HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 20:53:06, on 09-06-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\wuampkd.exe
C:\WINDOWS\System32\wupaderees.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\secsvc.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http:\\signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmer\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmer\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmer\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\Run: [Microsoft DDEs Control] wupaderees.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebgs32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [System Event Manager] secsvc.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\RunServices: [Microsoft DDEs Control] wupaderees.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://192.168.1.6/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

tjekker den nu

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Ewido skal du downloade her: http://www.ewido.net/en/download/ ( Vi skal bruge den senere)
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet.

-----------------------

Du skal nu til at i gang med at fixe:

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.
Dobbelttjek, så alt kommer med.


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll

O4 - HKLM\..\Run: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\Run: [Microsoft DDEs Control] wupaderees.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebgs32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [System Event Manager] secsvc.exe
O4 - HKLM\..\RunServices: [Mircosoft Update] wuampkd.exe
O4 - HKLM\..\RunServices: [Microsoft DDEs Control] wupaderees.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab



--------------------------------------------------------------------

Åbn en tilfældig mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

------------------------------

Hent denne bats fil og kør den :
http://www.spywareinfo.dk/download/cleantempxp2k.bat
den sletter alt i din temp mappe.

------------------------------

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)
Find og slet disse manuelt :

C:\WINDOWS\EliteToolBar<-hele mappen
C:\Program Files\Media Access<-hele mappen
C:\windows\system32\elitebgs32.exe

-----------------------------

Stadig i fejlsikret:
Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------

Stadig i fejlsikret:
Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Så genstarter du computeren normalt og laver en ny hijackthis log, som du lægger herind sammen med reporten fra Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            07:10:03, 10-06-2005
+ Report-Checksum:        6D984103

+ Date of database:        09-06-2005
+ Version of scan engine:    v3.0

+ Duration:                18 min
+ Scanned Files:            52724
+ Speed:                48.59 Files/Second
+ Infected files:            38
+ Removed files:            38
+ Files put in quarantine:        38
+ Files that could not be opened:    0
+ Files that could not be cleaned:    0

+ Binder:        Yes
+ Crypter:        Yes
+ Archives:        Yes

+ Scanned items:
    C:\

+ Scan result:
    C:\Documents and Settings\moho\Cookies\moho@52412438[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@adsremote.scripps[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@ehg-randomhouse.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@myway[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@travelinn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@whitbread[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Cookies\moho@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Lokale indstillinger\Temp\Cookies\moho@myway[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\Documents and Settings\moho\Lokale indstillinger\Temporary Internet Files\Content.IE5\YQRATC4W\MediaAccess[1].exe -> Spyware.WinAD -> Cleaned with backup
    C:\Documents and Settings\moho\Skrivebord\backups\backup-20050321-200356-584.dll -> Backdoor.Generic -> Cleaned with backup
    C:\Documents and Settings\moho\Skrivebord\backups\backup-20050609-220520-964.dll -> Spyware.WinAD -> Cleaned with backup
    C:\Program Files\Preview AdService\PrevAdComm.dll -> Spyware.WinAD.ab -> Cleaned with backup
    C:\Program Files\Preview AdService\PrevAdKeep.exe -> Spyware.WinAD.ab -> Cleaned with backup
    C:\RECYCLER\S-1-5-21-1659004503-1202660629-854245398-1003\Dc18.exe.mwt -> Backdoor.Small.eo -> Cleaned with backup
    C:\Temp\sahagent-cdt1004.exe -> Spyware.Sahat.m -> Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\N833XDZL\silent_install[1].exe -> Spyware.EliteBar.z -> Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\SHSNWCNH\silent_install[1].exe -> Spyware.EliteBar.z -> Cleaned with backup
    C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
    C:\WINDOWS\system32\MsConf.exe.mwt -> Backdoor.Rbot -> Cleaned with backup
    C:\WINDOWS\system32\ServicesMsDos.exe.mwt -> Backdoor.Wootbot -> Cleaned with backup
    C:\WINDOWS\system32\uhcjvk.exe.mwt -> Backdoor.Rbot -> Cleaned with backup
    C:\WINDOWS\system32\winmgr.exe.mwt -> Backdoor.Rbot -> Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 07:13:23, on 10-06-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe
C:\Documents and Settings\moho\Skrivebord\hijackthis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUALL.EXE
C:\WINDOWS\System32\hpoipm07.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http:\\signon.stofanet.dk/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmer\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmer\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmer\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Programmer\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HP OfficeJet T Series Startup.lnk = C:\Programmer\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SonicWALL VPN Client.lnk = C:\Programmer\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://192.168.1.6/Citrix/ICAWEB/en/ica32/wficac.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ekstern kommando til iSeries Access til Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Programmer\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

Tak for hjælpen, fantastisk service!!