Fjernelse af virus og spyware

Tjekker den nu

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

----------------------

Hent Aboutbuster:
http://www.malwarebytes.biz/AboutBuster.zip
(pak Aboutbuster ud til sin egen mappe på Skrivebordet).

Hent cwsserviceremove.reg her:
http://www.fbeej.dk/Programmer/cwsserviceremove.zip
(pak cwsserviceremove.zip ud til Skrivebordet)

Under dette fix, må du ikke have Internet Explorer åben, så det bedste er at printe instruktionen ud - næstbedst at kopiere den over i Notepad, så du kan læse den derfra.

For at kunne se alle filer:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Genstart i Fejlsikret tilstand, ved at taste F8 under opstart og vælge Fejlsikret tilstand.

Gå i Start -> Kør og skriv Services.msc

Se om du kan finde én af disse services:

Workstation NetLogon Service
Network Security Service
Remote Procedure Call (RPC) Helper
Remote Access Service

...på listen. Hvis du finder én af dem - Højreklik på den og vælg Egenskaber - klik på "Stop" og vælg Starttype "Deaktiveret" - klik Anvend og OK. Luk service vinduet.

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pcwev.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1047

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {0B58BEF4-C0D5-53BA-4F75-D23E40367540} - C:\WINDOWS\atlcv32.dll
O2 - BHO: Class - {F11B9CF2-346E-5C49-C7D9-CC9AC39627B2} - C:\WINDOWS\system32\mfcxk32.dll

