har mange processer kørende

Følg vejledningen i denne artikel, så kan vi bedre vurdere det:
http://www.eksperten.dk/artikler/954

kan ikke finde drweb-curiet.exe nogen steder

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Hvis du har en firewall, skal du måske lukke den, før du kan hente det.

kunne ikke finde filen drweb32.log under søgningen?

resultatet fra superantispyware kommer her under

SUPERAntiSpyware Scan Log
Generated 05/19/2006 at 02:18 AM

Core Rules Database Version : 2939
Trace Rules Database Version: 1054

Memory threats detected  : 0
Registry threats detected : 0
File threats detected    : 44

Adware.Tracking Cookie
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@www.sexica[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@cz3.clickzs[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ads.i-am-bored[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@northwestairlines.112.2o7[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@e2.emediate[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@netstats[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ads2.jubii[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1072572187[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@indextools[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ad1.emediate[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@cz7.clickzs[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1071802871[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@focalex[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@mb[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@stats1.reliablestats[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1072603987[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1072077019[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@tradedoubler[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ad.zanox[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ads.perfion[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@data3.perf.overture[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1071903889[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@overture[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@stats[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@perf.overture[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@track.adform[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@image.masterstats[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@sexmouze[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@adbrite[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@www.webstat[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@mb[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@cz8.clickzs[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1067547454[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@1070430424[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@e-2dj6wjmigodpsfq.stats.esomniture[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@cgi-bin[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ad.yieldmanager[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@ads.monster[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@revsci[2].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@pinnaclesystems.122.2o7[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@adsense[1].txt
    C:\Documents and Settings\Poul Pedersen\Cookies\poul pedersen@stats[2].txt

Adware.webHancer
    C:\Documents and Settings\Poul Pedersen\Lokale indstillinger\Temp\wh.exe

Logfile of HijackThis v1.99.1
Scan saved at 02:25:28, on 19-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\No-IP\DUC20.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Poul Pedersen\Skrivebord\ny\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grapo.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grapo.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Web Camera
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: No-IP DUC.lnk = C:\Programmer\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.xaraonline.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.0.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: pushow11.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VeriSign Updater (navi) - Unknown owner - C:\Programmer\VeriSign\NAVI\naviagent.exe"  uimode=agentupdate (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe

ps. dr.web fandt 1 den deletede og 2 den renamede?????

pps hvad kan folk stjæle fra alle de hyperlinks der fremgår fra min hijack log?????

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, genstart i fejlsikret (tryk på <F8> under opstarten), slet mapper og filer listet længere nede.

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O20 - AppInit_DLLs: pushow11.dll

---------------------------------------
Sletning af \mapper\ og filer:
Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
Brug af Start->Søg.
Klik på "Skift søgefunktioner for filer og mapper"
Sæt prik i "Avanceret" og klik OK.
Klik på "Alle filer og mapper"
Klik på "Flere avancerede indstillinger"
Sæt flueben i de tre øverste.
-------------------
Mapper:
<Ingen>
-------------------
Filer:
C:\Programmer\Logitech\Desktop Messenger\8876480\\Program\BackWeb-8876480.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
pushow11.dll
---------------------------------------
Genstart normalt og kom med en frisk Hijackthislog.

(PPS: Intet)

ok gjorde som beskrevet....men overså desværre at det skulle være i fejlsikret tilstand, prøvede så det bagefter men da var de ting jeg skulle fjerne allerede væk...håber det er lykkedes her er den friske hijackthislog
Logfile of HijackThis v1.99.1
Scan saved at 11:54:17, on 21-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\VeriSign\NAVI\naviagent.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\NavNT\vptray.exe
C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\No-IP\DUC20.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Poul Pedersen\Skrivebord\ny\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.dk/0SEDADK/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grapo.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grapo.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programmer\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmer\Fælles filer\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmer\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Web Camera
O4 - HKLM\..\Run: [AnyDVD] C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: No-IP DUC.lnk = C:\Programmer\No-IP\DUC20.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Programmer\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.xaraonline.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.5.0.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VeriSign Updater (navi) - Unknown owner - C:\Programmer\VeriSign\NAVI\naviagent.exe"  uimode=agentupdate (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programmer\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe

ps. forresten da jeg klikke på fixthis kom der et popup vindue og skrev noget om en fejl.
og de filer du beskriver nederst kan jeg ikke se længere findes?????

Så er din log ren, vi behøver ikke at se flere.
Du bør lige deaktivere systemgendannelse, genstarte og genaktivere samt sætte filvisning til normal.
http://spywarefri.dk/virusscannere.htm#alle - Systemgendannelse.
Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis ikke skjulte filer og mapper".

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, IE-Spyad og IE Privacy Keeper.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Hvad angår dine processer, tag et kig her, så kan du selv vurdere hvilke du kan undvære i opstarten.
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Mange tak for hjælpen, det var virkeligt dejligt.

ps. jeg prøvede lige at køre spybot bagefter:
den fand 4 h-keyusers fra funweb som den ikke kan fjerne og det har aldrig lykkedes mig at få dem værk??

og den fandt også noget der hedder virus overide som jeg rtor er fra et windows program?

Spybot laver en log, jeg har det ikke installeret i øjeblikket, men se om du kan finde den, kopier den så herind.
Ellers må jeg se at få det installeret, så jeg kan guide dig.

Tak for point.*S*

Dette er loggen fra spybot....nogen ide hvad det er den finder???

Windows Security Center.AntiVirusOverride: Indstillinger (Registreringsdatabaseændring, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

FunWebProducts: Indstillinger (Registreringsdatabasenøgle, nothing done)
  HKEY_USERS\S-1-5-18\Software\Fun Web Products

FunWebProducts: Indstillinger (Registreringsdatabasenøgle, nothing done)
  HKEY_USERS\S-1-5-20\Software\Fun Web Products

FunWebProducts: Indstillinger (Registreringsdatabasenøgle, nothing done)
  HKEY_USERS\S-1-5-19\Software\Fun Web Products

FunWebProducts: Indstillinger (Registreringsdatabasenøgle, nothing done)
  HKEY_USERS\.DEFAULT\Software\Fun Web Products

Den øverste fortæller at du har ændret i windows sikkerhedscenter.

Funweb skulle gerne væk.
Hent og installer Registrar Lite:
http://www.resplendence.com/download/rrtri.exe

Start programmet, kopier linierne ind en af gangen, marker Fun Web products og klik på det røde kryds øverst for at slette.

HKEY_USERS\S-1-5-18\Software\
HKEY_USERS\S-1-5-20\Software\
HKEY_USERS\S-1-5-19\Software\
HKEY_USERS\.DEFAULT\Software\

Så skulle det problem være løst også.

næææ det skete ikke jeg fik "acces denied" og de er der stadig????

Prøv at opnå fuld tilladelse over nøglerne:
http://www.fromsej.dk/billeder/tillad1.jpg
http://www.fromsej.dk/billeder/tillad2.jpg

ikke muligt i light versionen

Du skal nok gøre det med Regedit, i stedet for.
Klik på Start->Kør skriv regedit og klik OK.