Notifikationer

Markér alle som læst Log ud

digiten Nybegynder

09. september 2004 - 07:52 Der er 20 kommentarer og
1 løsning

Pop-ups ud over det hele

Hey
Jeg sad og surfede på en CS side, og så fandt jeg en cheat og downloadede den (skulle jo lige prøve at se hvordan det egentlig forgik) Så jeg hentede den ned, og smed den på.... Derefter begyndte der at komme popups.....MANGE popups.... Nu sidder jeg med Antivir (der var også virus ibland), webroot cleansweeper og ad-aware.... men hver eneste gang jeg tænder computeren finder jeg omkring 18-20 spyware filer og 5 vira....
Er der ikke en måde jeg kan slippe for det hele?

-Digiten

Synes godt om

resist Nybegynder

09. september 2004 - 08:00 #1

Du kan prøve at vise os, hvad en HijackThis-log indeholder.

Hent Spybot og HijackThis:
http://www.spywarefri.dk/vaerktoj.htm

Installer og kør Spybot, opdater online, scan, afhjælp valgte problemer og genstart.

Derefter kører du Hijackthis > Scan > Save log. Kopier logfilen herind, så kigger vi på den.
Lad være med at slette noget selv med Hijackthis, vi skal nok hjælpe med at tyde loggen.

Synes godt om

digiten Nybegynder

10. september 2004 - 16:35 #2

DSO Exploit....5 entries
alle sammen er regestry changes.....

-Digiten

Synes godt om

digiten Nybegynder

10. september 2004 - 18:37 #3

hov....
Alexa related .....1 entry
NewsUpdate.........5 entries
DSO Exploit.......10 entries
Gain.Gator.........5 entries
HotKeysHook........1 entry

Synes godt om

resist Nybegynder

10. september 2004 - 19:11 #4

Jeg vil gerne se en HijackThis-log - tak.

Synes godt om

digiten Nybegynder

10. september 2004 - 20:46 #5

--- Search result list ---
NewsUpdate: Root class (Registry key, nothing done)
HKEY_CLASSES_ROOT\CTMARQ.CTMarqCtrl.1

NewsUpdate: Configuration file (File, nothing done)
C:\WINDOWS\ctnet.ini

Alexa Related: Link (Replace file, nothing done)
C:\WINDOWS\Web\related.htm

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1614895754-1592454029-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

GAIN.Gator: Common files (Directory, nothing done)
C:\Programmer\Fælles filer\CMEII

GAIN.Gator: Common file (global) (File, nothing done)
C:\Programmer\Fælles filer\GMT\mepgh.dat

GAIN.Gator: Common file (global) (File, nothing done)
C:\Programmer\Fælles filer\GMT\mepcmeft.dat

GAIN.Gator: Common file (global) (File, nothing done)
C:\Programmer\Fælles filer\GMT\meprca.dat

GAIN.Gator: Common files (Directory, nothing done)
C:\Programmer\Fælles filer\GMT

HotKeysHook: Library (File, nothing done)
C:\WINDOWS\system32\H@tKeysH@@k.DLL

--- Spybot - Search && Destroy version: 1.3 ---
2004-08-11 Includes\Cookies.sbi
2004-08-30 Includes\Dialer.sbi
2004-08-30 Includes\Hijackers.sbi
2004-08-20 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-08-30 Includes\Malware.sbi
2004-08-12 Includes\Revision.sbi
2004-08-11 Includes\Security.sbi
2004-08-30 Includes\Spybots.sbi
2004-08-30 Includes\Tracks.uti
2004-08-30 Includes\Trojans.sbi