O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteuzf32.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmer\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [netrk32.exe] C:\WINDOWS\system32\netrk32.exe
O4 - HKLM\..\Run: [NAVNet] "C:\DOCUME~1\Thomas_R\LOKALE~1\Temp\95B.tmp" /m
O4 - HKLM\..\Run: [AntivirusGold] C:\Programmer\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\RunOnce: [d3or.exe] C:\WINDOWS\system32\d3or.exe
O4 - HKLM\..\RunOnce: [crcq32.exe] C:\WINDOWS\crcq32.exe
O4 - HKLM\..\RunOnce: [javana.exe] C:\WINDOWS\javana.exe
O4 - HKLM\..\RunOnce: [javabh32.exe] C:\WINDOWS\javabh32.exe
O4 - HKLM\..\RunOnce: [javady.exe] C:\WINDOWS\javady.exe
O4 - HKLM\..\RunOnce: [d3dk.exe] C:\WINDOWS\system32\d3dk.exe
O4 - HKLM\..\RunOnce: [mfcqf32.exe] C:\WINDOWS\mfcqf32.exe
O4 - HKLM\..\RunOnce: [winru32.exe] C:\WINDOWS\winru32.exe
O4 - HKLM\..\RunOnce: [sdksi.exe] C:\WINDOWS\sdksi.exe
O4 - HKLM\..\RunOnce: [apiax.exe] C:\WINDOWS\apiax.exe
O4 - HKLM\..\RunOnce: [apivo.exe] C:\WINDOWS\system32\apivo.exe
O4 - HKLM\..\RunOnce: [javafn32.exe] C:\WINDOWS\javafn32.exe
O4 - HKLM\..\RunOnce: [ntiq.exe] C:\WINDOWS\system32\ntiq.exe
O4 - HKLM\..\RunOnce: [addmj.exe] C:\WINDOWS\system32\addmj.exe
O4 - HKLM\..\RunOnce: [netlf32.exe] C:\WINDOWS\system32\netlf32.exe
O4 - HKLM\..\RunOnce: [mszt.exe] C:\WINDOWS\system32\mszt.exe
O4 - HKLM\..\RunOnce: [ipok32.exe] C:\WINDOWS\system32\ipok32.exe
O4 - HKLM\..\RunOnce: [appir32.exe] C:\WINDOWS\appir32.exe
O4 - HKLM\..\RunOnce: [iehc.exe] C:\WINDOWS\system32\iehc.exe
O4 - HKLM\..\RunOnce: [apiss32.exe] C:\WINDOWS\apiss32.exe
O4 - HKLM\..\RunOnce: [syspk.exe] C:\WINDOWS\system32\syspk.exe
O4 - HKLM\..\RunOnce: [apiep.exe] C:\WINDOWS\apiep.exe
O4 - HKLM\..\RunOnce: [atliz.exe] C:\WINDOWS\system32\atliz.exe
O4 - HKLM\..\RunOnce: [apind.exe] C:\WINDOWS\system32\apind.exe
O4 - HKLM\..\RunOnce: [apihp32.exe] C:\WINDOWS\apihp32.exe
O4 - HKLM\..\RunOnce: [netpf32.exe] C:\WINDOWS\netpf32.exe
O4 - HKLM\..\RunOnce: [netyb.exe] C:\WINDOWS\netyb.exe
O4 - HKLM\..\RunOnce: [atlcf.exe] C:\WINDOWS\atlcf.exe
O4 - HKLM\..\RunOnce: [crrk32.exe] C:\WINDOWS\crrk32.exe
O4 - HKLM\..\RunOnce: [d3sd.exe] C:\WINDOWS\d3sd.exe
O4 - HKLM\..\RunOnce: [ntta.exe] C:\WINDOWS\system32\ntta.exe
