Notifikationer

Markér alle som læst Log ud

jih Nybegynder

04. april 2005 - 01:55 Der er 8 kommentarer og
2 løsninger

HijackThis log - for en sikkerheds skyld

Jeg er lidt i tvivl om der skulle være noget spy- / adware på min computer, siden denne log er så stor... (Kender ikke meget til loggen selv, men har fjernet et par stykker)

Gider en eller anden lige fjerne alt snavs herfra? tak.. :)

hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 00.53.58, on 04-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TuneUp Utilities 2004\MemOptimizer.exe
C:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\sgmain.exe
C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\sgbhp.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Windows Media Player\wmplayer.exe
C:\Programmer\Avant Browser\avant.exe
C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.satanaz.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WebPsycho
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\JKUPHA~1\DOKUME~1\--_PRO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogonStudio] "C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Loquax] C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Loquax\Loquax.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmer\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Startup: SpywareGuard.lnk = C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR
O8 - Extra context menu item: Add to AD Black List - C:\Programmer\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\iearc.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Programmer\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Highlight - C:\Programmer\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Programmer\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar &R - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - C:\Programmer\Avant Browser\Search.htm
O9 - Extra button: LWA - Add - {265A6A19-52E3-4666-BAB8-1AC7FAD111A9} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar &R - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: LWA - Load - {EC8BF5B1-2722-41BC-A796-5A71D020D1B8} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2D223D29-1194-4533-BDD7-563EAF3C0042} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {2D223D29-1194-4533-BDD7-563EAF3C0042} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe (HKCU)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c18.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://spybouncer.com/downloader.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {ED3CE078-BB89-42C6-A748-2EC19EA004D4} (BoxFrogAX Control) - http://www.boxfrog.com/BoxFrogConvert.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VeriSign Updater (navi) - Unknown owner - C:\Programmer\VeriSign\NAVI\naviagent.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Synes godt om

kalp Novice

04. april 2005 - 02:57 #1

nu der ikke andre der gør det så skal jeg nok:)

Synes godt om

kalp Novice

04. april 2005 - 03:01 #2

Genstart i Fejlsikret tilstand ved at taste F8 under opstart. Kør HijackThis, scan og sæt et flueben ud for disse linjer - luk øvrige programvinduer. Dobbelttjeck alt kom med!. Klik herefter "Fix checked" i hijackthis:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZR
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c18.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://spybouncer.com/downloader.ocx
O16 - DPF: {ED3CE078-BB89-42C6-A748-2EC19EA004D4} (BoxFrogAX Control) - http://www.boxfrog.com/BoxFrogConvert.cab

Disse hvis du ikke selv kender dem.. kunne ligne noget du selv har hentet
O4 - HKCU\..\Run: [Loquax] C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Loquax\Loquax.exe
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\iearc.htm
O9 - Extra button: LWA - Add - {265A6A19-52E3-4666-BAB8-1AC7FAD111A9} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe
O9 - Extra button: LWA - Load - {EC8BF5B1-2722-41BC-A796-5A71D020D1B8} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc.exe
O9 - Extra button: (no name) - {2D223D29-1194-4533-BDD7-563EAF3C0042} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {2D223D29-1194-4533-BDD7-563EAF3C0042} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe (HKCU)

Find og slet

Mapperne (afinstaller i tilføj og fjern programmer hvis den er der (under kontrolpanelet) og ellers slet mappen. evt begge dele hvis muligt:)

C:\Programmer\MyWebSearch

Denne kun hvis du ikke selv har lavet den.
C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\

Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Diskoprydning og slet temp-filer, temporary internet files og papirkurv.

Genstart normalt og kopir en ny log herind så jeg kan se om vi fik ramt på det hele eller om noget er blevet overset:)

Synes godt om

jih Nybegynder

04. april 2005 - 05:17 #3

vil nu lige sige at SpyBouncer er et spywarefri program... så det skal helst ikke fjernes noget af... skal jeg dog fjerne denne:

O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://spybouncer.com/downloader.ocx

?

C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\ er min egen mappe, ja.. hvor jeg har alle mine programmer.. fikser det imorgen..

