Kan ikke fjerne det hele selv.

KillDisk kan fjerne alt *GH* !!!

Afinstaler
* MyWebSearch
via
... kontrolpanel - Fjern programmer...

Genstart normalt...

--------

Der ER flere uønskede elementer så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Ikke helt hun sidder stadig og drikker kaffe.....

jamen så fik jeg gjort som beskrevet i artikelen, og det gav jo en masse bogstaver..

ComboFix 08-03-25.4 - Kaj Hendriksen 2008-03-26 19:28:37.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.88 [GMT 1:00]
Running from: C:\Documents and Settings\Kaj Hendriksen\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-02-26 to 2008-03-26  )))))))))))))))))))))))))))))))
.

2008-03-26 18:45 . 2008-03-26 18:45    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-03-26 18:45 . 2008-03-26 18:45    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-03-26 18:45 . 2008-03-26 18:45    <DIR>    d--------    C:\Documents and Settings\Kaj Hendriksen\Application Data\SUPERAntiSpyware.com
2008-03-26 18:45 . 2008-03-26 18:45    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-26 17:37 . 2008-03-26 17:37    <DIR>    d--------    C:\Programmer\Trend Micro
2008-03-26 15:06 . 2008-03-26 15:10    <DIR>    d--------    C:\Documents and Settings\Kaj Hendriksen\DoctorWeb
2008-03-26 15:00 . 2008-03-26 15:00    <DIR>    d--------    C:\Programmer\CCleaner

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 15:05    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2008-03-26 14:38    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-03-26 14:10    ---------    d-----w    C:\Programmer\Fælles filer\SletingenVirus
2008-03-26 13:32    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-02-12 17:08    ---------    d-----w    C:\Programmer\Java
2008-02-12 17:06    ---------    d-----w    C:\Programmer\Fælles filer\Java
2008-01-30 18:50    260,128    ----a-w    C:\Documents and Settings\Kaj Hendriksen\Application Data\setup_dk[1].exe
2008-01-30 16:21    ---------    d-----w    C:\Programmer\Fælles filer\SikkerPCVaerktoj
2008-01-26 02:35    4,113,929    ----a-w    C:\Documents and Settings\Kaj Hendriksen\scan.dat
2007-12-30 12:34    11,048    ----a-w    C:\Documents and Settings\Kaj Hendriksen\Application Data\ViewerApp.dat
2007-12-06 16:29    259,616    ----a-w    C:\Documents and Settings\Kaj Hendriksen\Application Data\systemerrorrepairinstallfull_dk[1].exe
2004-10-29 17:34    32    --sha-w    C:\WINDOWS\{5C84FA73-7FBD-4AE5-AD17-95F95C505859}.dat
2004-10-29 16:56    32    --sha-w    C:\WINDOWS\{C4FA9260-E98D-4D3A-850B-25D323B81796}.dat
2007-09-25 08:33    6,440    --sh--w    C:\WINDOWS\system32\efhkj.bak1
2007-09-25 21:07    6,440    --sh--w    C:\WINDOWS\system32\efhkj.bak2
2007-09-23 16:44    6,440    --sh--w    C:\WINDOWS\system32\fgjlm.bak1
2007-09-27 12:23    6,440    --sh--w    C:\WINDOWS\system32\jjkmp.bak1
2007-09-24 02:02    6,440    --sh--w    C:\WINDOWS\system32\mpqss.bak1
2007-09-25 13:48    6,440    --sh--w    C:\WINDOWS\system32\qrqss.bak1
2007-10-31 18:18    49,595    --sh--w    C:\WINDOWS\system32\qrqss.bak2
2007-09-22 19:28    6,440    --sh--w    C:\WINDOWS\system32\utstv.bak1
2007-09-22 17:19    6,440    --sh--w    C:\WINDOWS\system32\wvvwa.bak1
2004-10-29 16:56    32    --sha-w    C:\WINDOWS\system32\{7CE45DF4-25FD-4E9E-A03C-1B439C11AA89}.dat
2004-10-29 17:34    32    --sha-w    C:\WINDOWS\system32\{80AA4F38-761B-477F-934F-528878128D55}.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"License Manager"="C:\Programmer\License_Manager\license_manager.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 09:16 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"cookw"="C:\PROGRA~1\FLLESF~1\SIKKER~1\cookw.exe" [2007-08-15 11:02 211968]
"NI.UGESK_0001_N122M2611"="c:\documents and settings\kaj hendriksen\application data\setup_dk[1].exe" [2008-01-30 19:50 260128]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53 15360]
"Windows DNS Daemon"="windnsd.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Windows DNS Daemon"="windnsd.exe" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kaj Hendriksen^Menuen Start^Programmer^Start^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Kaj Hendriksen\Menuen Start\Programmer\Start\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-10-23 22:18 443968 C:\Programmer\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 19:30:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-26 19:31:23
ComboFix-quarantined-files.txt  2008-03-26 18:31:07
ComboFix2.txt  2008-03-26 18:18:02
.
2008-03-12 08:51:42    --- E O F ---