O4 - HKLM\..\RunOnce: [ipdg.exe] C:\WINDOWS\ipdg.exe
O4 - HKLM\..\RunOnce: [apinn32.exe] C:\WINDOWS\system32\apinn32.exe
O4 - HKLM\..\RunOnce: [winpp32.exe] C:\WINDOWS\system32\winpp32.exe
O4 - HKLM\..\RunOnce: [mfclg32.exe] C:\WINDOWS\mfclg32.exe
O4 - HKLM\..\RunOnce: [javaby32.exe] C:\WINDOWS\system32\javaby32.exe
O4 - HKLM\..\RunOnce: [d3xh.exe] C:\WINDOWS\system32\d3xh.exe
O4 - HKLM\..\RunOnce: [appqd.exe] C:\WINDOWS\appqd.exe
O4 - HKLM\..\RunOnce: [ieun32.exe] C:\WINDOWS\system32\ieun32.exe
O4 - HKLM\..\RunOnce: [ntjl.exe] C:\WINDOWS\ntjl.exe
O4 - HKLM\..\RunOnce: [atlqb32.exe] C:\WINDOWS\system32\atlqb32.exe
O4 - HKLM\..\RunOnce: [addcr.exe] C:\WINDOWS\addcr.exe
O4 - HKLM\..\RunOnce: [adday.exe] C:\WINDOWS\system32\adday.exe
O4 - HKLM\..\RunOnce: [d3os32.exe] C:\WINDOWS\d3os32.exe
O4 - HKLM\..\RunOnce: [winex32.exe] C:\WINDOWS\winex32.exe
O4 - HKLM\..\RunOnce: [atled.exe] C:\WINDOWS\system32\atled.exe
O4 - HKLM\..\RunOnce: [apptd32.exe] C:\WINDOWS\system32\apptd32.exe
O4 - HKLM\..\RunOnce: [msst.exe] C:\WINDOWS\msst.exe
O4 - HKLM\..\RunOnce: [ipgn32.exe] C:\WINDOWS\system32\ipgn32.exe
O4 - HKLM\..\RunOnce: [atlco.exe] C:\WINDOWS\atlco.exe
O4 - HKLM\..\RunOnce: [mshi.exe] C:\WINDOWS\system32\mshi.exe
O4 - HKLM\..\RunOnce: [appdm.exe] C:\WINDOWS\system32\appdm.exe
O4 - HKLM\..\RunOnce: [addov32.exe] C:\WINDOWS\system32\addov32.exe
O4 - HKLM\..\RunOnce: [d3hm.exe] C:\WINDOWS\system32\d3hm.exe
O4 - HKLM\..\RunOnce: [appwj32.exe] C:\WINDOWS\appwj32.exe
O4 - HKLM\..\RunOnce: [msbm.exe] C:\WINDOWS\system32\msbm.exe
O4 - HKLM\..\RunOnce: [addhr32.exe] C:\WINDOWS\addhr32.exe
O4 - HKLM\..\RunOnce: [crco32.exe] C:\WINDOWS\crco32.exe
O4 - HKLM\..\RunOnce: [sdkmk32.exe] C:\WINDOWS\system32\sdkmk32.exe
O4 - HKLM\..\RunOnce: [winme32.exe] C:\WINDOWS\system32\winme32.exe
O4 - HKLM\..\RunOnce: [javasg.exe] C:\WINDOWS\javasg.exe
O4 - HKLM\..\RunOnce: [sdkcc32.exe] C:\WINDOWS\system32\sdkcc32.exe
O4 - HKLM\..\RunOnce: [mfchf.exe] C:\WINDOWS\system32\mfchf.exe
O4 - HKLM\..\RunOnce: [syszx.exe] C:\WINDOWS\syszx.exe
O4 - HKLM\..\RunOnce: [sdkfs32.exe] C:\WINDOWS\sdkfs32.exe
O4 - HKLM\..\RunOnce: [atlvb.exe] C:\WINDOWS\atlvb.exe
O4 - HKLM\..\RunOnce: [iejw32.exe] C:\WINDOWS\system32\iejw32.exe
O4 - HKLM\..\RunOnce: [sdkog32.exe] C:\WINDOWS\system32\sdkog32.exe
O4 - HKLM\..\RunOnce: [ipmz.exe] C:\WINDOWS\system32\ipmz.exe
O4 - HKLM\..\RunOnce: [atllm.exe] C:\WINDOWS\atllm.exe
O4 - HKLM\..\RunOnce: [sysjc.exe] C:\WINDOWS\system32\sysjc.exe
O4 - HKLM\..\RunOnce: [javaow.exe] C:\WINDOWS\system32\javaow.exe
O4 - HKLM\..\RunOnce: [mfcnl32.exe] C:\WINDOWS\system32\mfcnl32.exe
O4 - HKLM\..\RunOnce: [ipdn.exe] C:\WINDOWS\ipdn.exe
O4 - HKLM\..\RunOnce: [winml32.exe] C:\WINDOWS\system32\winml32.exe
O4 - HKLM\..\RunOnce: [javarn.exe] C:\WINDOWS\system32\javarn.exe
O4 - HKLM\..\RunOnce: [ievr32.exe] C:\WINDOWS\ievr32.exe
O4 - HKLM\..\RunOnce: [sdkam.exe] C:\WINDOWS\sdkam.exe
O4 - HKLM\..\RunOnce: [ipyh32.exe] C:\WINDOWS\ipyh32.exe
O4 - HKLM\..\RunOnce: [mslm.exe] C:\WINDOWS\mslm.exe
O4 - HKLM\..\RunOnce: [ieev.exe] C:\WINDOWS\ieev.exe
O4 - HKLM\..\RunOnce: [ntyv32.exe] C:\WINDOWS\ntyv32.exe
O4 - HKLM\..\RunOnce: [sdkgd32.exe] C:\WINDOWS\sdkgd32.exe
O4 - HKLM\..\RunOnce: [ieqd32.exe] C:\WINDOWS\ieqd32.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKLM\..\RunOnce: [mslp32.exe] C:\WINDOWS\system32\mslp32.exe
O4 - HKLM\..\RunOnce: [ipsk32.exe] C:\WINDOWS\ipsk32.exe
O4 - HKLM\..\RunOnce: [addde32.exe] C:\WINDOWS\addde32.exe
O4 - HKLM\..\RunOnce: [msro32.exe] C:\WINDOWS\msro32.exe
O4 - HKLM\..\RunOnce: [sdkpv32.exe] C:\WINDOWS\system32\sdkpv32.exe
O4 - HKLM\..\RunOnce: [sdkpl.exe] C:\WINDOWS\system32\sdkpl.exe
O4 - HKLM\..\RunOnce: [ntxm.exe] C:\WINDOWS\ntxm.exe
O4 - HKLM\..\RunOnce: [ntsd.exe] C:\WINDOWS\system32\ntsd.exe
O4 - HKLM\..\RunOnce: [sdkyr.exe] C:\WINDOWS\sdkyr.exe
O4 - HKLM\..\RunOnce: [applw.exe] C:\WINDOWS\system32\applw.exe
O4 - HKLM\..\RunOnce: [appar32.exe] C:\WINDOWS\appar32.exe
O4 - HKLM\..\RunOnce: [javaar32.exe] C:\WINDOWS\system32\javaar32.exe
O4 - HKLM\..\RunOnce: [crjf.exe] C:\WINDOWS\system32\crjf.exe
O4 - HKLM\..\RunOnce: [crdy32.exe] C:\WINDOWS\crdy32.exe
O4 - HKLM\..\RunOnce: [addrc.exe] C:\WINDOWS\system32\addrc.exe
O4 - HKLM\..\RunOnce: [apiwr32.exe] C:\WINDOWS\apiwr32.exe
O4 - HKLM\..\RunOnce: [netwz32.exe] C:\WINDOWS\netwz32.exe
O4 - HKCU\..\Run: [Intel system
tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00711231.exe

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3or.exe

Find og slet

Filerne:
C:\WINDOWS\system32\d3or.exe
C:\WINDOWS\system32\pcwev.dll

Dobbeltklik på cwsserviceremove.reg, som du hentede i begyndelsen.

Kør AboutBuster - to gange.
- klik OK
- klik Start og OK for at scanne for Alternate Data Streams
- klik Yes for at tillade nedlukning af Explorer.exe
- klik Yes for at tillade nr. 2 scanning.

------------------------

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files
Og så trykker du på Scan Clean
Det tager lidt over en time at scanne

-------------------------------


Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart i Normal tilstand. Kør HijackThis og læg en frisk log herind.

tak, kigger lige på min instruktion!

og mange mange tak! ;)

Hej

har prøvet slette de filer, som var mulige, og det skulle være gjort. Der er stadig spyware eller virus på pcen.
Her er den sigte hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 02:55:31, on 06-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\javamy32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thomas_R\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\qzxlc.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1064
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {F83E64CC-47BA-4CBD-4B1D-66C65FEE57F2} - C:\WINDOWS\system32\apitc.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Programmer\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [javamy32.exe] C:\WINDOWS\javamy32.exe
O4 - HKLM\..\RunOnce: [ipok32.exe] C:\WINDOWS\system32\ipok32.exe
O4 - HKLM\..\RunOnce: [ntjl.exe] C:\WINDOWS\ntjl.exe
O4 - HKLM\..\RunOnce: [winwv32.exe] C:\WINDOWS\system32\winwv32.exe
O4 - HKLM\..\RunOnce: [netqd32.exe] C:\WINDOWS\system32\netqd32.exe
O4 - HKLM\..\RunOnce: [netwz32.exe] C:\WINDOWS\netwz32.exe
O4 - HKLM\..\RunOnce: [adddv.exe] C:\WINDOWS\system32\adddv.exe
O4 - HKLM\..\RunOnce: [d3dq.exe] C:\WINDOWS\system32\d3dq.exe
O4 - HKLM\..\RunOnce: [crgc.exe] C:\WINDOWS\system32\crgc.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\system32\ntco.exe
O4 - HKLM\..\RunOnce: [mfcuf.exe] C:\WINDOWS\system32\mfcuf.exe
O4 - HKLM\..\RunOnce: [crux.exe] C:\WINDOWS\crux.exe
O4 - HKLM\..\RunOnce: [sdkqi.exe] C:\WINDOWS\system32\sdkqi.exe
O4 - HKLM\..\RunOnce: [apisb.exe] C:\WINDOWS\system32\apisb.exe
O4 - HKLM\..\RunOnce: [netpf32.exe] C:\WINDOWS\netpf32.exe
O4 - HKLM\..\RunOnce: [ntog32.exe] C:\WINDOWS\ntog32.exe
O4 - HKLM\..\RunOnce: [ieag.exe] C:\WINDOWS\ieag.exe
O4 - HKLM\..\RunOnce: [msaa32.exe] C:\WINDOWS\system32\msaa32.exe
O4 - HKLM\..\RunOnce: [addat32.exe] C:\WINDOWS\addat32.exe
O4 - HKLM\..\RunOnce: [sdkso32.exe] C:\WINDOWS\sdkso32.exe
O4 - HKLM\..\RunOnce: [winxl.exe] C:\WINDOWS\winxl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00711231.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4524/mcfscan.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3or.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Genstart i fejlsikret(tryk <F8> ved opstart), dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.
Klik så på den grønne fodgænger ovre til højre på siden, så starter scanningen.
Klik så på Start->Søg, find filen >>drweb32w.log<< kopier det nederste af teksten herind, startende med:
>>Total session statistics<<

