explorer fejl

Velkommen til E. ...

Under hvilket system:
Win98, ME, W2000, XP, Vista, Win7, OS/2, Unix, Linux, ... ?

Er det sket 'pludseligt' ?

det er pludselig sket under gangske alm brug a internet søgning facebook m.m

det er xp der bruges

... men kan du komme igang ?

ik helt klar over hvad du mener men kan starte com op som normal og bruge og opdateree alle programmer den vil bare ik åbne explorer så skiver den bare siden kunne ik vises

Nåååå - det er INTERNET EXPLORER du mener !!!

Hvilken version af IE ?

jah det var en lige en vigtig detalje jeg havde gelmt men det er 8.0 mener jeg den hedder

Hent Dial-a-fix på dette link, og gem det på skrivebordet.

Direkte link
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip

Sæt flueben i følgende, og klik herefter på "GO". Genstart og check om det har hjulpet:
Explorer/IE/OE/shell/WMP

nej har ik hjælpet den skriver stadig samme fejl ved opstart a windows og skiver siden kan ik findes når man vil på nettet

programmet kommer os med en error 127 og skriver at det ik er den version jeg har men kan jeg bare ik forstå...

SYSTEMGENDANNELSE X dage bagud !!

kan jeg ik få lov til har forsøgt har på fornemmelse at den har en virus i internet fuktionen men har også over vejet at formatere eller reparer installere men så forsvinder alt på computeren vel både home bank samt digital signatur?

Du kan vælge at gennemføre nævnte
* SYSTEMGENDANNELSE
eller
* 100% Geninstalation (der nok vil tage +8 timer samt problemet med home bank samt digital signatur og meget andet...

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

------------------

Ovenstående programmer skal du sansynligvis hente/downloade via en anden PC; overfør til passende andet medie (USB memorystick ell. lign.); og DERFRA køre/installere programmerne på den 'syge' PC ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:35, on 11-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programmer\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Programmer\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wuauclt.exe
G:\Ny mappe\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Programmer\Free_Lunch_Design\tbFre0.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Programmer\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programmer\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {4FCAD9A7-F34E-4192-BA99-2F0EB1EE22E6} - c:\windows\system32\dlo2f.dll (file missing)
O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Programmer\Free_Lunch_Design\tbFre0.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Programmer\Free_Lunch_Design\tbFre0.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmer\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] -
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={52805F26-7F2D-4AB0-BBFC-1AB6ECC7EFA6}; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)" -"http://www.gratisspil.dk/onlineGame/games/play.php?id=2586"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: auditusr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Programmer\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Programmer\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.portalbank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c337.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/da/uno1/GAME_UNO1.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - (no file)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - (no file)
O23 - Service: Google Update Service (gupdate1c9a97aed02347e) (gupdate1c9a97aed02347e) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - (no file)

Yffer Pyffer !!!

---

Afinstall
* Free Lunch Design Toolbar
* SweetIM
* Yahoo! Toolbar
* ShoppingReport
* Ask Toolbar
* Logitech Desktop Messenger (Eller bruger du et SPECIELT LogiTech tastatur meed 'infotekst'?)
*

---

Desuden 'rester' fra Symantec/Norton ->
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Hent programmet og gem det et sted du kan finde bagefter. Og DERFRA kør det og følg guiden...

---

Der VIL være 'noget' snavs ka' jeg se allerede nu !!!
Det vil jeg lade MalwareBytes om at tage sig af!
... og loggen fra MalwareBytes ?

---

Og en frisk log fra HiJackThis EFTER overstående...

---

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4595

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11-09-2010 23:36:06
mbam-log-2010-09-11 (23-36-06).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 42068
Tid gået: 28 minut(ter), 2 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 9
Registreringsdatabaseværdier Inficeret: 8
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 2

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{386a771c-e96a-421f-8ba7-32f1b706892f} (Adware.ISTBar) -> Quarantined and deleted successfully.

Registreringsdatabaseværdier Inficeret:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\googlemaps.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\googlemaps.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\googlemaps.exe\googlemaps.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\KB\Menuen Start\Programmer\Start\auditusr.exe (Trojan.Dropper) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:31, on 11-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\Programmer\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
G:\Ny mappe\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {4FCAD9A7-F34E-4192-BA99-2F0EB1EE22E6} - c:\windows\system32\dlo2f.dll (file missing)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={52805F26-7F2D-4AB0-BBFC-1AB6ECC7EFA6}; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)" -"http://www.gratisspil.dk/onlineGame/games/play.php?id=2586"
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [googlemaps.exe] C:\googlemaps.exe\googlemaps.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.portalbank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c337.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/da/uno1/GAME_UNO1.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/diamond.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9a97aed02347e) (gupdate1c9a97aed02347e) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10110 bytes

vil tilmed sige fejlen kommer ikke mere når jeg starter computeren op og kommer til skrive bordet men kan stadig ikke komme på nettet...