Hov glemte vist lidt..

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/26/2008 at 06:54 PM

Application Version : 4.0.1154

Core Rules Database Version : 3425
Trace Rules Database Version: 1417

Scan type      : Quick Scan
Total Scan Time : 00:06:25

Memory items scanned      : 309
Memory threats detected  : 0
Registry items scanned    : 302
Registry threats detected : 56
File items scanned        : 4159
File threats detected    : 78

Adware.MyWebSearch
    HKU\S-1-5-21-1645522239-1844823847-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\Programmable
    HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\TypeLib

Adware.Tracking Cookie
    C:\Documents and Settings\Kaj Hendriksen\Cookies\kaj_hendriksen@doubleclick[1].txt
    C:\Documents and Settings\Kaj Hendriksen\Cookies\kaj_hendriksen@track.adform[2].txt
    C:\Documents and Settings\Kaj Hendriksen\Cookies\kaj_hendriksen@adtech[1].txt
    C:\Documents and Settings\Kaj Hendriksen\Cookies\kaj_hendriksen@www.livewebstats[1].txt
    C:\Documents and Settings\Kaj Hendriksen\Cookies\kaj_hendriksen@statse.webtrendslive[1].txt
    C:\Documents and Settings\Kaj Hendriksen\Cookies\kaj_hendriksen@mediaplex[1].txt
    C:\Documents and Settings\NetworkService\Cookies\system@hotbar[2].txt
    C:\Documents and Settings\NetworkService\Cookies\system@mywebsearch[1].txt

Unclassified.Unknown Origin
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}#AppID
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\InprocServer32#ThreadingModel
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\ProgID
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\Programmable
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\TypeLib
    HKCR\CLSID\{B3E19860-0CD5-4991-A066-4FCA2704DE59}\VersionIndependentProgID

Adware.MovieLand/MediaPipe
    HKCR\MPAgent.Agent
    HKCR\MPAgent.Agent\CLSID
    HKCR\MPAgent.Agent\CurVer
    HKCR\MPAgent.Agent.1
    HKCR\MPAgent.Agent.1\CLSID
    HKCR\AppId\AMNotifier.EXE
    HKCR\AppId\AMNotifier.EXE#AppID
    HKCR\AppId\MPAgent.DLL
    HKCR\AppId\MPAgent.DLL#AppID
    HKCR\AMNotifier.HUBAWindow
    HKCR\AMNotifier.HUBAWindow\CLSID
    HKCR\AMNotifier.HUBAWindow\CurVer
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}#AppID
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\LocalServer32
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\ProgID
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\Programmable
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\TypeLib
    HKCR\CLSID\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}\VersionIndependentProgID
    HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}
    HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0
    HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0
    HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\0\win32
    HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\FLAGS
    HKCR\TypeLib\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}\1.0\HELPDIR

Trojan.Error Safe Free
    HKLM\Software\Error Safe Free
    HKLM\Software\Error Safe Free#EulUERSK_0001_N68M2202

Registry Cleaner Trial
    HKCR\Install.Install
    HKCR\Install.Install\CLSID
    HKCR\Install.Install\CurVer
    HKCR\Install.Install.1
    HKCR\Install.Install.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [
]

Adware.HotBar/ShopperReports (Low Risk)
    HKU\.DEFAULT\Software\ShopperReports
    HKU\S-1-5-18\Software\ShopperReports

Malware.LocusSoftware Inc/BestSellerAntivirus
    HKLM\Software\AVSystemCare
    HKLM\Software\AVSystemCare#EulaUGA6PK_0001_N122M0211

Malware.LocusSoftware Inc/PCPrivacyTool
    HKLM\Software\Purchased Products
    HKLM\Software\Purchased Products\System Error Repair
    HKLM\Software\Purchased Products\System Error Repair#domain
    HKLM\Software\Purchased Products\System Error Repair#pname
    HKLM\Software\Purchased Products\System Error Repair#cname

Malware.LocusSoftware Inc/ErrClean
    C:\DOCUMENTS AND SETTINGS\KAJ HENDRIKSEN\LOKALE INDSTILLINGER\TEMP\UPDATER.EXE

Adware.Vundo-Variant
    C:\WINDOWS\SYSTEM32\ARJGVAJC.DLL
    C:\WINDOWS\SYSTEM32\AWTQO.DLL
    C:\WINDOWS\SYSTEM32\CSNPPWKH.DLL
    C:\WINDOWS\SYSTEM32\EYNPROSE.DLL
    C:\WINDOWS\SYSTEM32\FAYPDWQC.DLL
    C:\WINDOWS\SYSTEM32\GDVNVBLF.DLL
    C:\WINDOWS\SYSTEM32\GRTOVQHG.DLL
    C:\WINDOWS\SYSTEM32\LNHKYWNL.DLL
    C:\WINDOWS\SYSTEM32\ORPTHLDH.DLL
    C:\WINDOWS\SYSTEM32\OUBFSLHI.DLL
    C:\WINDOWS\SYSTEM32\OVFANGHH.DLL
    C:\WINDOWS\SYSTEM32\PMKJJ.DLL
    C:\WINDOWS\SYSTEM32\QIOVPMNP.DLL
    C:\WINDOWS\SYSTEM32\RWBNUCTQ.DLL
    C:\WINDOWS\SYSTEM32\SGCYIPGX.DLL
    C:\WINDOWS\SYSTEM32\SSQRR.DLL
    C:\WINDOWS\SYSTEM32\SUOCCPKC.DLL
    C:\WINDOWS\SYSTEM32\TDUGHUJP.DLL
    C:\WINDOWS\SYSTEM32\XULTKJHL.DLL

