I use adaware and spyware S&D (also hijackthis! )
the programms show me that these files , directories and reg keys are identified , remove them but 1 sec. after they re appear .... that suxx ..
here is my hijackthis logfile maybe you guys can help me .....
(sorry for my bad english i am a german ^^ )
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\QuickTime\qttask.exe
c:\windows\system32\dxmvbwp.exe
E:\Programme\oOffice\program\soffice.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
E:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\chris\LOKALE~1\Temp\Rar$EX00.281\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.de/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] E:\Programme\corel12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081105 serial=dr12wex-1504397-kty lang=DE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ehe] C:\WINDOWS\System32\ehe.exe
O4 - HKLM\..\Run: [rpdsnki] c:\windows\system32\dxmvbwp.exe r
O4 - HKCU\..\Run: [wuro] C:\PROGRA~1\COMMON~1\wuro\wurom.exe
O4 - Startup: OpenOffice.org 1.0.2.lnk = E:\Programme\oOffice\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: 50 FREE MP3s! - {686C970F-1D7D-4469-85D1-4B35763B56CC} - http://www.emusic.com?fref=149133 (file missing)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe