Hijack log

ser på den dejlig lange log

Download og gem denne scanner på skrivebordet. (Vi skal bruge den senere)
http://www.spywareinfo.dk/download/mwav.exe

Genstart i Fejlsikret tilstand ved at taste F8 under opstart.

Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelt tjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://82.179.166.192/index.php?v=6&aff=503052
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *new-search.net*;*x-google.net*
F3 - REG:win.ini: load=C:\\sex.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\Run: [Win H0st Manager] sd32.exe
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒTµõwÞ4øwÿÿÿÿ¤ü
O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\RunServices: [Win H0st Manager] sd32.exe
O4 - HKLM\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒTµõwÞ4øwÿÿÿÿ¤ü
O4 - HKLM\..\RunOnce: [Win H0st Manager] sd32.exe
O4 - HKCU\..\Run: [Msn Configuration Loader] msngms.exe
O4 - HKCU\..\Run: [Win H0st Manager] sd32.exe
O4 - HKCU\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒTµõwÞ4øwÿÿÿÿ¤ü
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒTµõwÞ4øwÿÿÿÿ¤ü
O4 - HKCU\..\RunOnce: [Win H0st Manager] sd32.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {21C5F317-4F3F-11D3-AEC7-00C04F610D45} (EDrawingView Class) - http://www.3diw.com/InstantWebsite/CABFiles/eDrawings/eDwControl.cab


Åbn Stifinder, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Find og slet (Kig godt efter!!.. Det du ikke finder har hijackthis nok fjernet!)

Filerne

C:\\sex.exe
C:\WINDOWS\System32\sd32.exe
C:\foo.mht

søg efter filerne "ptipbm.dll" "msngms.exe" og slet dem.

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files

Genstart normalt og kopir en ny log herind så jeg kan se om vi fik ramt på det hele eller om noget er blevet overset:)

Efter at have scannet med mwav.exe fik jeg følgende:

File C:\WINDOWS\System32\tksrv99.exe infected by "Trojan-Downloader.Win32.Esepor.aa" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\tmksrvu.exe infected by "Trojan-Downloader.Win32.Esepor.ab" Virus. Action Taken: File Deleted.
File C:\WINDOWS\System32\xplugin.dll infected by "Trojan-Downloader.Win32.Esepor.v" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Andreas Jensen\Desktop\Hijack\backups\backup-20050422-141203-227 infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Andreas Jensen\Desktop\Hijack\hijackthis.log infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Andreas Jensen\Local Settings\Temp\crack.exe tagged as not-a-virus:Tool.Win32.TPE.a. No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009B6B1F.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\04E058E5 infected by "Trojan.Win32.Favadd.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\07AF7155.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09826553.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CF32EEF.htm infected by "Exploit.VBS.Phel.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CF658EB.zip infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0CFD2CE4.class infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D0300DD.class infected by "Trojan.Java.ClassLoader.Dummy.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D0A54D6.class infected by "Exploit.Java.Bytverify" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0D1028CF.htm infected by "Exploit.VBS.Phel.a" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\22E53C9A infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2A3B24B5.SPL infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2F492979.SPL infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3B986F9E.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D7A7FCE.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3E4E28E5.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\40F307A3.exe infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\473E7D5B.exe infected by "IM-Worm.Win32.Kelvir.l" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\4BC579D6.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55A1552C.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5679283F.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\574A2759.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58284E64.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C6E3FB0.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5EB94529.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\606E4CFE infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\627D2705.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66E7662A.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\68723E77.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C327657.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6E0B4C03.exe infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71A52C5F.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B423301.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7BCF4066.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7DF0240E.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7EF542EF.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: File Renamed.
File C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\219.tmp infected by "Email-Worm.Win32.Stator.a" Virus. Action Taken: File Deleted.
File C:\RECYCLER\NPROTECT\00077089.exe infected by "Backdoor.Win32.Wootbot.u" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP221\A0079596.exe infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP221\A0079597.exe infected by "IM-Worm.Win32.Kelvir.l" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP221\A0079601.exe infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079790.exe infected by "Backdoor.Win32.Wootbot.u" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079797.exe infected by "Backdoor.Win32.SdBot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079823.exe infected by "Trojan-Downloader.Win32.Esepor.aa" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079824.exe infected by "Trojan-Downloader.Win32.Esepor.ab" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079825.dll infected by "Trojan-Downloader.Win32.Esepor.v" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079826.exe infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079827.exe infected by "IM-Worm.Win32.Kelvir.l" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079828.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079829.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079830.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079831.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079832.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079833.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079834.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079835.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079836.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079837.exe infected by "Backdoor.Win32.Agobot.wl" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079838.exe infected by "Backdoor.Win32.SdBot.wt" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{3816D28C-2598-43CB-A879-25058B855BDC}\RP222\A0079839.exe infected by "Backdoor.Win32.Wootbot.u" Virus. Action Taken: File Renamed.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\trs15.exe infected by "Trojan-Downloader.Win32.Small.yw" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\trs15.exe infected by "Trojan-Downloader.Win32.Small.yw" Virus. Action Taken: File Deleted.
File D:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214785.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214786.exe tagged as not-a-virus:AdWare.Cydoor. No Action Taken.
File D:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214790.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214800.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File D:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214926.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP299\A0214709.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP299\A0214710.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214950.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File H:\System Volume Information\_restore{D87A8DD3-8C90-4E13-B245-7029D39E0919}\RP301\A0214954.exe tagged as not-a-virus:RiskWare.Proxy.Acceleration. No Action Taken.

slå systemgendannelse fra.. og genstart din pc en gang så skulle tingene være væk

Hvordan slår jeg den fra?

NY LOG!



Logfile of HijackThis v1.99.1
Scan saved at 15:42:45, on 22-04-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$EASYJOB\Binn\sqlservr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LMPC3\lockpc.exe
C:\Program Files\Motorola\A925 Desktop Suite\ConnMngmntBox.exe
C:\Program Files\Motorola\A925 Desktop Suite\ECTaskScheduler.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Motorola\A925DE~1\Elogerr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Motorola\A925DE~1\BROADC~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\PROGRA~1\Motorola\A925DE~1\SCRFS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Promise\Utility\MsgSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Andreas Jensen\Desktop\Hijack\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
O4 - Global Startup: A925 Connection Manager.lnk = ?
O4 - Global Startup: A925 Task Scheduler.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Motorola Desktop Suite mRouter Config.lnk = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
O4 - Global Startup: Motorola Desktop Suite.lnk = C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgSvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hvordan slår jeg systemgendannelse fra?

slet filen

C:\Documents and Settings\Andreas Jensen\Local Settings\Temp\crack.exe

loggen  er ren og vi er færdige:)

højreklik på denne computer og vælge egenskaber.. vælge systemgendannelse og sæt flueben i feltet der slå det fra..

genstart og slå det til igen:)

tillykke med en ren pc

Tusind tak for hjælpen!
Point til kalp!

selv tak:))