--- System information ---
Windows XP (Build: 2600) Service Pack 1
/ DataAccess: Microsoft Data Access Components KB870669
/ DataAccess: Security Update for Microsoft Data Access Components
/ Windows Media Player: Windows Media Player Hotfix [Yderligere oplysninger finder du i Q828026]
/ Windows Media Player / SP0: Windows Media Player Hotfix [Yderligere oplysninger finder du i Q828026]
/ Windows Media Player: Windows Media Update 817787
/ Windows XP / SP2: Windows XP Hotfix - KB823182
/ Windows XP / SP2: Windows XP Hotfix - KB824105
/ Windows XP / SP2: Windows XP Hotfix - KB824141
/ Windows XP / SP2: Windows XP Hotfix - KB825119
/ Windows XP / SP2: Windows XP Hotfix - KB826939
/ Windows XP / SP2: Windows XP Hotfix - KB828035
/ Windows XP / SP2: Windows XP Hotfix - KB828741
/ Windows XP / SP2: Windows XP Hotfix - KB835732
/ Windows XP / SP2: Windows XP Hotfix - KB837001
/ Windows XP / SP2: Windows XP Hotfix - KB839643
/ Windows XP / SP2: Windows XP Hotfix - KB839645
/ Windows XP / SP2: Windows XP Hotfix - KB840315
/ Windows XP / SP2: Windows XP Hotfix - KB840374
/ Windows XP / SP2: Windows XP Hotfix - KB841873
/ Windows XP / SP2: Windows XP Hotfix - KB842773
/ Windows XP / SP2: Windows XP Hotfix (SP2) Q819696

--- Startup entries list ---
Located: HK_LM:Run, AudioHQ
command: C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
file: C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
size: 205312
MD5: b5e0234bc4e5d77bfd4be0ee2927169e

Located: HK_LM:Run, AVGCtrl
command: "C:\Programmer\AVPersonal\AVGNT.EXE" /min
file: C:\Programmer\AVPersonal\AVGNT.EXE
size: 122920
MD5: b88ff30c904d7873eca1cde9fbc3b73e

Located: HK_LM:Run, Disc Detector
command: C:\Programmer\Creative\ShareDLL\CtNotify.exe

Located: HK_LM:Run, ICQ Lite
command: C:\Programmer\ICQLite\ICQLite.exe -minimize
file: C:\Programmer\ICQLite\ICQLite.exe
size: 2340432
MD5: 562fdcdacbeca5779d30aadcd3131157

Located: HK_LM:Run, KAZAA
command: C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
file: C:\Programmer\Kazaa\kazaa.exe
size: 3743744
MD5: 00d87d9560e4a80343729de3c59d8c6f

Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 9216
MD5: 2c159db847770ac0540075c44b6c7a9d

Located: HK_LM:Run, NeroCheck
command: C:\WINDOWS\System32\\NeroCheck.exe
file: C:\WINDOWS\System32\\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 5db152abc7200ddcebe032f988741e70

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\RUNDLL32.EXE
size: 31744
MD5: 5db152abc7200ddcebe032f988741e70

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 843776
MD5: e56f22ff356570413a81be1e01c46419

Located: HK_LM:Run, P2P Networking
command: C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

Located: HK_LM:Run, QuickTime Task
command: "C:\WINDOWS\system32\qttask.exe" -atboottime
file: C:\WINDOWS\system32\qttask.exe
size: 98304
MD5: 76a3a30b58405c2c6d833895253a51a9

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
file: C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
size: 32881
MD5: bed6eddbf28db980aa8d3a42d4a05586

Located: HK_LM:Run, sys32
command: C:\WINDOWS\sys32.exe
file: C:\WINDOWS\sys32.exe
size: 45976
MD5: d40d6eed9155afbcc470372bb7bf1d5b

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\Updreg.exe
file: C:\WINDOWS\Updreg.exe
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, WinampAgent
command: C:\Programmer\Winamp\winampa.exe
file: C:\Programmer\Winamp\winampa.exe
size: 33792
MD5: 11aa6662a1be30375afd1a8407811e7e

Located: HK_CU:Run, MsnMsgr
command: "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Programmer\MSN Messenger\MsnMsgr.Exe
size: 4882432
MD5: f914c780dc4a3eb6eec812f0dddc0e3a

Located: HK_CU:Run, Skype
command: "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Programmer\Skype\Phone\Skype.exe
size: 10039488
MD5: f7f48dbc24034f7b497b0d282d6ff2b9

Located: HK_CU:Run, SpySweeper
command: "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
file: C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
size: 3209728
MD5: 80dc5c8345a282edf5165b793eeafd93

Located: HK_CU:Run, Steam
command: C:\Spil\Steam\Steam.exe -silent
file: C:\Spil\Steam\Steam.exe
size: 1208320
MD5: 3828d27232aed15424c50467d2a4c06e