-----------------------

Hent derefter denne scanner:
Ewido kan du downloade her: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).
Genstart i fejlsikret tilstand. Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange. Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og kopier den report herind sammen med en hijackthis log taget efter du har kørt Ewido

Hej

Håber jeg har kopieret den rigtige del af log filen fra dr. web. hehe.... Men sikke mange den har fjernet!

her er lidt at kigge på! tusind tak igen! :)

Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 201925
Infected objects found: 683
Objects with modifications found: 0
Suspicious objects found: 4
Objects cured: 0
Objects deleted: 681
Objects renamed: 4
Objects moved: 0
Scan speed: 160 Kb/s
Scan time: 02:30:54


--------------------------------------------------------------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            23:38:46, 06-07-2005
+ Report-Checksum:        FE06B9E4

+ Scan result:

    HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001} -> Spyware.AutoSearch : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{09098A2E-29B4-D7AC-C8EC-1C448EBA69E3} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0A1D22C3-37BE-470C-9C29-E3074EE0574B} -> Spyware.EliteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{1228458E-6B19-48F4-5449-A00AEE93F0FC} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{19255F26-2AD3-116A-A43F-B901D1F3AC6B} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{24E10FF7-10AA-6198-95AE-258D49D9ABCA} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -> Spyware.E-booksystems : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{497AEAF3-0F8F-A4B6-48F2-A80144D90604} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{821C8BB3-C516-BEE5-C6A4-ECF0D92BF426} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{88289CAD-8761-B286-1697-48C2E3A53747} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A6BF9B01-2B57-89D9-AD1F-AF854374C992} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{BD00AB82-F105-58F8-2B31-B600383177E6} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647} -> Spyware.EliteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} -> Spyware.SafeSurfing : Error during cleaning
    HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{EAB9C89C-A224-B071-97DC-24A78995DD29} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F6802757-10AB-DBC8-719A-C48394D31082} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\Classes\SideFind.Finder -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06} -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Elitum -> Spyware.EliteBar : Cleaned with backup
    HKLM\SOFTWARE\Elitum\EliteSideBar -> Spyware.EliteBar : Cleaned with backup
    HKLM\SOFTWARE\Elitum\EliteToolBar -> Spyware.EliteBar : Cleaned with backup
    HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows ServeAd -> Spyware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
    HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
    HKLM\SOFTWARE\SideFind -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\SideFind\History -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Video1\Dialers -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Windows ServeAd -> Spyware.BlazeFind : Cleaned with backup
    HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Error during cleaning
    HKLM\SOFTWARE\WinTools\nlibx4m -> Spyware.WebSearch : Error during cleaning
    HKLM\SOFTWARE\WinTools\nlibx4m\ef -> Spyware.WebSearch : Error during cleaning
    HKLM\SOFTWARE\WinTools\nlibx4m\q8 -> Spyware.WebSearch : Error during cleaning
    HKLM\SOFTWARE\WinTools\nlibx4m\qe -> Spyware.WebSearch : Error during cleaning
    HKLM\SOFTWARE\WinTools\nlibx4m\tg -> Spyware.WebSearch : Error during cleaning
    HKLM\SOFTWARE\WinTools\nlibx4m\v -> Spyware.WebSearch : Error during cleaning
    HKU\.DEFAULT\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
    HKU\.DEFAULT\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\.DEFAULT\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\.DEFAULT\Software\LQ -> Dialer.Generic : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19255F26-2AD3-116A-A43F-B901D1F3AC6B} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -> Spyware.E-booksystems : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} -> Spyware.SearchMiracle : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F14AABDD-0232-4E5A-9B52-4178AC0A62B5} -> Spyware.AdSubtract : Cleaned with backup
    HKU\.DEFAULT\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
    HKU\S-1-5-18\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
    HKU\S-1-5-18\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-18\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-18\Software\LQ -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19255F26-2AD3-116A-A43F-B901D1F3AC6B} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -> Spyware.E-booksystems : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} -> Spyware.SearchMiracle : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F14AABDD-0232-4E5A-9B52-4178AC0A62B5} -> Spyware.AdSubtract : Cleaned with backup
    HKU\S-1-5-18\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Edyson\Cookies\edyson@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@counter14.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@counter16.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Cookies\thomas_r@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\common.dll -> Spyware.IBIS : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\Cookies\thomas_r@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\djtopr1150.exe -> Spyware.WebRebates.g : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\jkill.exe -> Spyware.VX2 : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\sidefind.exe -> Spyware.SideFind : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\TBPS.exe -> Spyware.IBIS : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\temp.cab/TBPS.exe -> Spyware.IBIS : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\temp.cab/common.dll -> Spyware.IBIS : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\temp.cab/toolbar.dll -> Spyware.IBIS : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\toolbar.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\toolbar.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\toolbar.dll -> Spyware.IBIS : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\Toolbar3.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\Toolbar3.cab/TBPS.exe -> Spyware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temp\VVSNInst.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WXGDMN41\default[4].asp -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WXGDMN41\songs[2].asp -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WZANUGW6\default[4].asp -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WZANUGW6\default[5].asp -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WZANUGW6\default[6].asp -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WZANUGW6\showcaps[2].asp -> Spyware.BookedSpace : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Lokale indstillinger\Temporary Internet Files\Content.IE5\WZANUGW6\WUInstSECS[1].cab/WUInst.dll -> Adware.SaveNow : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Skrivebord\spyware killer\backups\backup-20050704-224421-435.dll -> Spyware.EliteBar : Cleaned with backup
    C:\Documents and Settings\Thomas_R\Skrivebord\spyware killer\backups\backup-20050704-224421-853.dll -> Spyware.EliteBar : Cleaned with backup
    C:\Program Files\Windows AdControl\WinAdShift.dll -> Spyware.WinAD : Cleaned with backup
    C:\Program Files\Windows ControlAd\WinCtlAdShift.dll -> Spyware.WinAD : Cleaned with backup
    C:\Program Files\Windows ServeAd\WinAtServ.dll -> Spyware.WinAD : Cleaned with backup
    C:\Program Files\Windows TaskAd\WinProject.dll -> Spyware.WinAD : Cleaned with backup
    C:\Program Files\Windows TaskAd\WinTaskAd.exe -> Spyware.WinAD : Cleaned with backup
    C:\Programmer\Common Files\zkiz\zkizp.exe -> Spyware.Xupiter : Cleaned with backup
