w32.myzor.FK@yf - sikker fjernelse

http://www.eksperten.dk/artikler/1123

prøv at bruge denne vejledning. Så vil en der kan kikke på en log sandsynligvis hjælpe dig med den.

Hej Samsoniens,

Tak for svaret, og jeg følger bare linket og gør det artiklen tilråder, ikk? Når du skriver at en der kan kikke på en log vil hjælpe, betyder det så at jeg skal kopiere noget og sætte det ind her?

http://www.eksperten.dk/spm/471753

Jeg giver dig et eksempel på en log. Så kan de, der kan læse den se om der er fejl.

Det laver værktøjet hijackhis for dig og så skal du bare kopiere det. Det har programmet hijackthis lavet og du  skal evt fjerne nogle ting, der er forkerte

men som du selv siger. Følg guiden

Nej det må jeg sige, du er simpelthen guld værd Samsonjens!!

Jeg er i fuld sving med at køre de forskellige programmer og har lige kørt Hijack!! Tusind tak!

Jeg sætter også lige Hijack log ind her for en sikkerheds skyld:

Logfile of HijackThis v1.99.1
Scan saved at 10:43:33, on 27-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\HP\QuickPlay\QPService.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SpyNoMore\SNM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Programmer\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Programmer\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Hans Tornemand\Skrivebord\Til rensning af computer\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton-værktøjslinjen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmer\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmer\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SNM] C:\Programmer\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: HP Photosmart Premier Hurtig start.lnk = C:\Programmer\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.sparnord.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programmer\Mahjong Escape - Ancient Japan\Images\stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programmer\Mahjong Escape - Ancient Japan\Images\armhelper.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmer\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe

Og loggen fra Rootchk:

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
27-02-2008 12:02:16,92

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:02:17
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0

Loggen fra combofix:
ComboFix 08-02-25.3 - Hans Tornemand 2008-02-27 12:07:04.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.389 [GMT 1:00]
Running from: C:\Documents and Settings\Hans Tornemand\Skrivebord\Til rensning af computer\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmer\Helper
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2008-01-27 to 2008-02-27  )))))))))))))))))))))))))))))))
.

2008-02-27 09:22 . 2008-02-27 09:31    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-27 09:22 . 2008-02-27 09:22    <DIR>    d--------    C:\Documents and Settings\Hans Tornemand\Application Data\SUPERAntiSpyware.com
2008-02-27 09:22 . 2008-02-27 09:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 09:13 . 2008-02-27 09:13    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-16 14:15 . 2008-02-16 14:25    <DIR>    d--------    C:\Programmer\SpyNoMore
2008-02-16 14:15 . 2008-02-16 14:15    1,152    --a------    C:\WINDOWS\system32\windrv.sys
2008-02-16 12:47 . 2008-02-16 12:55    <DIR>    d--------    C:\Documents and Settings\Hans Tornemand\.housecall6.6
2008-02-16 12:47 . 2008-02-16 12:47    102,664    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-14 14:42 . 2008-02-14 14:42    118    --a------    C:\WINDOWS\system32\MRT.INI
2008-02-14 12:28 . 2008-02-16 12:34    <DIR>    d--------    C:\Programmer\NoAdware5.0
2008-02-14 11:02 . 2008-02-27 10:26    <DIR>    d--------    C:\Programmer\NetProject

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 11:06    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-02-27 09:44    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-27 08:22    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-16 12:50    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-16 12:13    ---------    d-----w    C:\Programmer\Google
2008-01-15 14:43    ---------    d-----w    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2008-01-15 08:54    10,537    ----a-w    C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 04:28    706    ----a-w    C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-14 19:20    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-01-14 19:18    ---------    d-----w    C:\Programmer\Windows Live
2008-01-14 19:17    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-12 17:32    23,904    ----a-w    C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 05:40    44,544    ----a-w    C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:54    347,136    ----a-w    C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51    179,584    ------w    C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:13    3,592,192    ------w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 10:59    70,656    ------w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 10:59    625,664    ------w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 04:59    161,792    ------w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-05 18:42    60,800    ----a-w    C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41    550,912    ------w    C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-10-20 17:44    552    ----a-w    C:\Documents and Settings\Hans Tornemand\Application Data\wklnhst.dat
2005-09-24 06:49    12,288    ----a-w    C:\WINDOWS\Fonts\RandFont.dll
2006-10-21 00:21    22    --sha-w    C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 22:00 15360]
"OM_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 18:19 57344]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpWirelessAssistant"="C:\Programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 17:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-21 15:16 7561216]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 06:46 761948]
"QPService"="C:\Programmer\HP\QuickPlay\QPService.exe" [2006-04-11 20:54 102400]
"HP Software Update"="C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 10:38 131072]
"Cpqset"="C:\Programmer\HPQ\Default Settings\cpqset.exe" [2006-01-26 15:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23 1187840]
"OpwareSE2"="C:\Programmer\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Programmer\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 19:22 77824]
"OM_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 18:19 40960]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"SNM"="C:\Programmer\SpyNoMore\SNM.exe" [2007-11-15 12:02 1212368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 22:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Pavilion Webcam Tray Icon.lnk - C:\Programmer\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2006-10-20 19:11:47 98304]
HP Photosmart Premier Hurtig start.lnk - C:\Programmer\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=