Adware.Vundo-Variant/Small-A
    C:\WINDOWS\SYSTEM32\AUHRFVFN.DLL
    C:\WINDOWS\SYSTEM32\BCSNGXPN.DLL
    C:\WINDOWS\SYSTEM32\BPVYFHWD.DLL
    C:\WINDOWS\SYSTEM32\EFRHIGVC.DLL
    C:\WINDOWS\SYSTEM32\GXHDOLMP.DLL
    C:\WINDOWS\SYSTEM32\LBUQRJQH.DLL
    C:\WINDOWS\SYSTEM32\MUBKSHJY.DLL
    C:\WINDOWS\SYSTEM32\NDHHJNXP.DLL
    C:\WINDOWS\SYSTEM32\NIFFDBJX.DLL
    C:\WINDOWS\SYSTEM32\NIQDIIIM.DLL
    C:\WINDOWS\SYSTEM32\NNWXQVBV.DLL
    C:\WINDOWS\SYSTEM32\NTJVYSYV.DLL
    C:\WINDOWS\SYSTEM32\NVAEUXWK.DLL
    C:\WINDOWS\SYSTEM32\OFFMEWSG.DLL
    C:\WINDOWS\SYSTEM32\QDCQRNNW.DLL
    C:\WINDOWS\SYSTEM32\QRNGHUIC.DLL
    C:\WINDOWS\SYSTEM32\RBMBDMKM.DLL
    C:\WINDOWS\SYSTEM32\RDQYMVJU.DLL
    C:\WINDOWS\SYSTEM32\RLHJIWUJ.DLL
    C:\WINDOWS\SYSTEM32\RQBKFYBP.DLL
    C:\WINDOWS\SYSTEM32\RXOMGCSK.DLL
    C:\WINDOWS\SYSTEM32\SFDMSTEP.DLL
    C:\WINDOWS\SYSTEM32\UPMCFBJM.DLL
    C:\WINDOWS\SYSTEM32\URNSTCKO.DLL
    C:\WINDOWS\SYSTEM32\VHOGEGDU.DLL
    C:\WINDOWS\SYSTEM32\WQHFAYYM.DLL
    C:\WINDOWS\SYSTEM32\XDRMPEDN.DLL
    C:\WINDOWS\SYSTEM32\XOISCROA.DLL
    C:\WINDOWS\SYSTEM32\XYNUATKS.DLL
    C:\WINDOWS\SYSTEM32\YOMHWDKE.DLL

Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\AYADD.BAK1
    C:\WINDOWS\SYSTEM32\AYADD.INI
    C:\WINDOWS\SYSTEM32\AYCDD.BAK1
    C:\WINDOWS\SYSTEM32\AYCDD.INI
    C:\WINDOWS\SYSTEM32\BBEEG.BAK1
    C:\WINDOWS\SYSTEM32\BBEEG.INI
    C:\WINDOWS\SYSTEM32\BCBEG.BAK1
    C:\WINDOWS\SYSTEM32\BCBEG.INI
    C:\WINDOWS\SYSTEM32\CFHKJ.BAK1
    C:\WINDOWS\SYSTEM32\CFHKJ.BAK2
    C:\WINDOWS\SYSTEM32\CFHKJ.INI
    C:\WINDOWS\SYSTEM32\DFHKJ.BAK1
    C:\WINDOWS\SYSTEM32\EFHKJ.INI
    C:\WINDOWS\SYSTEM32\HHKMP.BAK1
    C:\WINDOWS\SYSTEM32\HHKMP.INI
    C:\WINDOWS\SYSTEM32\MPQSS.INI
    C:\WINDOWS\SYSTEM32\OQTWA.BAK1
    C:\WINDOWS\SYSTEM32\OQTWA.INI
    C:\WINDOWS\SYSTEM32\VVVWA.BAK1
    C:\WINDOWS\SYSTEM32\XBADD.BAK1

             
              Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:46, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\FLLESF~1\SIKKER~1\cookw.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FLLESF~1\SIKKER~1\cookw.exe" -start
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M2611] "c:\documents and settings\kaj hendriksen\application data\setup_dk[1].exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [License Manager] "C:\Programmer\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows DNS Daemon] windnsd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows DNS Daemon] windnsd.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb047YYDK_ZZzebXXX
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 5337 bytes

BINGO - der blev fundet OG ædt en del 'utøj' !!!

Rester ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Programmer\Fælles filer\Symantec Shared
c:\documents and settings\kaj hendriksen\application data\setup_dk[1].exe
C:\WINDOWS\system32\__c0046389.dat
C:\Documents and Settings\Kaj Hendriksen\Application Data\systemerrorrepairinstallfull_dk[1].exe
C:\WINDOWS\{5C84FA73-7FBD-4AE5-AD17-95F95C505859}.dat
C:\WINDOWS\{C4FA9260-E98D-4D3A-850B-25D323B81796}.dat
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\{7CE45DF4-25FD-4E9E-A03C-1B439C11AA89}.dat
C:\WINDOWS\system32\{80AA4F38-761B-477F-934F-528878128D55}.dat