Afinstall
* Free Lunch Design Toolbar
* SweetIM
* Yahoo! Toolbar
* ShoppingReport
* Ask Toolbar
* Logitech Desktop Messenger (Eller bruger du et SPECIELT LogiTech tastatur meed 'infotekst'?)

---

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe

O2 - BHO: (no name) - {4FCAD9A7-F34E-4192-BA99-2F0EB1EE22E6} - c:\windows\system32\dlo2f.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BrowserChoice] "C:\WINDOWS\system32\browserchoice.exe" /run
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\cfdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [googlemaps.exe] C:\googlemaps.exe\googlemaps.exe (User 'LOKAL TJENESTE')

Genstart normalt...

-------

(Der er mere 'oprydninng', men det senerer...)

de nævnte finler som du siger jeg skal slette kan jeg ik få lov til eller finde sweetim vil online for at slette den og det kan jeg jo ik :-) men resten er gjord af det du nævner

filerne jeg skulle fixe er der stadigvæk men ved ik om det os er meningen?

#20 - Brug evt. http://www.revouninstaller.com/revo_uninstaller_free_download.html (hentet fra en anden PC) til at afinstall.
Burde ikke skulle være 'online' for at afinstall et program ???

Ellers napper vi dem senere...

#21 - ikke helt forstået ?

---

Her er en anden 'pakke' ->

Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

det kaan godt passe den scan med (banan) tager lang tid ik?

ComboFix 10-09-11.03 - KB 12-09-2010  15:12:41.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.1023.452 [GMT 2:00]
Kører fra: g:\ny mappe\banan.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpeF1C.dll
c:\documents and settings\KB\Lokale indstillinger\Application Data\Windows Server
c:\documents and settings\KB\Lokale indstillinger\Application Data\Windows Server\admin.txt
c:\documents and settings\KB\Lokale indstillinger\Application Data\Windows Server\server.dat
C:\googlemaps.exe
c:\googlemaps.exe\config.bin
c:\programmer\ErrorSmart
c:\programmer\screensavers.com
c:\programmer\screensavers.com\Installer\bin\siuninst.exe
c:\windows\cfdrive32.exe
c:\windows\daemon.dll
c:\windows\system32\dlo2F.dll
c:\windows\system32\dlo2F.tmp
c:\windows\system32\drivers\didpveon.sys
c:\windows\system32\drivers\gpjrdlen.sys
c:\windows\system32\rgzbb.dll
c:\windows\system32\winrtsnr.txt
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll.cla
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GLKKGCLY
-------\Legacy_GPJRDLEN
-------\Legacy_SSHNAS
-------\Service_glkkgcly
-------\Service_gpjrdlen
-------\Service_SSHNAS


(((((((((((((((((((((((((((((  Filer skabt fra 2010-08-12 til 2010-09-12  )))))))))))))))))))))))))))))))))))
.

2010-09-12 11:48 . 2010-09-12 11:48    --------    d-----w-    c:\programmer\VS Revo Group
2010-09-11 21:06 . 2010-09-11 21:06    --------    d-----w-    c:\documents and settings\KB\Application Data\Malwarebytes
2010-09-11 21:06 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 21:06 . 2010-09-11 21:06    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-09-11 21:06 . 2010-09-11 21:06    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-11 21:06 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-11 19:11 . 2010-09-11 19:11    --------    d-----w-    c:\programmer\CCleaner
2010-09-11 14:36 . 2010-09-11 14:36    --------    dc----w-    c:\documents and settings\All Users\Application Data\{437292BE-95BD-4B12-B699-6D217A03ACAF}
2010-09-11 14:23 . 2010-09-11 14:23    --------    d-----w-    c:\documents and settings\KB\Lokale indstillinger\Application Data\Threat Expert
2010-09-11 13:48 . 2010-09-11 14:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\PC Tools
2010-09-11 13:30 . 2008-04-14 15:05    116224    -c--a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2010-09-11 13:30 . 2001-10-04 15:07    23040    -c--a-w-    c:\windows\system32\dllcache\xrxwbtmp.dll
2010-09-11 13:30 . 2008-04-14 15:05    18944    -c--a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2010-09-11 13:30 . 2001-10-04 15:07    27648    -c--a-w-    c:\windows\system32\dllcache\xrxftplt.exe
2010-09-11 13:30 . 2001-10-04 15:07    4608    -c--a-w-    c:\windows\system32\dllcache\xrxflnch.exe
2010-09-11 13:30 . 2001-08-18 04:37    99865    -c--a-w-    c:\windows\system32\dllcache\xlog.exe
2010-09-11 13:30 . 2001-08-17 18:11    16970    -c--a-w-    c:\windows\system32\dllcache\xem336n5.sys
2010-09-11 13:30 . 2004-08-04 04:29    19455    -c--a-w-    c:\windows\system32\dllcache\wvchntxx.sys
2010-09-11 13:28 . 2001-08-17 19:28    113762    -c--a-w-    c:\windows\system32\dllcache\usrpda.sys
2010-09-11 13:27 . 2001-10-04 15:07    24660    -c--a-w-    c:\windows\system32\dllcache\spxupchk.dll
2010-09-11 13:26 . 2001-10-04 15:06    495616    -c--a-w-    c:\windows\system32\dllcache\sblfx.dll
2010-09-11 13:25 . 2001-08-17 20:07    19840    -c--a-w-    c:\windows\system32\dllcache\philtune.sys
2010-09-11 13:24 . 2001-08-17 18:50    103296    -c--a-w-    c:\windows\system32\dllcache\mtxvideo.sys
2010-09-11 13:23 . 2001-08-17 19:53    4992    -c--a-w-    c:\windows\system32\dllcache\loop.sys
2010-09-11 13:22 . 2001-10-04 15:07    372824    -c--a-w-    c:\windows\system32\dllcache\iconf32.dll
2010-09-11 13:21 . 2001-10-04 15:07    68608    -c--a-w-    c:\windows\system32\dllcache\hpgt53tk.dll
2010-09-11 13:20 . 2001-08-17 18:10    19996    -c--a-w-    c:\windows\system32\dllcache\em556n4.sys
2010-09-11 13:19 . 2001-10-04 15:07    27648    -c--a-w-    c:\windows\system32\dllcache\cyzcoins.dll
2010-09-11 13:18 . 2001-08-17 19:52    7680    -c--a-w-    c:\windows\system32\dllcache\cd20xrnt.sys
2010-09-11 13:17 . 2001-10-04 14:32    39680    -c--a-w-    c:\windows\system32\dllcache\brparwdm.sys
2010-09-11 13:16 . 2001-08-17 20:07    101888    -c--a-w-    c:\windows\system32\dllcache\adpu160m.sys
2010-09-11 13:04 . 2004-08-04 04:31    20992    -c--a-w-    c:\windows\system32\dllcache\rtl8139.sys
2010-09-11 13:04 . 2004-08-04 04:31    20992    ----a-w-    c:\windows\system32\drivers\RTL8139.sys
2010-09-11 11:52 . 2010-09-11 11:52    --------    d-----w-    c:\windows\system32\wbem\Repository
2010-09-07 11:14 . 2010-09-11 06:08    --------    d-----w-    c:\documents and settings\KB\Lokale indstillinger\Application Data\vryyyfmct
2010-09-07 11:14 . 2010-09-07 11:14    --------    d-----w-    c:\documents and settings\KB\Application Data\9420B89BA105A7EFEE6ECAA9C4871986
2010-09-06 17:32 . 2010-09-11 06:04    --------    d-sh--r-    c:\documents and settings\KB\Application Data\S-2535-6853-2745