    C:\Programmer\DAP\DAP.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\CMEIIAPI.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GAppMgr.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GController.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GDwldEng.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GIocl.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GIoclClient.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GMTProxy.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GObjs.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GStore.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\GStoreServer.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\CMEII\Gtools.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\EGGCEngine.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\egIEEngine.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\EGIEProcess.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\EGNSEngine.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\GatorRes.dll -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\GatorStubSetup.exe -> Adware.Gator : Cleaned with backup
    C:\Programmer\Fælles filer\GMT\GUninstaller.exe -> Adware.Gator : Cleaned with backup
    C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
    C:\Programmer\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL -> Spyware.MyWay : Cleaned with backup
    C:\Programmer\Search-Assistant\saap.exe -> Spyware.180Solutions : Cleaned with backup
    C:\Programmer\SearchRelevancy\SearchRelevancy.dll -> Spyware.Relevance : Cleaned with backup
    C:\Programmer\SideFind\sfbho.dll -> Spyware.SideFind : Cleaned with backup
    C:\Programmer\SideFind\sidefind.dll -> Spyware.SideFind : Cleaned with backup
    C:\Programmer\SideFind\update\sidefind.exe -> Spyware.SideFind : Cleaned with backup
    C:\sidebDD.exe -> Spyware.EliteBar : Cleaned with backup
    C:\temp\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
    C:\temp\WinCtlAdInstPack.exe -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\apibw32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\appii32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\appyj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Aquatica Waterworlds.scr:impelp -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Aquatica Waterworlds.scr:irwwq -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\Aquatica Waterworlds.scr:vdqts -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\atlev.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\aucfg.ini:asqtc -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\aucfg.ini:jyttx -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\CDex.INI:vddobq -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\CDex.INI:yehrb -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\cris32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\d3nm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\d3qg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\desktop.ini:evyia -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll -> Spyware.EliteBar : Cleaned with backup
    C:\WINDOWS\fmhbh.txt:gfyzf -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\htkfe.txt:buyok -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\iedk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\ieux32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\iexs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\ipfu32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\iPlayer.INI:krutn -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\ipvp32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\ipyv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\javalu.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javaxv32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\javayv32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\jtyed.txt:itmhg -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\LIBENACM.INI:ytkmr -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\LIBENVRS.INI:zjhfi -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\mfckp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\mfcme.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\mfcwg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\mfcyt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\msiu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\msnsetuplog.txt:msryp -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\msnsetuplog.txt:pjubr -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\msrc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\muma2004.INI:vcmzl -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\netci32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\netfn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\nethk.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\netqx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\ODBC.INI:fshrk -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\ODBCINST.INI:rlzvb -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\ODBCINST.INI:xvmvc -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\OEWABLog.txt:gmurhw -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\OEWABLog.txt:nnzkp -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\OEWABLog.txt:wfats -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\SchedLgU.Txt:oomki -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\screen.html:cojjjr -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\screen.html:yhhzc -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\sdkhe.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\sdkym.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\setuplog.txt:jjxhe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\setuplog.txt:owocep -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\smp3m45j.ini:dmmtd -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\smp3m45j.ini:pdjchm -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\syshf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\syslh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\syspp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\appax32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\atldn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\crcc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\crsc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\crzq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\d3fn32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ieub.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\ipip.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\ipuq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\javaeh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\mstw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\msub.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\msyi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\netjy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\netrk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\netur32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\ntal32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkab32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\sdkdj32.exe -> Trojan.Agent.bi : Cleaned with backup
    C:\WINDOWS\system32\sdkvw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\shell32.exe -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\system32\sysdl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\thxei.txt:tgfaxj -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\tmupdate.ini:izyyp -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\tsc.ini:apqos -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\vbaddin.ini:vgqzu -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\win.ini:bhfzg -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\winamp.ini:ujcvu -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\winamp.ini:urovmy -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\wingy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\_default.pif:syehc -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

