgendanne Har Hijackthislog her

... ikke køre malwarebytes antilmalware ... - hvad sker der da ?

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

CCleaner er installeret og kørt.
Og det fik lov at rydde op.

Antimalware er også installeret, men når jeg dobbeltklikker sker der nada. blot et timeglas i 2 sekunder og derefter intet

... så ta' denne først ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Når du GEMMER filen så kald den noget andet end navnet Combofix.exe !!!

-- Kør så [hvad du nu kaldte den].exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Lige et uskyldigt spørgsmål: Hvorfor må combofix ikke gemmes som combofix.exe ?

Her er loggen fra combofix:
ComboFix 09-09-18.02 - Administrator 20-09-2009 21:41.1.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3001.2616 [GMT 2:00]
Kører fra: c:\documents and settings\Administrator\Skrivebord\fixtools\fixer.exe
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Norman Security Suite *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
* Dannede nyt systemgendannelsespunkt

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Alcmtr.exe
c:\windows\Installer\103740.msp
c:\windows\Installer\1138c4.msi
c:\windows\Installer\189363.msp
c:\windows\Installer\1d6229.msp
c:\windows\Installer\1df707.msp
c:\windows\Installer\1f0e24.msp
c:\windows\Installer\1fad04.msp
c:\windows\Installer\219591.msp
c:\windows\Installer\219592.msp
c:\windows\Installer\219593.msp
c:\windows\Installer\2226db.msp
c:\windows\Installer\22f63.msp
c:\windows\Installer\24091a.msp
c:\windows\Installer\2509b2.msp
c:\windows\Installer\2586b2.msp
c:\windows\Installer\273c80.msp
c:\windows\Installer\281e83.msp
c:\windows\Installer\284564.msp
c:\windows\Installer\2879d2.msp
c:\windows\Installer\28a201.msp
c:\windows\Installer\28a46d.msp
c:\windows\Installer\28ed4b.msp
c:\windows\Installer\28f3ae.msp
c:\windows\Installer\28aa39.msp
c:\windows\Installer\2a48b6.msp
c:\windows\Installer\2b2ccd.msp
c:\windows\Installer\2b6669.msp
c:\windows\Installer\2beca1.msp
c:\windows\Installer\2c1d38.msp
c:\windows\Installer\2c1ff7.msp
c:\windows\Installer\2d9dd.msp
c:\windows\Installer\3019c8.msp
c:\windows\Installer\30306e.msp
c:\windows\Installer\31a7cc.msp
c:\windows\Installer\32daa4.msp
c:\windows\Installer\3357ed.msp
c:\windows\Installer\3447c.msp
c:\windows\Installer\34c0f3.msp
c:\windows\Installer\3544f8.msp
c:\windows\Installer\35f491.msp
c:\windows\Installer\36582b.msp
c:\windows\Installer\37136e.msp
c:\windows\Installer\37801.msp
c:\windows\Installer\37de31.msp
c:\windows\Installer\38e2ef.msp
c:\windows\Installer\3ad69.msp
c:\windows\Installer\42cf28.msp
c:\windows\Installer\476097.msp
c:\windows\Installer\4ac954.msp
c:\windows\Installer\4bcf99.msp
c:\windows\Installer\4d0c8e.msp
c:\windows\Installer\6c066d.msp
c:\windows\msa.exe
c:\windows\msc.exe
c:\windows\msd.exe
c:\windows\mse.exe
c:\windows\Suyin.reg
c:\windows\system32\41-v5.exe.tmp
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\UACxvkonqoefy.sys
c:\windows\system32\msXMlm.dll
c:\windows\system32\ndisapi.dll
c:\windows\system32\NetFilter.exe
c:\windows\system32\UACavfbdudujt.dll
c:\windows\system32\UACblqyyqmlms.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnbmqxetsto.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_NDISRD
-------\Service_NDISRD


(((((((((((((((((((((((((((((  Filer skabt fra 2009-08-20 til 2009-09-20  )))))))))))))))))))))))))))))))))))
.

