hjælp - WinFixer

Følg vejledningen i denne artikel:
http://exp.dk/artikler/755

GENERELT: <bjornsteen> -> Hvad endte dene tråd med -> http://www.eksperten.dk/spm/565997
Vejledning -> http://expfaq.1go.dk/

Ellers følg <fromsej>'s link. He Is The Man !!!

Jeg har nu fulgt vejledningen http://exp.dk/artikler/755 og har logfiler fra Drweb, Ewido, og Hijackthis.

Skal jeg paste dem ind her?

Jeps...

De kommer så her:

Fra DrWeb:




Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 135063
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 1
Objects moved: 0
Objects ignored: 1
Scan speed: 192 Kb/s
Scan time: 01:39:17
-----------------------------------------------------------------------------







Fra  ewido

---------------------------------------------------------
ewido security suite - Scanningsrapport
---------------------------------------------------------

+ Oprettet den:            08:40:52, 16-10-2005
+ Rapport-Checksum:        9987CB75

+ Scanningsresultat:
   

HKU\S-1-5-21-2338450889-4137028838-559665383-1007\Software\Microsoft\Windows\CurrentVersion\E

xt\Stats\{1678F7E1-C422-11D0-AD7D-00400515CAAA} -> Spyware.CometCursor : Renset med backup
   

HKU\S-1-5-21-2338450889-4137028838-559665383-1007\Software\Microsoft\Windows\CurrentVersion\E

xt\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Renset med backup
    :mozilla.6:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Liveperson :

Renset med backup
    :mozilla.7:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Liveperson :

Renset med backup
    :mozilla.8:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Liveperson :

Renset med backup
    :mozilla.19:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Webtrendslive :

Renset med backup
    :mozilla.20:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Webtrendslive :

Renset med backup
    :mozilla.24:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Adtech : Renset

med backup
    :mozilla.25:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Adtech : Renset

med backup
    :mozilla.26:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Doubleclick :

Renset med backup
    :mozilla.49:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Tradedoubler :

Renset med backup
    :mozilla.51:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Mediaplex :

Renset med backup
    :mozilla.60:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Overture :

Renset med backup
    :mozilla.68:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Atdmt : Renset

med backup
    :mozilla.70:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset

med backup
    :mozilla.71:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Hitbox : Renset

med backup
    :mozilla.100:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Statcounter :

Renset med backup
    :mozilla.101:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Statcounter :

Renset med backup
    :mozilla.102:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Statcounter :

Renset med backup
    :mozilla.105:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Advertising :

Renset med backup
    :mozilla.106:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Advertising :

Renset med backup
    :mozilla.124:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Burstnet :

Renset med backup
    :mozilla.125:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Casalemedia :

Renset med backup
    :mozilla.126:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Valueclick :

Renset med backup
    :mozilla.127:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Valueclick :

Renset med backup
    :mozilla.128:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Fastclick :

Renset med backup
    :mozilla.129:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Falkag : Renset

med backup
    :mozilla.133:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Spylog : Renset

med backup
    :mozilla.136:C:\Documents and Settings\HP_Ejer\Application

Data\Mozilla\Firefox\Profiles\e2ato3uv.default\cookies.txt -> Spyware.Cookie.Bfast : Renset

med backup
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@adtech[2].txt ->

Spyware.Cookie.Adtech : Renset med backup
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@advertising[1].txt ->

Spyware.Cookie.Advertising : Renset med backup
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@doubleclick[1].txt ->

Spyware.Cookie.Doubleclick : Renset med backup
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@mediaplex[1].txt ->

Spyware.Cookie.Mediaplex : Renset med backup
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@servedby.advertising[1].txt ->

Spyware.Cookie.Advertising : Renset med backup
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@statcounter[1].txt ->

Spyware.Cookie.Statcounter : Renset med backup
    C:\Documents and Settings\HP_Ejer\Lokale indstillinger\Temporary Internet