Located: HK_CU:RunOnce, ICQ Lite
command: C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot
file: C:\PROGRA~1\ICQLite\ICQLite.exe
size: 2340432
MD5: 562fdcdacbeca5779d30aadcd3131157

Located: Startup (common), Microsoft Office.lnk
command: C:\Programmer\Microsoft Office\Office\OSA9.EXE
file: C:\Programmer\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 3304e44215380e547d805e55d5c1aade

--- Browser helper object list ---
{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} (myBar BHO)
BHO name: myBar BHO
CLSID name: myBar BHO
description: MyWay.MyBar
classification: Confirmed as malware
known filename: Mybar.dll
info link: http://bfc.myway.com/soft/promo/id/myspeedbar.html
info source: TonyKlein

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDHelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 12-05-2004 01:03:00
Date (last access): 10-09-2004 20:31:48
Date (last write): 12-05-2004 01:03:00
Filesize: 744960
Attributes: archive
MD5: ABF5BA518C6A5ED104496FF42D19AD88
CRC32: 5587736E
Version: 0.1.0.3

--- ActiveX list ---
v2cab (v2cab)
DPF name: v2cab
CLSID name:

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object)
DPF name:
CLSID name: QuickTime Object
description: Apple Quicktime
classification: Legitimate
known filename: QTPLUGIN.OCX
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\
Long name: qtplugin.ocx
Short name:
Date (created): 02-05-2004 17:13:44
Date (last access): 10-09-2004 17:10:38
Date (last write): 02-05-2004 17:13:44
Filesize: 360504
Attributes: archive
MD5: F88CD154B9627646E9DDA1679155E4E3
CRC32: 5B04FF79
Version: 0.6.0.5

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
description: Macromedia ShockWave Flash Player 7
classification: Unknown
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 24-08-2004 15:13:56
Date (last access): 10-09-2004 17:10:14
Date (last write): 28-05-2004 01:38:00
Filesize: 54480
Attributes: archive
MD5: 408F53722D9C1280BF4EDD70341EA7F2
CRC32: 4EB8819E
Version: 0.10.0.0

{1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer)
DPF name:
CLSID name: Web P2P Installer
Path: C:\WINDOWS\Downloaded Program Files\
Long name: WebP2PInstaller.dll
Short name: WEBP2P~1.DLL
Date (created): 05-09-2004 09:06:50
Date (last access): 10-09-2004 20:19:54
Date (last write): 05-09-2004 09:06:50
Filesize: 88576
Attributes: archive
MD5: 8494BA3CD9AE4E1737E3A73E706ECE19
CRC32: 791EFEF9
Version: 0.1.0.1

{33564D57-0000-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:

{386A771C-E96A-421F-8BA7-32F1B706892F} ()
DPF name:
CLSID name:

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programmer\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 03-06-2068 22:05:12
Date (last access): 10-09-2004 18:41:40
Date (last write): 03-06-2004 22:05:06
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 0.1.0.4

{9F1C11AA-197B-4942-BA54-47A8489BB47F} ()
DPF name:
CLSID name:
description: Windows Update
classification: Legitimate
known filename: %WINDIR%\System32\iuctl.dll,iuengine.dll
info link:
info source: Patrick M. Kolla

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
DPF name: Java Runtime Environment 1.4.2
CLSID name: Java Plug-in 1.4.2_05
Path: C:\Programmer\Java\j2re1.4.2_05\bin\
Long name: NPJPI142_05.dll
Short name: NPJPI1~1.DLL
Date (created): 03-06-2068 22:05:12
Date (last access): 10-09-2004 20:45:52
Date (last write): 03-06-2004 22:05:06
Filesize: 65650
Attributes: archive
MD5: 174488C8877FA852448D1937C322AABB
CRC32: 62C2460D
Version: 0.1.0.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Programmer\ACE Mega CoDecS Pack\SystemS\
Long name: flash.ocx
Short name:
Date (created): 08-04-2004 17:51:02
Date (last access): 10-09-2004 19:56:00
Date (last write): 08-04-2004 17:51:02
Filesize: 939368
Attributes: archive
MD5: 2FB1D6FAB135CEE391AB3D70E1C26347
CRC32: 488FA4EC
Version: 0.7.0.0

{E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch)
DPF name:
CLSID name: UCSearch.ucUCSearch

--- Process list ---
Spybot - Search && Destroy process list report, 10-09-2004 20:45:50

PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 116 ( 708) C:\WINDOWS\System32\svchost.exe
PID: 208 (1924) C:\WINDOWS\System32\devldr32.exe
PID: 480 ( 708) C:\Programmer\AVPersonal\AVGUARD.EXE
PID: 492 ( 708) C:\Programmer\AVPersonal\AVWUPSRV.EXE
PID: 564 ( 708) C:\WINDOWS\System32\nvsvc32.exe
PID: 592 ( 4) \SystemRoot\System32\smss.exe
PID: 640 ( 592) \??\C:\WINDOWS\system32\csrss.exe
PID: 664 ( 592) \??\C:\WINDOWS\system32\winlogon.exe
PID: 708 ( 664) C:\WINDOWS\system32\services.exe
PID: 720 ( 664) C:\WINDOWS\system32\lsass.exe
PID: 912 ( 708) C:\WINDOWS\system32\svchost.exe
PID: 956 ( 708) C:\WINDOWS\System32\MsPMSPSv.exe
PID: 1012 ( 708) C:\WINDOWS\System32\svchost.exe
PID: 1180 ( 708) C:\WINDOWS\System32\svchost.exe
PID: 1212 ( 708) C:\WINDOWS\System32\svchost.exe
PID: 1400 ( 708) C:\WINDOWS\system32\spoolsv.exe
PID: 1696 (1708) C:\Programmer\MSN Messenger\msnmsgr.exe
PID: 1708 (1648) C:\WINDOWS\Explorer.EXE
PID: 1788 (1708) C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
PID: 1876 (1708) C:\WINDOWS\System32\RUNDLL32.EXE
PID: 1892 (1708) C:\Programmer\AVPersonal\AVGNT.EXE
PID: 1924 (1708) C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
PID: 1936 (1708) C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
PID: 1952 (1708) C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
PID: 1980 (1708) C:\WINDOWS\sys32.exe
PID: 2012 (1708) C:\Spil\Steam\Steam.exe
PID: 2264 (1708) C:\Programmer\Internet Explorer\iexplore.exe
PID: 3504 (3224) C:\PROGRA~1\ICQLite\ICQLite.exe
PID: 4052 (1708) C:\Programmer\Internet Explorer\iexplore.exe

--- Browser start & search pages list ---
Spybot - Search && Destroy browser pages report, 10-09-2004 20:45:50

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://google.icq.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://google.icq.com/search/search_frame.php
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.lunarstorm.dk/home.asp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{390C8C63-090D-4714-A1A2-22D9CD43B761}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{390C8C63-090D-4714-A1A2-22D9CD43B761}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BFEEF0F-5EF8-45D5-8595-D8B807FC077C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BFEEF0F-5EF8-45D5-8595-D8B807FC077C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8F67A94-571E-47A5-8E65-A908BD23726D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D8F67A94-571E-47A5-8E65-A908BD23726D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87721235-A0A3-45C1-BB97-0A4EA0E47F93}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87721235-A0A3-45C1-BB97-0A4EA0E47F93}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-navneområde (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Synes godt om

digiten Nybegynder

10. september 2004 - 20:55 #6

håber det er den du mener...

Synes godt om

resist Nybegynder

10. september 2004 - 21:13 #7

Som før sagt, vil jeg godt bede om en log fra programmet HijackThis – tak.

Download HijackThis: http://danborg.org/spy/HJT/hijackthis.exe ... eller her: http://spywarewarrior.com/files/HijackThis.exe

Efter download dobbeltklikkes på Hijackthis.exe og programmet kører. Klik på Scan, klik på Save log, kopier hele loggen og læg en kopi herind i tråden.
Lad være med selv at fixe/slette noget med HijackThis - vi skal nok hjælpe dig med at "tyde" loggen.

Synes godt om

resist Nybegynder

10. september 2004 - 21:15 #8

Hvis du er i tvivl om noget, spørger du bare ;-)

Synes godt om

digiten Nybegynder

10. september 2004 - 22:06 #9

Sorry... læsefejl fra min side....

Logfile of HijackThis v1.98.2
Scan saved at 22:06:03, on 10-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\sys32.exe
C:\Spil\Steam\Steam.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\ICQLite\ICQLite.exe
C:\Programmer\Winamp\Winamp.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\utils\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.dk/home.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmer\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmer\ICQToolbar\toolbaru.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Programmer\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Spil\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmer\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Allow popups - file://C:\Programmer\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://cshax.fionex.com/wss.exe
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB

Synes godt om

resist Nybegynder

10. september 2004 - 22:32 #10

Begynd med at afinstallere Kazaa og P2P-Networking via tilføj/fjern programmer.
Alternativt kan du bruge dette program til at fjerne Kazaa: http://danborg.org/spy/Kazaabegone/Kazaabegone.zip

Du skal også afinstallere MyWay\myBar via tilføj/fjern programmer (hvis du kan).

Herefter genstarter du og kopierer en ny HijackThis-log herind – tak.

Synes godt om

digiten Nybegynder

10. september 2004 - 22:40 #11

det er især denne her der volder mig problemer...
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://cshax.fionex.com/wss.exe

men nu er loggen således:

Logfile of HijackThis v1.98.2
Scan saved at 22:39:48, on 10-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\sys32.exe
C:\Spil\Steam\Steam.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\SV37QSP1\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.dk/home.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmer\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmer\ICQToolbar\toolbaru.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Spil\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmer\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Allow popups - file://C:\Programmer\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://cshax.fionex.com/wss.exe
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB

Kunne ikke slette "My search bar"

-Digiten

Synes godt om

resist Nybegynder

10. september 2004 - 22:42 #12

Nu skal jeg kigge den nye log igennem.

Synes godt om

resist Nybegynder

10. september 2004 - 22:47 #13

Bruger du ICQtoolbar?

Synes godt om

digiten Nybegynder

10. september 2004 - 22:53 #14

Logfile of HijackThis v1.98.2
Scan saved at 22:53:52, on 10-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\AVPersonal\AVGNT.EXE
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\sys32.exe
C:\Spil\Steam\Steam.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\SV37QSP1\hijackthis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.dk/home.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Spil\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRA~1\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Allow popups - file://C:\Programmer\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://cshax.fionex.com/wss.exe
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB

Synes godt om

resist Nybegynder

10. september 2004 - 23:03 #15

Opret en mappe kun til HijackThis. Placer HijackThis i denne mappe og kør programmet derfra.

Herunder er der nogle filer, som du skal fixe. Sæt en vinge ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned.

Fix disse med HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe

O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://cshax.fionex.com/wss.exe
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB

----
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".
----

Genstart i fejlsikret tilstand (F8 i opstart). Find og slet:

C:\Programmer\MyWay\ >>>> mappen MyWay
C:\WINDOWS\sys32.exe >>>> filen sys32.exe

Genstart almindeligt og send en ny log herind til tjek – tak.

Synes godt om

digiten Nybegynder

10. september 2004 - 23:14 #16

Logfile of HijackThis v1.98.2
Scan saved at 23:13:59, on 10-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\qttask.exe
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\ICQLite\ICQLite.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Spil\Steam\Steam.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.dk/home.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Spil\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Allow popups - file://C:\Programmer\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE

Synes godt om

resist Nybegynder

10. september 2004 - 23:20 #17

Fix denne med HijackThis:

O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe

Genstart i fejlsikret. Find og slet:

C:\WINDOWS\sys32.exe >>>> filen sys32.exe (hvis den stadig er der)

Genstart normalt og ny log til tjek – tak.

Synes godt om

digiten Nybegynder

10. september 2004 - 23:28 #18

Logfile of HijackThis v1.98.2
Scan saved at 23:28:00, on 10-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\qttask.exe
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\ICQLite\ICQLite.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Spil\Steam\Steam.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.dk/home.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Spil\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Allow popups - file://C:\Programmer\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE

Synes godt om

resist Nybegynder

10. september 2004 - 23:37 #19

Har du Ad-Aware installeret? Hvis ja, så prøv at afinstallere programmet sammen med Spybot.

Derefter fixer du denne med HijackThis:

O4 - HKLM\..\Run: [sys32] C:\WINDOWS\sys32.exe

Genstart og ny log – tak.

Synes godt om

digiten Nybegynder

10. september 2004 - 23:41 #20

Logfile of HijackThis v1.98.2
Scan saved at 23:41:22, on 10-09-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programmer\Winamp\winampa.exe
C:\Programmer\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\qttask.exe
C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programmer\ICQLite\ICQLite.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Spil\Steam\Steam.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\devldr32.exe
C:\Programmer\AVPersonal\AVGUARD.EXE
C:\Programmer\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.dk/home.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmer\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programmer\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Programmer\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] C:\Spil\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programmer\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Allow popups - file://C:\Programmer\Ultimate Popup Killer\Popupkiller.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmer\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE

Synes godt om

resist Nybegynder

10. september 2004 - 23:45 #21

Det har du gjort godt ;-)

Din log ser ren ud. Du skal lige slå systemgendannelse fra: http://www.spywarefri.dk/virusscannere.htm#alle genstarte og slå systemgendannelse til igen. Herefter må du også sætte mappeindstillinger tilbage til oprindelige indstillinger.

Her er et link til sikker surfing: http://www.spywarefri.dk/pakken.htm

Disse kan eventuelt stoppes i msconfig - de bruger bare af computerens ”kræfter” og kan startes via Start > Programmer.
Gå i Start > Kør. Skriv: msconfig > OK. Under fanebladet Start fjerner du vingen ud for:

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" –atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

Hjalp ”kuren”?

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Andet hardware kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Fastnettelefon Af nu_igen i Andet hardware	7	11/03/202607:12	13/03/202608:04
Streaming Box Af mikerojakes i Andet hardware	3	06/03/202611:57	08/03/202609:45
Antal enheder i samme stikkontakt ? Af GHQ i Andet hardware	13	25/02/202622:27	27/02/202617:05
USB-USB bro Af snestrup2000 i Andet hardware	0	18/02/202615:13	-
Kontakt med automatisk tænd efter sluk Af Dan Elgaard i Andet hardware	8	17/02/202616:13	19/02/202613:49

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

10/04

Test: Denne mikro-pc er langt mere slagkraftig end den ser ud

10/04

SAS Institute rykker rundt i topledelsen: Her er selskabets nye danske landechef

10/04

Dansk AI-ekspert med ildevarslende spådom: "Vi er alle sammen på vej hen imod en stor sort mur, og vi aner ikke, hvad der findes på den anden side"

10/04

Nørgaard: Jeg er skuffet over Googles Gemini - og jeg har min egen forklaring på, hvorfor det er gået galt for Google

10/04

Først blev Teams smidt på porten – nu vil Frankrig også af med Windows

10/04

Nyt job til Danmarks bedste CISO: Får ansvaret for 64.000 ansatte

10/04

Flere hundredetusinder togrejsende ramt: Stjålne persondata sat til salg efter cyberangreb

10/04

Så meget får de danske it-konsulenter i løn: Næsten alle forventer mere i lønposen ved næsten lønforhandling

10/04

Her er 10 konkrete måder at måle på, om kunstig intelligens skaber værdi for dig

10/04

Microsoft sænker prisen på tre af sine cloud-løsninger med 20 procent

10/04

Kunstig intelligens i praksis – og uden hype

Vis flere artikler

IT-JOB

TV2

Erfaren leder til Finance og People & Culture teknologi i TV 2

Politiets Efterretningstjeneste

Datacentertekniker hos PET

Banedanmark

Software Asset Manager

Semler IT

Azure Cloud Engineer til Cloud Platforms teamet - Semler IT

KMD A/S

Projektleder

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 17:32	Jeg kan ikke opdatere min iPad til ios 26.4.1. Af Bettina i Apps til iOS
I går 08:32	Office pakke LTSC vs Retail? Af Don G i Office & Kontorpakker
10/0421:19	Lydindstilling Prosonic TV Af TageArent i Fjernsyn & projektorer
10/0415:37	Sort skærm Af mort1 i Windows
09/0412:32	iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS

White papers

Arctic Wolf Security Operations Report 2025: Indblik i moderne sikkerhedsdrift
Arctic Wolf
Find den SOC-model, der virker i praksis
SecureDevice
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf

Flere white papers »