forkert søgning ved fejltastninger

Du er blevet offer for en browserhijacker.*S* (Sorry)

Gå ind her og hent Spybot og Hijackthis.
http://www.spywarefri.dk/vaerktoj.htm
Installer og kør Spybot, opdater online, scan, afhjælp valgte problemer, genstart.
Derefter udpakker og kører du Hijackthis, scan, save log og kopier logfilen herind, så kigger vi på den.
Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.

Hvilken søgeside er det??? Microsoft søgeside???

Har du installeret MessengerPlus?

Jeg fåe your.com, www.dk.freephonenames.com/index.asp eller www.com.org frem hver gang jeg taster forkers.

Jeg prøver og vender tilbage

Jeg tro det må være det her

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://http://dk.search.yahoo.com/search/dk/options?p=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/startside/startside.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0406&s=search&i=dan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

Hvor er resten?
Det er kun lidt af logfilen, jeg er nødt til at have det hele.

Her er det hele

Logfile of HijackThis v1.97.2
Scan saved at 13:18:29, on 17-09-2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAMMER\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SOINTGR.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAMMER\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAMMER\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
D:\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAMMER\DIVX\DIVX PRO CODEC\GAIN_TRICKLER_3202.EXE
C:\PROGRAMMER\FæLLES FILER\REAL\UPDATE_OB\EVNTSVC.EXE
C:\PROGRAMMER\BROWSER MOUSE\BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\PROGRAMMER\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAMMER\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMER\KODAK\HYDRA_DR\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SHUTDOWNAWARE.EXE
D:\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\PROGRAMMER\BARGAIN BUDDY\BIN2\BARGAINS.EXE
C:\PROGRAMMER\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAMMER\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAMMER\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMER\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\PROGRAMMER\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PROFILES\RENE\SKRIVEBORD\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://http://dk.search.yahoo.com/search/dk/options?p=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///D:/startside/startside.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0406&s=search&i=dan
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAMMER%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\to1zrk6i.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL
O3 - Toolbar: Yahoo! Netmakker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O3 - Toolbar: CNET SearchBar - {862fb893-b24b-4fad-80d3-a1158eb34db4} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNETSEARCHBAR.DLL (file missing)
O3 - Toolbar: Jubii - {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} - C:\WINDOWS\DOWNLO~1\JUBII.DLL
O3 - Toolbar: De Gule Sider - {D4003A01-9B2C-4e24-9CD2-8D7DB1BDE096} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\DGSTOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [Skan registreringsdatabase] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmer\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmer\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] "C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE"
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\SYSTEM\hpoopm07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CXMon] "C:\Programmer\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Trickler] "c:\programmer\divx\divx pro codec\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmer\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Dcfssvc] C:\Programmer\KODAK\HYDRA_DR\dcfssvc.exe --pdr: "C:\Programmer\KODAK\HYDRA_DR\dcmnter.pdr"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Shutdownaware] C:\WINDOWS\Shutdownaware.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\MOUSE\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [Bargains] C:\Programmer\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] c:\windows\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [HC Reminder] hc.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\RunOnce: [test]

O4 - HKCU\..\RunOnce: [test]

O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - User Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Programmer\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmer\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Get Alexa Data - res://alxtb.dll/sitedata.htm
O8 - Extra context menu item: See Related Links - res://alxtb.dll/related.htm
O8 - Extra context menu item: Write a Review... - res://alxtb.dll/review.htm
O8 - Extra context menu item: Mail to a Friend... - res://alxtb.dll/mailto.htm
O8 - Extra context menu item: Alexa Web Search - res://alxtb.dll/search.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page - res://C:\WINDOWS\GOOGLETOOLBAR.DLL/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Adgang for alle fjernbetjening (HKLM)
O9 - Extra 'Tools' menuitem: Adgang for alle fjernbetjening (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Alexa (HKLM)
O9 - Extra 'Tools' menuitem: Alexa Toolbar (HKLM)
O9 - Extra button: TvGuide (HKLM)
O9 - Extra 'Tools' menuitem: TvGuide.dk (HKLM)
O9 - Extra button: Degulesider Toolbar (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .vbs: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.es/activescan/as/asinst.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.axis.com/products/camera_servers/AxisCamControl.ocx
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.virus112.com/xscan53.cab
O16 - DPF: LiveWorld EZTalk 3.0 - http://bizchat.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: {26AFD6EF-C017-4063-B2B1-E515DE98A1B7} - http://download.kodak.com/digital/software/easyShare/v2_1/install.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37868.0594907407
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {1B4381C2-844D-4384-A596-D1673BBABE8A} (tv2.AutoUdfyld) - http://vind.tv2.dk/inc/autoudfyld.ocx
O16 - DPF: {CA68BDCC-579C-4730-99F5-37C4E206E4F9} - http://download.alexa.com/clients/AlexaIE65_6.0.1.5.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {6717CD4A-6B79-4442-9703-A1ED995124D5} (instctrl Class) - http://download.verisign-grs.com/plug-in/i-navInstCtrl.cab
O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} - http://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Netmakker) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
O16 - DPF: {862FB893-B24B-4FAD-80D3-A1158EB34DB4} (CNET SearchBar) - http://www.search.com/cnetsearchbar.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} (Jubii) - http://toolbar.min.jubii.dk/toolbar/dk/jubii.cab
O16 - DPF: {AD90E32F-1FE2-11D3-88C8-006008A717FD} (NCSProgressBar Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} (De Gule Sider) - http://degulesider.dk/tool/DGSCab.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://de.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {0EB1CA3E-C9C7-42B6-8016-B0CBA435E291} (ImclCtl Class) - http://www.messenger.jubii.dk/messenger/client/ActiveXMsgrCore.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/da/deleon/1.1.62-deleon/GoogleNav.cab