Synes godt om

kalp Novice

04. april 2005 - 10:13 #4

vi fjerner også kun O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://spybouncer.com/downloader.ocx

jeg kan ikke lige se vi sletter programmet nogen steder

Synes godt om

jih Nybegynder

04. april 2005 - 13:23 #5

det er også derfor jeg SPØRGER og ikke brokker mig ;)

Synes godt om

kalp Novice

04. april 2005 - 13:26 #6

jeg brokker mig heller ikke *G* blev bare forvirret:o)

Synes godt om

jih Nybegynder

04. april 2005 - 13:55 #7

ok... her er så den nye log:

Logfile of HijackThis v1.99.1
Scan saved at 12.55.04, on 04-04-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Loquax\Loquax.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\TuneUp Utilities 2004\MemOptimizer.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\sgmain.exe
C:\Programmer\Office10\msoffice.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Avant Browser\avant.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.satanaz.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = WebPsycho
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\JKUPHA~1\DOKUME~1\--_PRO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogonStudio] "C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Loquax] C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Loquax\Loquax.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmer\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programmer\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: SpywareGuard.lnk = C:\Documents and Settings\Carsten Risager\Skrivebord\Antivirus, Antispyware, AntiAdware osv\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AD Black List - C:\Programmer\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\iearc.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Programmer\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Customize Menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\GetRight\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms &] - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Highlight - C:\Programmer\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Programmer\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\GetRight\GetRight\GRbrowse.htm
O8 - Extra context menu item: RoboForm Toolbar &R - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search - C:\Programmer\Avant Browser\Search.htm
O9 - Extra button: LWA - Add - {265A6A19-52E3-4666-BAB8-1AC7FAD111A9} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar &R - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: i-Nav Hjælp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: i-Nav Indstillinger - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: LWA - Load - {EC8BF5B1-2722-41BC-A796-5A71D020D1B8} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {2D223D29-1194-4533-BDD7-563EAF3C0042} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {2D223D29-1194-4533-BDD7-563EAF3C0042} - C:\Documents and Settings\Jákup Hansen\Dokumenter\--=PRoGRaMS=--\Local Website Archive\wsarc_add.exe (HKCU)
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cab
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://spybouncer.com/downloader.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by1fd.bay1.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VeriSign Updater (navi) - Unknown owner - C:\Programmer\VeriSign\NAVI\naviagent.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmer\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Synes godt om

kalp Novice

08. april 2005 - 14:02 #8

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

din log er ren.. den linje jeg nævner kan du fixe hvis ikke du kender til den

sorry mit sene response.. men har ikke mails fra E!

Synes godt om

jih Nybegynder

08. april 2005 - 14:49 #9

tak for hjælpen... :-)

Synes godt om

kalp Novice

08. april 2005 - 14:49 #10

selv tak:))

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus	22	26/11/202510:42	23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus	8	31/08/202519:08	01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

01/05

Test: Kan danske Jabra egentlig hamle op med tech-giganterne med sin nye topmodel? Svaret er ja

01/05

Efter mange års tilbagegang i Danmark - nu vokser CGI's omsætning igen

01/05

Nørgaard: En marxistisk analyse af milliardærskat i dagens anledning - fik Marx egentlig ikke ret?

01/05

Rykker tættere på fælles it-drift: 19 kommuner siger ja til hinanden - Aarhus får central rolle

01/05

Den danske datacenter-branche efter kritik: Der skal bygges meget mere. Det haster

01/05

Emagine buldrer frem: Sætter ny omsætningsrekord og har vild vækst på jobfronten

01/05

En særlig ting får vores samfund til at fungere

01/05

It-selskab fra Fyn rejser 261 millioner kroner og gør klar til at købe op i Danmark

01/05

Netcompany bliver eneejer af kæmpe lufthavns-satsning: Københavns Lufthavn forlader ejerkredsen

01/05

Danske Bank satser stort på AI og forventer produktivitets-gevinster i milliardklassen: Her er planerne

01/05

Prosas 1. maj-tale: Den næste store arbejderkamp handler om AI

Vis flere artikler

IT-JOB

Capgemini Danmark A/S

Finance Lead (SAP)

Politiets Efterretningstjeneste

Configuration Manager til PET's IT-afdeling

Økonomistyrelsen

Processtærk it-profil til Statens BI

Netcompany A/S

Erfaren Linux Operations Engineer

TV2

Platform Engineer til Cloud & Infrastructure Platform teamet hos TV 2

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I dag 00:59	Mobilepay app virker ikke mere på Xiaomi Redmi Note 13 Pro Af henrixx i Apps til Android
I går 19:09	Download Win 11 - 25H2 Af ErikHg i Windows
30/0410:42	Access Import af csv fil - forkerte datatyper Af Henrik Berg Hansen i Andet software
29/0419:37	Hente CSV fil, indsætte CSV data i TABEL for JAVASCRIPT Af snestrup2000 i Programmeringsværktøjer
29/0412:23	Facebook Af hkv i Sociale medier

White papers

Find den SOC-model, der virker i praksis
SecureDevice
Arctic Wolf Threat Report 2026: Sådan ændrer ransomware-landskabet sig
Arctic Wolf
Samarbejde mellem AI og mennesker styrker sikkerheden
Konica Minolta
Undgå at printeren bliver svageste led i sikkerheden
Konica Minolta

Flere white papers »