Files\Content.IE5\3WLLRCO8\WinFixer2005ScannerInstall[1].exe ->

Not-A-Virus.Downloader.Agent.d : Renset med backup
    C:\Programmer\SurfAccuracy -> Adware.SurfAccuracy : Renset med backup
    C:\Programmer\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Renset med backup
    C:\Programmer\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Renset med backup


::Rapport slut





Fra HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 21:23:47, on 16-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\ewido\security suite\ewidoctrl.exe
C:\Programmer\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Programmer\ewido\security suite\ewidoguard.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Office Mouse\moffice.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\Office Mouse\MOUSE32A.DAT
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Documents and Settings\HP_Ejer\Skrivebord\til antivirus\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=deskt

op
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=deskt

op
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=deskt

op
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcv.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=deskt

op
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=deskt

op
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q105&bd=pavilion&pf=deskt

op
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} -

C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} -

C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital

Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded

Program Files\googlenav.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06]

c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmer\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles

filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmer\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE

C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk =

C:\Programmer\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program

Files\googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program

Files\googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program

Files\googlenav.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth -

C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program

Files\googlenav.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} -

http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} -

http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} -

C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} -

C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -

http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner -

C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. -

C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido\security

suite\ewidoguard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner -

C:\Programmer\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. -

C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation -

C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights

Reserved. - C:\Programmer\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation -

C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Remote HID Service (LvHidSvc) - Animation Technologies Inc. -

C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. -

C:\Programmer\VeriSign\NAVI\naviagent.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton

Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

Jooo - der er lidt.

(Godt du har SP2 instaleret!)

La'  <fromsej> køre resten...

Hvordan får jeg ham til det???

Ska' nok dukke op... Ikke nødvendigvis idag/iaften/inat ...

Evt. imens så hent denne scanner:
http://www.spywareinfo.dk/download/mwav.exe
Inde i opsætningen sætter du den til at scanne alt
Kør scanneren.

Ok. Jeg venter. men hvordan giver jeg dig (majsmarken) nogle point?

(Vent på <fromsej> ...)

Undskyld ventetiden, jeg blev arbejdsramt.


Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
---------------------------------------
Sletning af \mapper\ og filer:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:

-------------------
Filer:
ALCXMNTR.EXE
---------------------------------------
Kør Dr.Web igen.
Klik på Options->Change settings. 
Fanebladet Scan, her skal der flueben i alt.
Fanebladet File types, her skal der prik i All files.
Fanebladet Actions, her skal alle punkter under Malware sættes til Report.
---------------------------------------
Genstart normalt, hent og installer programmet Ad-aware hvis du da ikke har det i forvejen. Opdater det straks efter installationen, og inden du kører en scanning med denne. Fjern alt hvad den finder. Programmet samt brugervejledning på dansk finder du her: http://www.spywarefri.dk/tipsogtricks.htm#adaware
Følg også vejledningen her til udvidet søgning:
http://www.spywarefri.dk/manualer/adaware-manual.htm
---------------------------
Genstart normalt og kom med en ny log fra Dr.Web (stadig kun det nederste).

Er dit Winfixerproblem overstået?

He er så den nye log fra DrWeb (efter ovenstående vejledning):

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 119238
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 1
Adware programs found: 3
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 1
Objects moved: 0
Objects ignored: 1
Scan speed: 467 Kb/s
Scan time: 00:42:16
-----------------------------------------------------------------------------


De ting der blev funder var 4 ting fra F-secure antivirus Back Web og en googlena0#ll der lå i windows/Downloaded Programs Files (som blev omdøbt)

Så ser det fornuftigt ud.
Er dit problem løst?

Ja tak, det ser ud til at problemet er løst. tak for hjælpen.

Hvordan giver jeg nu dig point?

Det gør du ved at markere mit navn i boxen, og klikke på Accepter.
Men det kræver at jeg lægger svar, så det gør jeg nu.

Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Det gør jeg - navn markeret - svar accepteret - tak for hjælpen.
Mvh bjornsteen

Velbekomme, tak for point. :-)