2009-09-20 19:27 . 2009-09-20 19:27    --------    d-sh--w-    c:\documents and settings\Administrator\IECompatCache
2009-09-20 19:26 . 2009-09-20 19:26    --------    d-sh--w-    c:\documents and settings\Administrator\PrivacIE
2009-09-20 19:23 . 2009-08-03 11:36    38160    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 19:23 . 2009-09-20 19:25    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-09-20 19:23 . 2009-09-20 19:23    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-20 19:23 . 2009-08-03 11:36    19096    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-09-20 19:16 . 2009-09-20 19:16    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-09-20 19:16 . 2009-09-20 19:16    --------    d-----w-    c:\programmer\Java
2009-09-20 19:03 . 2009-09-20 19:03    --------    d-----w-    c:\programmer\Trend Micro
2009-09-20 18:11 . 2009-09-20 18:11    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2009-09-20 18:11 . 2009-09-20 18:11    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-20 18:09 . 2009-09-20 18:09    --------    d-----w-    c:\documents and settings\Administrator\Application Data\TeamViewer
2009-09-20 18:06 . 2009-09-20 18:06    --------    d-----w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Identities
2009-09-20 18:06 . 2009-09-20 18:06    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-09-20 18:06 . 2009-09-20 19:26    --------    d-----w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Google
2009-09-20 17:12 . 2009-09-20 17:12    --------    d-----w-    c:\programmer\CCleaner
2009-09-20 17:03 . 2009-09-20 17:03    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2009-09-06 11:17 . 2009-09-06 11:17    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2009-08-22 15:51 . 2009-08-22 15:51    --------    d-----w-    c:\documents and settings\Klaus\NTI-Shadow