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 21:48 . 2003-04-25 12:00    515878    ----a-w-    c:\windows\system32\perfh006.dat
2010-09-11 21:48 . 2003-04-25 12:00    103454    ----a-w-    c:\windows\system32\perfc006.dat
2010-09-11 21:03 . 2005-01-06 15:51    --------    d--h--w-    c:\programmer\InstallShield Installation Information
2010-09-11 21:03 . 2005-01-06 15:51    --------    d-----w-    c:\programmer\Logitech
2010-09-11 21:00 . 2005-01-05 23:50    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2010-09-11 14:31 . 2010-02-20 09:40    --------    d---a-w-    c:\documents and settings\All Users\Application Data\TEMP
2010-09-11 14:27 . 2009-08-30 16:03    --------    d-----w-    c:\documents and settings\All Users\Application Data\Norton
2010-09-11 14:27 . 2008-09-15 15:47    --------    d-----w-    c:\programmer\Norton Security Scan
2010-09-11 14:25 . 2006-11-30 19:21    --------    d-----w-    c:\programmer\Google
2010-09-11 13:55 . 2010-09-11 13:54    716236    ----a-w-    c:\windows\system32\drivers\Cat.DB
2010-09-11 13:49 . 2010-09-11 13:48    76704960    ----a-w-    c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-11 10:37 . 2006-02-16 16:31    --------    d-----w-    c:\documents and settings\KB\Application Data\MSN6
2010-09-11 09:29 . 2008-11-14 21:36    --------    d-----w-    c:\programmer\Steam
2010-09-11 06:18 . 2009-11-16 20:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg9
2010-09-02 16:52 . 2008-11-09 12:10    0    ----a-w-    c:\documents and settings\KB\temp.dat
2010-07-17 09:26 . 2009-03-22 07:25    243024    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2010-07-17 09:26 . 2010-07-17 09:26    12536    ----a-w-    c:\windows\system32\avgrsstx.dll
2010-07-17 09:25 . 2008-06-20 14:26    216400    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:32 . 2001-10-09 13:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2004-08-23 17:14    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2001-10-09 13:00    1851904    ----a-w-    c:\windows\system32\win32k.sys
2010-06-23 05:28 . 2010-06-23 05:28    501936    ----a-w-    c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb7C.tmp.exe
2010-06-21 15:27 . 2001-10-09 13:00    354304    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-06-20 16:36 . 2009-07-30 15:05    63488    ----a-w-    c:\windows\xobglu16.dll
2010-06-20 16:36 . 2009-07-30 15:05    23552    ----a-w-    c:\windows\xobglu32.dll
2010-06-17 14:03 . 2001-10-09 13:00    80384    ----a-w-    c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-01-05 23:34    744448    ----a-w-    c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4FCAD9A7-F34E-4192-BA99-2F0EB1EE22E6}]
2001-10-09 13:00    739328    ----a-w-    c:\windows\system32\dlo2f.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:12    1119488    ----a-w-    c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{4FCAD9A7-F34E-4192-BA99-2F0EB1EE22E6}"
[HKEY_CLASSES_ROOT\CLSID\{4FCAD9A7-F34E-4192-BA99-2F0EB1EE22E6}]
2001-10-09 13:00    739328    ----a-w-    c:\windows\system32\dlo2f.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 09:26    12536    ----a-w-    c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Sports Interactive\\Football Manager 2005\\fm2005.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\LimeWire\\LimeWire.exe"=
"c:\\Programmer\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmer\\Steam\\steamapps\\common\\football manager 2009\\fm.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmer\\Steam\\steamapps\\common\\football manager 2010\\fm.exe"=

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [13-05-2005 17:00 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [13-05-2005 17:00 5632]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [01-08-2003 15:47 29239]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-06-2008 16:26 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22-03-2009 09:25 243024]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [06-07-2004 18:06 188416]
R2 avg9wd;AVG Free WatchDog;c:\programmer\AVG\AVG9\avgwdsvc.exe [17-07-2010 11:26 308136]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [04-02-2010 19:52 90112]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03-08-2004 12:10 62976]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [04-02-2010 19:54 27632]
S2 gupdate1c9a97aed02347e;Google Update Service (gupdate1c9a97aed02347e);c:\programmer\Google\Update\GoogleUpdate.exe [20-03-2009 18:42 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [01-06-2009 09:27 13224]
S3 SCPMPR5;SCPMPR5 NDIS Protocol Driver;\??\d:\scpmpr5.sys --> d:\SCPMPR5.SYS [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [04-08-2004 07:41 129535]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programmer\Microsoft SQL Server\100\Shared\sqladhlp.exe [11-07-2008 02:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10-07-2008 03:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmer\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11-07-2008 02:28 369688]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - GPJRDLEN
*Deregistered* - gpjrdlen
.
Indhold af mappen 'Planlagte Opgaver'

2010-07-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-03-20 16:42]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-03-20 16:42]

2010-09-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: danid.dk
Trusted Zone: portalbank.dk\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} - hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
.
- - - - TOMME GENVEJE FJERNET - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\programmer\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\programmer\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-12 15:24
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CA70E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7680f28
\Driver\ACPI -> ACPI.sys @ 0xf75c1cb8
\Driver\atapi -> 0x86ca70e8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: VIA-kompatibel Fast Ethernet-netværkskort -> SendCompleteHandler -> NDIS.sys @ 0xf7407bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7414a21
SendHandler -> NDIS.sys @ 0xf73f287b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\dlo2f.dll

