For at kunne se alle filer:

Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved “Skjul beskyttede operativsystemfiler”.
Fjern flueben ved “Skjul filtypenavne for kendte filtyper”.
Sæt prik i “Vis skjulte filer og mapper”.

Kør HijackThis, scan og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik “Fix checked”:

O4 - HKLM/../Run: [MyWebSearch Email Plugin] C:/PROGRA~1/MYWEBS~1/bar/1.bin/mwsoemon.exe
O4 - HKCU/../Run: [MyWebSearch Email Plugin] C:/PROGRA~1/MYWEBS~1/bar/1.bin/mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:/Program Files/MyWebSearch/bar/1.bin/MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:/Program Files/MyWebSearch/bar/1.bin/MWSOEMON.EXE
O8 - Extra context menu item: &Search; - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

Find og slet C:/Program Files/MyWebSearch

Genstart, kør HijackThis, scan og læg en frisk log herind.

Logfile of HijackThis v1.98.1
Scan saved at 18:17:22, on 7-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:/WINDOWS/System32/smss.exe
C:/WINDOWS/system32/winlogon.exe
C:/WINDOWS/system32/services.exe
C:/WINDOWS/system32/lsass.exe
C:/WINDOWS/system32/svchost.exe
C:/WINDOWS/System32/svchost.exe
C:/WINDOWS/system32/spoolsv.exe
C:/WINDOWS/system32/userinit.exe
C:/WINDOWS/Explorer.EXE
C:/Program Files/Common Files/Symantec Shared/ccApp.exe
C:/Program Files/Common Files/Symantec Shared/ccRegVfy.exe
C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb06.exe
C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe
C:/Program Files/Winamp/winampa.exe
C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe
C:/WINDOWS/System32/ctfmon.exe
C:/Program Files/MSN Messenger/msnmsgr.exe
C:/WINDOWS/System32/RUNDLL32.EXE
C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnf.exe
C:/Documents and Settings/Sandra/Bureaublad/hijackthis/hijackthis.exe

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Start Page = http://www.l1.nl/
R0 - HKCU/Software/Microsoft/Internet Explorer/Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:/Program Files/Adobe/Acrobat 5.0/Reader/ActiveX/AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:/Program Files/Spybot - Search & Destroy/SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:/Program Files/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Radio; - {8E718888-423F-11D2-876E-00A0C9082467} - C:/WINDOWS/System32/msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:/Program Files/Norton AntiVirus/NavShExt.dll
O3 - Toolbar: &Google; - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:/WINDOWS/Downloaded Program Files/googlenav.dll
O4 - HKLM/../Run: [ccApp] “C:/Program Files/Common Files/Symantec Shared/ccApp.exe”
O4 - HKLM/../Run: [ccRegVfy] “C:/Program Files/Common Files/Symantec Shared/ccRegVfy.exe”
O4 - HKLM/../Run: [HPDJ Taskbar Utility] C:/WINDOWS/System32/spool/drivers/w32x86/3/hpztsb06.exe
O4 - HKLM/../Run: [NeroFilterCheck] C:/WINDOWS/system32/NeroCheck.exe
O4 - HKLM/../Run: [QuickTime Task] “C:/Program Files/QuickTime/qttask.exe” -atboottime
O4 - HKLM/../Run: [Share-to-Web Namespace Daemon] C:/Program Files/Hewlett-Packard/HP Share-to-Web/hpgs2wnd.exe
O4 - HKLM/../Run: [NvCplDaemon] RUNDLL32.EXE C:/WINDOWS/System32/NvCpl.dll,NvStartup
O4 - HKLM/../Run: [nwiz] nwiz.exe /install
O4 - HKLM/../Run: [WinampAgent] C:/Program Files/Winamp/winampa.exe
O4 - HKLM/../Run: [AVG_CC] C:/PROGRA~1/Grisoft/AVG6/avgcc32.exe /STARTUP
O4 - HKCU/../Run: [CTFMON.EXE] C:/WINDOWS/System32/ctfmon.exe
O4 - HKCU/../Run: [msnmsgr] “C:/Program Files/MSN Messenger/msnmsgr.exe” /background
O4 - HKCU/../Run: [NvMediaCenter] RUNDLL32.EXE C:/WINDOWS/System32/NVMCTRAY.DLL,NvTaskbarInit
O8 - Extra context menu item: &Google; Search - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links; - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed; Snapshot of Page - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmcache.html
O8 - Extra context menu item: Si&milar; Pages - res://C:/WINDOWS/Downloaded Program Files/googlenav.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/MSMSGS.EXE
O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:/Program Files/Messenger/MSMSGS.EXE
O16 - DPF: {003FADA5-8FEE-11D6-AFB7-0004768F6183} (CryptoRSA Control) - https://www.p3.postbank.nl/sesam/CAX.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28177.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game13.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
O16 - DPF: {F7E7FE39-7298-442F-97CE-B7A5E9AFE12D} (Info Class) - http://www.spelpunt.nl/idtool.cab

haaber at det ser bedre ud nu mange tak;)

Din vens log er ren