Bedste måde at fjerne spyware

Hent Ewido og Hijackthis her : http://www.arlet.dk/ewidohjt.htm

inden jeg gør det vil jeg lige brænde nogle vigtige dok. ned i tilfælde af..... er det sikkert at genstarte PC'en på normalvis eller skal man ikke forvente den kommer op igen på "normalvis" ?

Jeg tror ikke at der er problemer med at komme ind i windows på almindelig vis

hej arlet jeg har nu installeret ewido og samtidig med at den opdatere promtede programmet med at den har fundet en "malware" og om jeg vil cleane filen, det er altså inden at jeg har genstartet i fejlsikret tilstand. Spørgsmålet er nu om jeg skal ignore denne promt fra ewido og genstarte PC som du har beskrevet eller om jeg lige skal vælge clean til den fil ?

så er scanningen med Ewido færdig og hermed loggen :

---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            23:37:06, 02-10-2005
+ Rapport-Checksum:        8E590F12

+ Scanningsresultat:
    HKLM\SOFTWARE\Classes\Interface\{9D573D0E-663C-435F-BF31-2C4497373C41}\TypeLib\\ -> Spyware.CoolWebSearch : Renset med backup
    HKU\S-1-5-21-507921405-1417001333-1801674531-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Renset med backup
    [208] VM_00DB0000 -> TrojanDownloader.Agent.uj : Fejl under renselse
    [232] VM_00D90000 -> TrojanDownloader.Agent.uj : Fejl under renselse
    [744] VM_00940000 -> TrojanDownloader.Agent.uj : Fejl under renselse
    [1020] VM_00820000 -> TrojanDownloader.Agent.uj : Fejl under renselse
    C:\Documents and Settings\Administrator\Cookies\administrator@1xxx.cqcounter[2].txt -> Spyware.Cookie.Cqcounter : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[2].txt -> Spyware.Cookie.Adition : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@axa.addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@banner.commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> Spyware.Cookie.Burstnet : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@ilead.itrack[2].txt -> Spyware.Cookie.Itrack : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@paypopup[1].txt -> Spyware.Cookie.Paypopup : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@track.commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Renset med backup
    C:\Documents and Settings\Administrator\Cookies\administrator@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Renset med backup
    C:\Gl-Disk\gl - d-drev\Programmer\ICQ\NDetect.exe -> Backdoor.IP_Protect : Renset med backup
    C:\Programmer\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.alb : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116966.exe -> TrojanDownloader.Agent.tc : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116967.sys -> TrojanDownloader.Small.bns : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116968.exe -> TrojanDownloader.Agent.uj : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116969.EXE -> Trojan.Small.fb : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116970.exe -> TrojanDownloader.Agent.tc : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116971.EXE -> Trojan.Ysearch : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116972.EXE -> Trojan.Ysearch : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0116973.EXE -> Trojan.Ysearch : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0117041.dll -> Spyware.SBSoft : Renset med backup
    C:\System Volume Information\_restore{13D0D9AB-D021-4A21-9602-93510CCA9A90}\RP318\A0117042.exe -> TrojanDownloader.Agent.uj : Renset med backup
    C:\Temp\temp.fr7997 -> Spyware.SBSoft : Renset med backup
    C:\WINDOWS\system32\dgprpsetup.exe -> TrojanDownloader.Agent.sy : Renset med backup
    C:\WINDOWS\system32\popcorn72.exe -> TrojanDownloader.Agent.sy : Renset med backup
    C:\WINDOWS\system32\rndsj.exe -> TrojanDownloader.Agent.jc : Renset med backup
    G:\Programmer\ICQ\NDetect.exe -> Backdoor.IP_Protect : Renset med backup


::Rapport slut

hej arlet eller andre nu har jeg Hijackthis loggen, jeg håber nogen vil kigge på den og fortælle mig hvad jeg nu skal gøre

Logfile of HijackThis v1.99.1
Scan saved at 23:51:48, on 02-10-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Winamp\Winampa.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\CASIO\Photo Loader\Plauto.exe
C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Skrivebord\hjt\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "c:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.volvocars.dk/Showroom/V50/Gallery/V503D.htm
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100466680312
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA7931-9B30-4E98-B0F8-FBC19C4F9467}: NameServer = 85.255.113.131,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{4791DD98-2D7B-4F00-BC1D-80F4392C07E9}: NameServer = 85.255.113.131,85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{27CA7931-9B30-4E98-B0F8-FBC19C4F9467}: NameServer = 85.255.113.131,85.255.112.9
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v3/vet_install_popup.pl?1&4&04.00.08.43&unknown&unknown&http://www.volvocars.dk/Showroom/V50/Gallery/V503D.htm
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab

genstart og ny log

Hej Arlet

hermed ny log og det lader til at al snavs er ude af maskinen igen :-)

Logfile of HijackThis v1.99.1
Scan saved at 16:20:30, on 03-10-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmer\Winamp\Winampa.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Programmer\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\crypserv.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Administrator\Skrivebord\hjt\hjt.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://212.10.10.20/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmer\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programmer\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "c:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmer\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Programmer\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100466680312
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27CA7931-9B30-4E98-B0F8-FBC19C4F9467}: NameServer = 85.255.113.131,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{4791DD98-2D7B-4F00-BC1D-80F4392C07E9}: NameServer = 85.255.113.131,85.255.112.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{27CA7931-9B30-4E98-B0F8-FBC19C4F9467}: NameServer = 85.255.113.131,85.255.112.9
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.
Og så skal du også lige skjule dine filer og mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil.
Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan hente her : www.arlet.dk/pakke.htm

tak for hjælpen, det er en god side du har, den vil jeg helt sikkert bruge meget i fremtiden.