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\dlo2f.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\AVG\AVG9\avgchsvx.exe
c:\programmer\AVG\AVG9\avgrsx.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmer\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\programmer\AVG\AVG9\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-12  15:29:38 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-09-12 13:29

Pre-Kørsel: 48.206.753.792 byte ledig
Post-Kørsel: 49.082.396.672 byte ledig

- - End Of File - - 38442D9B92EFB600586D5E77D752A092

vil lige infomere om at det tog lang tid med det program og den er online på nettet igen nu :-)

Bingo (delvist) ...
Joooo - det undrer mig ikke *S* ...

Prøv lige igen afinstallationen som beskrevet i #19 ...

Ellers må vi nappen dem manuelt...

En frisk log fra HiJackThis derefter...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:50, on 12-09-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Programmer\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\KB\Lokale indstillinger\Temporary Internet Files\Content.IE5\J74S923U\wlsetup-web[1].exe
G:\Ny mappe\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG9\avgssie.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A26C4DEB-8605-486C-9F4D-462E7CD96715} - c:\windows\system32\dlo2f.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={52805F26-7F2D-4AB0-BBFC-1AB6ECC7EFA6}; GTB6.5; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)" -"http://www.gratisspil.dk/onlineGame/games/play.php?id=2586"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: www.portalbank.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/da/uno1/GAME_UNO1.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} (Util Class) - https://danid.dk/csp/authenticode/csp.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9a97aed02347e) (gupdate1c9a97aed02347e) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8717 bytes

Nøøøøj - nydeligt *S* ...

Afinstall
* Bonjour-tjeneste
* Google Update
* (iPod Service) (Eller HAR du netop en iPod, som du opdatere via PC'en ?)

Genstart normalt...

---

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A26C4DEB-8605-486C-9F4D-462E7CD96715} - c:\windows\system32\dlo2f.dll (file missing)

O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

Genstart normalt...

---

Ta' en oprydning med CCleaner... [Renser] + [Register]

---

Check hos WondowsUpdate om du har alt med ...

---

Hvordan kører PC'en så nu ?

køre fint kan dog ik få lov at installere msn

... få lov til ?

Vi snakker om -> http://explore.live.com/windows-live-messenger?os=other ?

jah den den skriver flere fejl ved instalitionen og skriver man skal prøve igen dette hjælper dog eller ik

og windows  er fuld opdateret

kan open bart slet ik installere noget ville installere avg os vil den eller ik kommer med fejl

Sæt Windows cd'en i drevet > når den popper-op så luk den ned oppe i det røde X i højre hjørne.
Gå i Start > Kør > Skriv: sfc /scannow - bemærk mellemrummet efter sfc > Tryk OK
Der kommer en bjælke så længe scanningen køre - og når den er færdig forsvinder den igen og du får ikke andre meldinger.
Genstart...

gjord men kommer stadig med en fejl på avg

installation af msvc redistributables mislykkedes instalitationen kan ik forsætte....

tror jeg har løst det nu håber jeg---

... Hvad er/var så pointen ?

noger fra en tidliger opdatering den manglede i windows men den er blevet sløv i opstarten inden skrive bordet er klar men kommer efter et par minuter så kører den fint...

Ping...
(Dette er så et [svar] fra mig ...)

* Oprydning med CCleaner
* Opret et FRISK SYSTEMGENDANNELSESPUNKT -> http://spywareinfo.dk/index.htm#/tip-og-tricks/opret_et_systemgendannelsespunkt.htm
* CCleaner - værktøjer - Systemgendannelse - Slet de gamle punkter
* Defragmentering

j nu har jeg kørt med den et par dage og køre ok nu så vil da sige mange tusinde tak for hjælpen

Husk at acceptere svaret fra karise_larry, så er spørgsmålet rigtig lukket.  :-)

lukket nu måske

Nej, du skal ikke selv sende som "Svar", det er tiltænkt pointgivning/løsning.

Du lukker spørgsmålet ved at sætte flueben i "Accepter dette svar" ud for svaret fra karise_larry, og klikke på "Accepter svar og afgiv point" nederst.

Altsammen beskrevet i FAQ'en: http://www.eksperten.dk/faq