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 19:46 . 2009-07-03 15:04    12    ----a-w-    c:\windows\bthservsdp.dat
2009-09-20 19:20 . 2009-07-03 17:11    --------    d-----w-    c:\programmer\Norman
2009-09-20 14:14 . 2008-09-11 05:44    --------    d-----w-    c:\programmer\Microsoft SQL Server
2009-09-17 14:27 . 2009-07-27 11:05    --------    d-----w-    c:\programmer\Microsoft Silverlight
2009-08-22 15:52 . 2009-07-11 11:51    952    --sha-w-    c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-17 17:02 . 2008-09-11 06:01    1024    ---h--r-    c:\windows\system32\NTIMP3.dll
2009-08-11 16:49 . 2009-08-11 16:49    --------    d-----w-    c:\programmer\Fælles filer\Uninstall
2009-08-05 09:00 . 2008-04-15 12:00    204800    ----a-w-    c:\windows\system32\mswebdvd.dll
2009-07-29 08:58 . 2009-07-29 08:58    --------    d-----w-    c:\documents and settings\Klaus\Application Data\Windows Search
2009-07-29 08:46 . 2009-07-03 14:52    --------    d-----w-    c:\documents and settings\All Users\Application Data\Corel
2009-07-28 14:09 . 2009-07-28 14:09    --------    d-----w-    c:\documents and settings\Fælles\Application Data\InterVideo
2009-07-28 14:09 . 2009-07-28 14:09    --------    d-----w-    c:\documents and settings\Fælles\Application Data\Corel
2009-07-28 14:09 . 2009-07-13 08:42    91216    ----a-w-    c:\documents and settings\Fælles\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-07-28 14:08 . 2009-07-28 14:08    --------    d-----w-    c:\documents and settings\Fælles\Application Data\Windows Desktop Search
2009-07-28 08:14 . 2009-07-27 11:04    --------    d-----w-    c:\programmer\Windows Desktop Search
2009-07-27 11:24 . 2008-09-11 13:26    91216    ----a-w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-07-27 11:19 . 2009-07-27 11:19    --------    d-----w-    c:\programmer\Microsoft
2009-07-27 11:18 . 2008-09-11 06:13    530388    ----a-w-    c:\windows\system32\perfh006.dat
2009-07-27 11:18 . 2008-09-11 06:13    110308    ----a-w-    c:\windows\system32\perfc006.dat
2009-07-27 11:16 . 2009-07-27 11:16    --------    d-----w-    c:\programmer\MSBuild
2009-07-27 11:16 . 2009-07-27 11:16    --------    d-----w-    c:\programmer\Reference Assemblies
2009-07-27 11:05 . 2009-07-27 11:05    --------    d-----w-    c:\documents and settings\Klaus\Application Data\Windows Desktop Search
2009-07-27 07:24 . 2009-07-27 07:24    --------    d-----w-    c:\documents and settings\All Users\Application Data\NtiDvdCopy
2009-07-24 13:16 . 2009-07-24 13:16    --------    d-----w-    c:\programmer\Windows Media Connect 2
2009-07-17 19:03 . 2008-04-15 12:00    58880    ----a-w-    c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-15 12:00    286208    ----a-w-    c:\windows\system32\wmpdxm.dll
2009-07-13 08:44 . 2009-07-13 08:42    135    ----a-w-    c:\documents and settings\Fælles\Lokale indstillinger\Application Data\fusioncache.dat
2009-07-04 05:35 . 2004-09-21 21:28    546    ----a-w-    c:\windows\HotFix.bat
2009-07-04 05:35 . 2004-06-26 00:13    481    ----a-w-    c:\windows\HotFix2.bat
2009-07-03 16:59 . 2007-08-13 16:54    915456    ----a-w-    c:\windows\system32\wininet.dll
2009-07-03 14:58 . 2009-07-03 14:58    118784    ----a-w-    c:\windows\system32\VMC3KAPI.dll
2009-07-03 14:58 . 2009-07-03 14:58    114688    ----a-w-    c:\windows\system32\VCryptAPI.dll
2009-07-03 14:58 . 2009-07-03 14:58    23040    ----a-w-    c:\windows\system32\ShlCmd.exe
2009-07-03 14:58 . 2009-07-03 14:58    5632    ----a-w-    c:\windows\system32\biologon.dll
2009-07-03 14:58 . 2009-07-03 14:58    43184    ----a-w-    c:\windows\system32\drivers\AlfaFF.sys
2009-07-03 14:58 . 2009-07-03 14:58    331776    ----a-w-    c:\windows\system32\DrvCrypt.dll
2009-07-03 14:58 . 2009-07-03 14:58    16384    ----a-w-    c:\windows\system32\AlfaFF.dll
2009-07-03 14:58 . 2009-07-03 14:58    189952    ----a-w-    c:\windows\system32\PBAGUI.dll
2009-07-03 14:58 . 2009-07-03 14:58    208896    ----a-w-    c:\windows\system32\ATSC70PBA.dll
2009-07-03 14:48 . 2009-07-03 14:46    134    ----a-w-    c:\documents and settings\Klaus\Lokale indstillinger\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmer\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-03 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="c:\programmer\Realtek\Audio\InstallShield\AzMixerSel.exe" [2008-07-09 53248]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2008-07-09 1028096]
"IAAnotif"="c:\programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BkupTray"="c:\programmer\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-27 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"Google Desktop Search"="c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-03 24064]
"ProductReg"="c:\programmer\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"ZPdtWzdVitaKey MC3000"="c:\programmer\Acer\Acer Bio Protection\PdtWzd.exe" [2009-07-03 3686400]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 141848]
"eRecoveryService"="c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"Norman ZANDA"="c:\programmer\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]
"NPCTray"="c:\programmer\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-09 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
"DWQueuedReporting"="c:\progra~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Acer Empowering Technology.lnk - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe [2008-1-22 45056]
BTTray.lnk - c:\programmer\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-07-03 14:58    3077120    ----a-w-    c:\programmer\Acer\Acer Bio Protection\WinNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Programmer\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Programmer\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [03-07-2009 16:58 43184]
R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [03-07-2009 19:13 79752]
R1 NGS;Norman General Security Driver;c:\programmer\Norman\Ngs\Bin\ngs.sys [03-07-2009 19:21 22712]
R1 NPROSEC;Norman Security driver;c:\programmer\Norman\Ngs\Bin\nprosec.sys [03-07-2009 19:13 53816]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [03-07-2009 19:13 74624]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;c:\programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16-01-2008 11:01 30312]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\programmer\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03-03-2008 13:11 16384]
R2 Ndiskio;Ndiskio;c:\programmer\Norman\Nse\Bin\Ndiskio.sys [03-07-2009 19:13 20448]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\programmer\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25-04-2008 21:36 45056]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17-04-2007 20:09 11032]
R2 TeamViewer4;TeamViewer 4;c:\programmer\TeamViewer\Version4\TeamViewer_Service.exe [25-06-2009 09:22 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [04-07-2009 07:33 110080]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [09-07-2008 17:15 80784]
S2 IGBASVC;iGroupTec Service;c:\programmer\Acer\Acer Bio Protection\BASVC.exe [03-07-2009 16:58 3481088]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\programmer\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25-04-2008 21:36 131072]
S3 GoogleDesktopManager-080708-050100;Google Desktop-administrator 5.7.808.7150;c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe [03-07-2009 16:48 24064]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [14-04-2006 10:07 28933976]
S3 NPC;Norman Parental Control;c:\programmer\Norman\Npc\Bin\npcsvc32.exe [03-07-2009 19:13 416880]
S3 NUAA;Norman User Activity Agent;c:\programmer\Norman\Npc\Bin\nuaa.exe [03-07-2009 19:13 121912]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [03-07-2009 19:13 19512]
S3 nvcoas;Norman Virus Control on-access component;c:\programmer\Norman\nvc\bin\Nvcoas.exe [03-07-2009 19:13 195640]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programmer\Norman\Npm\Bin\Nvcsched.exe" --> c:\programmer\Norman\Npm\Bin\Nvcsched.exe [?]
S4 NPFSvc32;Norman Personal Firewall Service;c:\programmer\Norman\Npf\Bin\npfsvc32.exe [03-07-2009 19:13 597104]
S4 NPROSECSVC;Norman Security service;c:\programmer\Norman\Ngs\Bin\nprosec.exe [03-07-2009 19:13 121912]
S4 nsesvc;Norman Scanner Engine Service;c:\programmer\Norman\Nse\Bin\Nsesvc.exe [03-07-2009 19:13 310328]
S4 NVOY;Norman Resource Provider;c:\programmer\Norman\Npm\Bin\nvoy.exe [03-07-2009 19:13 126008]
S4 Scheduler;Norman Scheduler Service;c:\programmer\Norman\Npm\Bin\scheduler.exe [03-07-2009 19:22 130104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-09-20 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-09-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{F3A1C476-104E-4F0D-9E5E-2741CB7910BD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\programmer\Norman\npc\bin\nlf.dll
.
- - - - TOMME GENVEJE FJERNET - - - -

