Hijack log til gennemsyn!

Jeg ser på den, øjeblik

Læs alle punkterne inden du gør noget.

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
O2 - BHO: (no name) - {36D96B02-9748-AA55-169C-5A9E6AF8A40C} - C:\WINDOWS\system32\aorifiy.dll
O2 - BHO: (no name) - {6873EB48-EE37-9715-3C63-031176033D0E} - C:\WINDOWS\prflbmsg.dll
O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\system32\souupot.dll

(4)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende filer:
C:\WINDOWS\system32\aorifiy.dll
C:\WINDOWS\prflbmsg.dll
C:\WINDOWS\system32\souupot.dll

(5)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt tage nogen tid.

(7)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(8)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.

**************************

Nedenstående linjer skal måske også fixes, men kun hvis jeg siger det:
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O21 - SSODL: Network.ConnectionTray - {03D349A6-F474-CD39-D7B5-D7199075878C} - C:\WINDOWS\help\agt040c.hlp

næste log skal være med det nye hijackthis

http://www.downloadportal.dk/viewinfo.asp?rid=1658
Eller
http://www.arlet.dk/hjt.exe

Logfile of HijackThis v1.99.1
Scan saved at 21:49:06, on 04-09-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
D:\Programmer\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\helper.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Programmer\Anti Spy\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programmer\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programmer\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108429044775
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O21 - SSODL: Network.ConnectionTray - {03D349A6-F474-CD39-D7B5-D7199075878C} - C:\WINDOWS\help\agt040c.hlp
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Kører din computer som den skal? Hvis ja, så er vi færdige.

Nej, der er noget galt med min internet explorer, jeg ved ik om det kan skyldes spyware/virus!
Men hvis jeg går ind på forskellige sider f.eks hotmail så siger hotmail at den ikke genkender min browser at jeg mindst bør bruge IE 4.0 men jeg har IE 6.0 SP2 installeret? også på andre sites siger de at jeg ik bruger den rigtige browser!
..og når jeg forsøger at gå ind på www.google.com / www.google.dk så kommer den med en sikkerheds advarsel og spørger om jeg vil downloade en fil, jeg kan slet ik komme ind på siden!

hent http://packetstormsecurity.org/Win/IEreg.zip
eller herfra
http://www.fbeej.dk/Programmer/iereg.zip
Udpak den og kør den udpakkede fil. genstart og se om det har hjulpet.

hentede fra det øverste link og registrede begge... Men har stadig samme problem :(

Sæt din xp cdrom i drevet.

Tryk start->kør og skriv følgende.. præcis som det står!

rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\windows\inf\ie.inf

Har du installeret et program ved navn: LIUtilities SpeedUpMyPC?
Hvis ikke, så skal du genstarte computeren i fejlsikret tilstand og slette filen: C:\WINDOWS\helper.exe, hvorefter du genstarter normalt og smider en ny hijackthis-log herind.

kalp>> Kan ik' finde min XP cd lige nu, så kan ik prøve dit tip! Men leder på livet løs!

og ny log:
Logfile of HijackThis v1.99.1
Scan saved at 22:16:50, on 05-09-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
D:\Programmer\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Programmer\Anti Spy\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programmer\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Programmer\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FLLESF~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108429044775
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O21 - SSODL: Network.ConnectionTray - {03D349A6-F474-CD39-D7B5-D7199075878C} - C:\WINDOWS\help\agt040c.hlp
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Det har altså ikke hjulpet at slette helper.exe?

nej

fundetdin xp cd?

Har fundet Cd'en og prøvet at taste kommandoen men den siger bare " Handlingen mislykkedes" når den brgynder at gå i gang!! :(

Download Ewido
http://shop.element5.com/product.html?productid=531168

Installer programmet. Start det.. Opdater programmet.. og udfør en fuld scan.
Når den er færdig så kopir loggen fra Ewido herind.. så husk at trykke på View Log.

husk også at prøve

Kommentar: kalp
05/09-2005 17:30:23

nu du har din cd igen

Har prøvet det der med: rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 c:\windows\inf\ie.inf - Men det var der den sagde "Handlingen mislykkedes"!

Har repareret windows installationen med Win XP cd'en og installeret SP2 igen... Men Internet Explorer genkendes stadig ikke af websider som internet explorer!
Derfor kan jeg ik tage flere opdateringer på Win Update da den siger jeg ikke bruger den korrekte browser..

Men er i gang med at scanne med Ewido nu og der kommer en log så snart den er færdig!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:            18:08:01, 15-09-2005
+ Report-Checksum:        B1D3A167

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{52DC9EC1-35A9-4914-98D9-D568A9854DA2} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{62160EEF-9D84-4C19-B7B8-6AC2526CD726} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8085E374-ACBB-42F9-873F-49EC7E244F97} -> Spyware.Hijacker.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{82E8FF5B-20DA-4F43-9787-09FA534B7627} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{A903BF95-883E-4E70-AEC8-6C27CDC0A6B2} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} -> Spyware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} -> Spyware.XXXToolbar : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2A4407B-FFBC-4A1F-A18A-0F68C3E0FC9E} -> Spyware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKU\S-1-5-21-1644491937-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-407c3e1c-62c45bd3.class.mwt -> Trojan.Byteverify : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@ad.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@axa.addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@banner.commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@e-2dj6wjloqhazilo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@gde.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@srv1.ad.adition[2].txt -> Spyware.Cookie.Adition : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Mads von Qualen\Cookies\mads von qualen@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\AdToolsX.dll -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AdToolsX.dll -> Spyware.WinAD : Cleaned with backup
    D:\RECYCLER\S-1-5-21-2000478354-706699826-1957994488-1003\Dd1062\FireDaemon.exe -> Backdoor.SdBot.nj : Cleaned with backup
    D:\RECYCLER\S-1-5-21-2000478354-706699826-1957994488-1003\Dd1062\system.exe -> Backdoor.ServU-based : Cleaned with backup
    D:\RECYCLER\S-1-5-21-2000478354-706699826-1957994488-1003\Dd792.zip/RealOne.Player.and.iQfx3.and.vTuner.Plus.v4.0/RealOnePlayer.exe -> Backdoor.Optix.Pro.o : Cleaned with backup


::Report End

onkel_skod -> hvordan kører dit windows efter scanning med Ewido?

har stadig samme problem med at jeg ikk kan komme på Windows update og på min netbank!.. Men tror snart ik det kan hvae noget med spyware at gøre jeg har prøvet altverdens programmer nu!
Så smid nogle svar så vi kan få lukket og så åbner jeg et nyt spørgsmål i en anden kategori!
Tak for hjælpen!

svar