R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-09 14:50]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 15:49]
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 06:07]

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 09:32:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-02-08 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Kør fuld systemskanning - Hans Tornemand.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = C:\Programmer\HPQ\Default Settings\cpqset.exe????????? ???@????????? ?????@?????hV????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 12:09:52
ComboFix-quarantined-files.txt  2008-02-27 11:09:49
.
2008-02-27 06:32:17    --- E O F --- 

Og Loggen fra SuperAntispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/27/2008 at 10:22 AM

Application Version : 3.7.1018

Core Rules Database Version : 3410
Trace Rules Database Version: 1402

Scan type      : Complete Scan
Total Scan Time : 00:50:42

Memory items scanned      : 548
Memory threats detected  : 0
Registry items scanned    : 5950
Registry threats detected : 36
File items scanned        : 36890
File threats detected    : 79

Trojan.Media-Codec/V4
    HKLM\Software\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
    HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
    HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32
    HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32#ThreadingModel
    C:\PROGRAMMER\NETPROJECT\SBMDL.DLL
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher

Trojan.Smitfraud Variant/IE Anti-Spyware
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url
    C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url

Trojan.Media-Codec
    HKU\S-1-5-21-1481665415-1287313580-3591974245-1006\Software\Internet Security
    C:\Programmer\Perfect Codec

Adware.Zango Toolbar/Hb
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid32
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib#Version

Trojan.DNSChanger-Codec
    HKCR\CLSID\E404.e404mgr
    HKCR\CLSID\E404.e404mgr#UserId

Adware.E404 Helper/Hij
    HKCR\E404.e404mgr
    HKCR\E404.e404mgr\CLSID
    HKCR\E404.e404mgr\CurVer
    HKCR\E404.e404mgr.1
    HKCR\E404.e404mgr.1\CLSID
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
    HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
    HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Adware.Tracking Cookie
    C:\Documents and Settings\Hans Tornemand\Cookies\hans_tornemand@adtech[1].txt
    C:\Documents and Settings\Hans Tornemand\Cookies\hans_tornemand@track.adform[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ad.fenopy[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ad.ofir[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@adfarm1.adition[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@adinterax[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ads.allyourfacearebelongto[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ads.pubmatic[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ads2.jubii[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@azjmp[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@banner.fynskemedier[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@banner.gratis-ting[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@countercentral[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@divx.adbureau[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@findboliger[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@findvej[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@focalex[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@indexstats[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ljohnstone.freestats[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@media.mtvnservices[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@ncom.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@pulz.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@server.cpmstar[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@smileycentral[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@stat.postdanmark[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@stats[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@videoegg.adbureau[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle tornemand@www.clickmanage[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ad.lookery[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ad.yieldmanager[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ad1.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adbrite[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adfair[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ads.adbrite[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@ads.revsci[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adserver.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@adserver.mediarun[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@advertising[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@atdmt[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@atwola[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@casalemedia[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@click.tdc-online[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@doubleclick[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@dtftravel.112.2o7[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@e2.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@eas.apm.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@eas4.emediate[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@freefind[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@indextools[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@overture[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@qxl.adservinginternational[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@qxl.banneradministration[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@rocku.adbureau[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@socialmedia[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@specificclick[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@track.adform[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@track.webtrekk[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tracking.3gnet[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tracking.notabenestats[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tradedoubler[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@traffictracker[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@tribalfusion[1].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.burstnet[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[2].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[3].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[4].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@www.googleadservices[5].txt
    C:\Documents and Settings\Helle Tornemand\Cookies\helle_tornemand@xiti[1].txt

Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\HANS TORNEMAND\FORETRUKNE\ONLINE SECURITY TEST.URL

Trojan.Media-Codec/V5
    C:\PROGRAMMER\NETPROJECT\SBSM.EXE
    C:\PROGRAMMER\NETPROJECT\WAUN.EXE
    C:\WINDOWS\Prefetch\SBSM.EXE-286736D7.pf

Adware.E404 Helper/Variant-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{BDBBC4E5-340F-44E9-B5C7-0940D7A1A3AD}\RP217\A0023441.DLL

Det var alle de logge som artiklen foreskrev jeg skulle uploade. Jeg håber der nogen som kan hjælpe med problemet.

Du er vist nødt til at lukke spøgsmålet her. Det er ikke tilladt at have et spørgsmål flere steder og jeg kan se du er kørt videre.her  http://www.eksperten.dk/spm/821349

Du lægger bare et svar selv og trykker accepter.

ja jeg var lidt i tvivl om man startede en ny tråd eller hvordan man greb det an. Men jeg lukker ned her!! Og igen mange tak for din hjælp, det kan være uoverskueligt, når man ikke er inde i den tekniske del!!

over and out

Jeg glemte at skrive at du lige skal markere dit navn nederst og trykke accepter.