BHO-{500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
BHO-{A77D3539-581D-450C-9E44-A84C415A6172} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 21:47
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1513510354-2309785334-2065635394-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,22,f1,bd,5a,ee,4e,4d,92,96,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,22,f1,bd,5a,ee,4e,4d,92,96,c4,\
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\programmer\Acer\Acer Bio Protection\CompPtc.dll
c:\programmer\Acer\Acer Bio Protection\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll
c:\programmer\Acer\Acer Bio Protection\WinNotify.dll

- - - - - - - > 'explorer.exe'(888)
c:\windows\system32\btmmhook.dll
c:\programmer\Windows Desktop Search\deskbar.dll
c:\programmer\Windows Desktop Search\da-dk\dbres.dll.mui
c:\programmer\Windows Desktop Search\dbres.dll
c:\programmer\Windows Desktop Search\wordwheel.dll
c:\programmer\Windows Desktop Search\da-dk\msnlExtRes.dll.mui
c:\programmer\Windows Desktop Search\msnlExtRes.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\docume~1\ADMINI~1\LOKALE~1\temp\RtkBtMnt.exe
c:\programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\LightScribe\LSSrvc.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\searchindexer.exe
c:\programmer\TeamViewer\Version4\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Gennemført tid: 2009-09-20 21:50 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2009-09-20 19:50

Pre-Kørsel: 36.262.850.560 byte ledig
Post-Kørsel: 36.305.313.792 byte ledig

320    --- E O F ---    2009-09-20 14:14

Nu kan jeg køre malwarebytes lille tool

(Der er 'bandit' elementer/utøj som netop kigger efter navnet [Combofix.exe] og piller i den med det samme den bliver oprettet; og vil så ikke virke. Eller vil netop IKKE finde 'bandit' utøjet!!!)

Samme sker mht MalwareBytes programmet, som du nu har oplevet..

Husk at OPDATÉR MalwareBytes før kørsel...

Jepper. Er gjort,

Fandt 3 nisser af de dumme og dem har jeg fjernet

Har du kigget på logfil om der er mere der skal ryddes ud i?

... jeg bør (skal) se Malwarebytes log teksten her i tråden...