Folders to delete:
C:\PROGRA~1\MYWEBS~1\
C:\PROGRA~1\FLLESF~1\SIKKER~1\
~~~~~~~~~~~~~~~~~~

--- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cookw] "C:\PROGRA~1\FLLESF~1\SIKKER~1\cookw.exe" -start
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M2611] "c:\documents and settings\kaj hendriksen\application data\setup_dk[1].exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [License Manager] "C:\Programmer\License_Manager\license_manager.exe " /silent
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows DNS Daemon] windnsd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows DNS Daemon] windnsd.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb047YYDK_ZZzebXXX
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0046389.dat

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

---------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Det har jeg så gjort..

Disse 3 kunne jeg ikke finde...

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0046389.dat
......................................................................................
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: "C:\Programmer\Fælles filer\Symantec Shared" is a folder, not a file!
Deletion of file "C:\Programmer\Fælles filer\Symantec Shared" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
  --> use "Folders to delete:" instead of "Files to delete:" to delete a directory

File "c:\documents and settings\kaj hendriksen\application data\setup_dk[1].exe" deleted successfully.

Error:  file "C:\WINDOWS\system32\__c0046389.dat" not found!
Deletion of file "C:\WINDOWS\system32\__c0046389.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\Documents and Settings\Kaj Hendriksen\Application Data\systemerrorrepairinstallfull_dk[1].exe" deleted successfully.
File "C:\WINDOWS\{5C84FA73-7FBD-4AE5-AD17-95F95C505859}.dat" deleted successfully.
File "C:\WINDOWS\{C4FA9260-E98D-4D3A-850B-25D323B81796}.dat" deleted successfully.
File "C:\WINDOWS\system32\efhkj.bak1" deleted successfully.
File "C:\WINDOWS\system32\efhkj.bak2" deleted successfully.
File "C:\WINDOWS\system32\fgjlm.bak1" deleted successfully.
File "C:\WINDOWS\system32\jjkmp.bak1" deleted successfully.
File "C:\WINDOWS\system32\mpqss.bak1" deleted successfully.
File "C:\WINDOWS\system32\qrqss.bak1" deleted successfully.
File "C:\WINDOWS\system32\qrqss.bak2" deleted successfully.
File "C:\WINDOWS\system32\utstv.bak1" deleted successfully.
File "C:\WINDOWS\system32\wvvwa.bak1" deleted successfully.
File "C:\WINDOWS\system32\{7CE45DF4-25FD-4E9E-A03C-1B439C11AA89}.dat" deleted successfully.
File "C:\WINDOWS\system32\{80AA4F38-761B-477F-934F-528878128D55}.dat" deleted successfully.

Error:  folder "C:\PROGRA~1\MYWEBS~1" not found!
Deletion of folder "C:\PROGRA~1\MYWEBS~1" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\PROGRA~1\FLLESF~1\SIKKER~1" deleted successfully.

Error:  folder "~~~~~~~~~~~~~~~~~~" not found!
Deletion of folder "~~~~~~~~~~~~~~~~~~" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:36, on 26-03-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 4325 bytes

Så er du ved at være i hus - hvordan kører PC'en så nu ?

Den kører bare rigtig godt,han skulle såmænd bare have reindstalleret sit lydkort.??
Vi lagde ud med ewido, så CCleaner derefter Dr.Web, så tog du over...Er du tosset der var meget snavs..
Mange tak for hjælpen...
Et svar tak.

"... 5 årige tjek ..." - tihi ...
---------------------

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Husk også komplet WindowsUpdate http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da

Synes heller ikke at kunne spore noget sikkerhedsprogram ???
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

(Der _har_ jo været Symantec/Norton's pakke på engang)

Norton kommer på igen, han havde installeret så mange versioner, så jeg har slettet dem, og alt muligt andet.Nu bliver det Updateret igen. Vil da med detsamme kigge på de sider du anbf, endnu engang mange tak for hjælpen.
lars