----------------------------------------------------------------------------------



Logfile of HijackThis v1.99.1
Scan saved at 23:46:52, on 06-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\ewido\security suite\securitysuite.exe
C:\Programmer\Winamp\Winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas_R\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1064
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {377FC94D-A085-2B89-B543-C2E033EE98D3} - C:\WINDOWS\msoa32.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [javamy32.exe] C:\WINDOWS\javamy32.exe
O4 - HKLM\..\Run: [ntde.exe] C:\WINDOWS\system32\ntde.exe
O4 - HKLM\..\Run: [msel.exe] C:\WINDOWS\system32\msel.exe
O4 - HKLM\..\Run: [javavl32.exe] C:\WINDOWS\javavl32.exe
O4 - HKLM\..\RunOnce: [crhh.exe] C:\WINDOWS\crhh.exe
O4 - HKLM\..\RunOnce: [javaxv32.exe] C:\WINDOWS\javaxv32.exe
O4 - HKLM\..\RunOnce: [mfcze.exe] C:\WINDOWS\system32\mfcze.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00711231.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4524/mcfscan.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3or.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

glemte at sige:

at når jeg starter´, pcen står der på mit skrive bord, at jeg skal skaffe noget der kan fjerne spyware... og det ikke min nogle backgrund der er der!

plus når jeg starter inter explorer, om er det en blank side, og ikke google.dk ...

Hent herefter denne lille fil og pak den ud til dit Skrivebord:
http://www.fbeej.dk/Programmer/smitfraud1.zip
Dobbeltklik på smitfraud1.reg som du lige pakkede ud - svar ja til at flette den ind i registreringsdatabasen.

Genstart i fejlsikret og Fix i hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\anzfp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1064
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing

O2 - BHO: Class - {377FC94D-A085-2B89-B543-C2E033EE98D3} - C:\WINDOWS\msoa32.dll

O4 - HKLM\..\Run: [javamy32.exe] C:\WINDOWS\javamy32.exe
O4 - HKLM\..\Run: [ntde.exe] C:\WINDOWS\system32\ntde.exe
O4 - HKLM\..\Run: [msel.exe] C:\WINDOWS\system32\msel.exe
O4 - HKLM\..\Run: [javavl32.exe] C:\WINDOWS\javavl32.exe
O4 - HKLM\..\RunOnce: [crhh.exe] C:\WINDOWS\crhh.exe
O4 - HKLM\..\RunOnce: [javaxv32.exe] C:\WINDOWS\javaxv32.exe
O4 - HKLM\..\RunOnce: [mfcze.exe] C:\WINDOWS\system32\mfcze.exe

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3or.exe (file missing)

find og slet:
C:\WINDOWS\system32\d3or.exe
C:\WINDOWS\system32\mfcze.exe
C:\WINDOWS\javaxv32.exe
C:\WINDOWS\crhh.exe
C:\WINDOWS\system32\msel.exe
C:\WINDOWS\system32\ntde.exe
C:\WINDOWS\system32\anzfp.dll

genstart og ny hijackthis log

hej

kunne ikke hente det nævnte program, ned eller få det til at fungere, da jeg havde fået sendt det via msn...

Er nået til et punkt, hvor spyware og virus angrebet, hvis har påvirket, pcen, så meget jeg overvejer, at overgive, og formatere, hvis dette er en god ide, vil jeg gerne høre hvordan man gør det bedst, og installere alt igen, netværk, osv...

Desuden fik jeg ik slettet de nævntem kunne ikke finde dem....

Men fik fixed, de filer, jeg skulle.... , her er log:


Logfile of HijackThis v1.99.1
Scan saved at 20:18:36, on 07-07-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\Programmer\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Thomas_R\Skrivebord\hijackthis.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iema32.exe] C:\WINDOWS\system32\iema32.exe
O4 - HKLM\..\Run: [mssd32.exe] C:\WINDOWS\mssd32.exe
O4 - HKLM\..\Run: [sdkic32.exe] C:\WINDOWS\sdkic32.exe
O4 - HKLM\..\Run: [msbo.exe] C:\WINDOWS\msbo.exe
O4 - HKLM\..\Run: [sysux32.exe] C:\WINDOWS\system32\sysux32.exe
O4 - HKLM\..\Run: [atlwa.exe] C:\WINDOWS\atlwa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\RECYCLER\NPROTECT\00711231.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programmer\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002535.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4524/mcfscan.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\d3or.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

soljiah84 du har et par spørgsmål som du ikke har fået afsluttet:) inklusivt dette

http://exp.dk/list.phtml?spm_creator=soljiah84&status_1=on&status_2=on&status_3=on&status_4=on