(Resten imorgen... håber jeg...)

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

20-09-2009 22:05:48
mbam-log-2009-09-20 (22-05-48).txt

Skan type: Hurtig skanning
Objekter skannet: 107440
Tid tilbagelagt: 4 minute(s), 40 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 1
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Programmer\Fælles filer\Uninstall\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\Programmer\Fælles filer\Uninstall\PersonalAV\Uninstall.lnk (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.

Nu vil jeg gå til køjs.

Har sat malwarebytes til at køre en komplet scan. Det kan den så hygge sig med mens jeg snorker :-)

Jeg smider en log imorgen tidlig

Hæ - så kommer du jo bare til at lave en til. Både program og database er meget gamle

Ref. #6 Husk at OPDATÉR MalwareBytes før kørsel... ...

Din Database version: 2551
Nyeste Database version: 2843 (i skrivende stund)

:-) damn,

Havde jeg sguda lige glemt i farten.

Nå men den gamle fandt 42 infektioner.

Kører en ny komplet og smider så en log ind sidst på eftermiddagen

nyeste version er 2834 :-)

Så har den kørt en komplet scan med nyeste db. Intet i logfilen.

... og så en frisk log fra HiJackThis ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:23, on 21-09-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
C:\Programmer\Norman\Npm\Bin\scheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\Programmer\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmer\Acer\Acer Bio Protection\BASVC.exe
C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Programmer\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TeamViewer\Version4\TeamViewer_Service.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\TeamViewer\Version4\TeamViewer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programmer\Norman\Npm\Bin\Njeeves.exe
C:\Programmer\Norman\npc\bin\npcsvc32.exe
C:\Programmer\Norman\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programmer\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmer\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\PLFSetI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmer\Norman\npf\bin\npfuser.exe
C:\Programmer\Norman\nse\bin\NSESVC.EXE
C:\Programmer\Norman\Nvc\Bin\Nip.exe
C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
C:\Programmer\Norman\Nvc\Bin\cclaw.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmer\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Programmer\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Program Files\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProductReg] C:\Programmer\Acer\WR_PopUp\ProductReg.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Programmer\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmer\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programmer\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmer\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\programmer\norman\npc\bin\nlf.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246642480781
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Programmer\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Programmer\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Programmer\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: Google Desktop-administrator 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Programmer\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Programmer\Fælles filer\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Programmer\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Programmer\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Programmer\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Programmer\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programmer\Norman\nse\bin\NSESVC.EXE
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Programmer\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Programmer\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Programmer\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Programmer\Norman\Npm\Bin\Nvcsched.exe (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Programmer\Norman\npm\bin\nvoy.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Programmer\Fælles filer\Protexis\License Service\PsiService_2.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Programmer\Norman\Npm\Bin\scheduler.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Programmer\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 12766 bytes

BINGO - hvordan kører dyret/spanden/PC'en så nu ?

Nu spinder den som en Norsk Skovkat ;-)

Det er en bekendts LapTop - Acer TravelMate 7730

Alm. oprydning - du ka' afinstall følgende (forventer ikke at du bruger det...) ->

* NTI Backup Now 5
* Google Desktop Search
* Windows Desktop Search

---

Rydde op efter Combofix:

[Start][Kør]
Combofix  /u

---

Ta' en oprydning med nævnte CCleaner...

---

Du er velkommen en anden gang...

Der er ikke mere 'snavs' ifølge din Log...

Efter sådan en omgang skal du lige fjerne de inficerede filer i system restore.

Windows XP:
1. Højreklik på > Denne Computer > Egenskaber > Systemgendannelses.
2. Sæt flueben i > Deaktiver Systemgendannelse> Anvend > OK.
3. Dobbeltklik på > Denne computer > højreklik på (C:) drevet > Egenskaber.
5. Klik på > Diskoprydning > Flere indstillinger.
6. I feltet Systemgendannelse, klik på "Ryd op".
7. Luk alle vinduer og genstart computeren.
8. Efter genstart > Aktiver Systemgendannelse på samme måde du deaktiverede det - Punkt 2 bare omvendt...

Norsk Skovkat ->
http://www.hemmingsvej.dk/frac/baloo/baloo-049.jpg
*S*

takker og bukker :-)