Kan du overhovedet se dine åbne vinduer for toolbars?
Der er godt nok mange forskellige i.
Det tager mindst en time at tjekke det her igennem, i mellemtiden kan du hente IE 5.5 her, du kan også tage 6.0 med SP1.
http://www.it-service.sdu.dk/vis.php?side=84

Kør Hijackthis igen, scan og sæt flueben i alle de linier jeg har listet nedenunder, dobbelttjek for at være sikker.
Luk alle vinduer undtaget Hijackthis og klik på Fix checked, genstart derefter i fejlsikret tilstand og slet de to filer jeg har listet nedenunder.
Genstart normalt, og læg en ny logfil herind, så jeg lige kan tjekke at alt kom med.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://http://dk.search.yahoo.com/search/dk/options?p=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://auto.search.msn.com:3128@arheo.com/search.htm (obfuscated
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dk.rd.companion.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O3 - Toolbar: Yahoo! Netmakker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_7.DLL
O3 - Toolbar: CNET SearchBar - {862fb893-b24b-4fad-80d3-a1158eb34db4} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\CNETSEARCHBAR.DLL (file missing)
O3 - Toolbar: Jubii - {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} - C:\WINDOWS\DOWNLO~1\JUBII.DLL
O3 - Toolbar: De Gule Sider - {D4003A01-9B2C-4e24-9CD2-8D7DB1BDE096} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\DGSTOOLBAR.DLL
O4 - HKLM\..\Run: [Trickler] "c:\programmer\divx\divx pro codec\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [Bargains] C:\Programmer\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\RunOnce: [test]

O4 - HKCU\..\RunOnce: [test]

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Get Alexa Data - res://alxtb.dll/sitedata.htm
O8 - Extra context menu item: See Related Links - res://alxtb.dll/related.htm
O8 - Extra context menu item: Write a Review... - res://alxtb.dll/review.htm
O8 - Extra context menu item: Mail to a Friend... - res://alxtb.dll/mailto.htm
O8 - Extra context menu item: Alexa Web Search - res://alxtb.dll/search.htm
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Alexa (HKLM)
O9 - Extra 'Tools' menuitem: Alexa Toolbar (HKLM)
O9 - Extra button: Degulesider Toolbar (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: LiveWorld EZTalk 3.0 - http://bizchat.liveworld.com/java/ezmed/ezmed.cab
O16 - DPF: {CA68BDCC-579C-4730-99F5-37C4E206E4F9} - http://download.alexa.com/clients/AlexaIE65_6.0.1.5.cab
O16 - DPF: {470A6E01-15A3-49B3-B8B9-8EDF4AC1A480} - http://sp.ask.com/docs/teoma/toolbar/download/teomab-inst.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Netmakker) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_0_2_7.cab
O16 - DPF: {862FB893-B24B-4FAD-80D3-A1158EB34DB4} (CNET SearchBar) - http://www.search.com/cnetsearchbar.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DBF7-FD79BED5FA7D} (Jubii) - http://toolbar.min.jubii.dk/toolbar/dk/jubii.cab
O16 - DPF: {AD90E32F-1FE2-11D3-88C8-006008A717FD} (NCSProgressBar Class) - http://130.228.229.67/ecwplugins/ncs.cab
O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} (De Gule Sider) - http://degulesider.dk/tool/DGSCab.cab

-------------------------------------------------------------------
Bruger du Netscape? Ellers væk.
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAMMER%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\to1zrk6i.slt\prefs.js)
------------------------------------------------------------------------
Slettes fra fejlsikret tilstand.
C:\PROGRAMMER\DIVX\DIVX PRO CODEC\GAIN_TRICKLER_3202.EXE
C:\PROGRAMMER\BARGAIN BUDDY\BIN2\BARGAINS.EXE

jeg har fået det til at virke, jeg ved ikke havd jeg har gjordt med du får pointen

Tak for point.*S*