CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede emilt Nybegynder
28. april 2006 - 16:53 Der er 32 kommentarer og
2 løsninger

klik på googlelinks virker ikke, borwser måske hijacket

Hej eksperter,

jeg havde et angreb på min computer i går, som trodsede min spywareguard og min spywareblaster og mit antivir... Øv, det startede med at min computer blev overdrevet langsom men så læste jeg forskellige spywarefjernertricks herinde og downloadede et par nye virusscannere (stinger og avg). Så nu virker det hele igen - NÆSTEN: for når jeg fx klikker på links ved en googlesøgning kommer der næsten altid andre sider op en det jeg har trykket på, og næsten altid de samme slags sider fx. sider som

http://freewirelessworld.com/

http://67.29.139.199/404/land.html

http://www-search.net/

http://www.novelentertainment.com

http://10-top.com

Hvordan kommer jeg af med den meget irriterende browserviderestilling?

Jeg kopierer lige fra hijackthis-loggen hvis nogen skulle kunne se noget mistænksomt. Og det skal lige siges, at jeg har kørt spybot.

Logfile of HijackThis v1.97.7
Scan saved at 11:37:54, on 28-04-2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
D:\Blandede installationsfiler mm\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.dk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dmfzr.exe] C:\WINDOWS\System32\dmfzr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: PopupPopper Kontrol Panel (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ez.statsbiblioteket.dk:2048/support/plugins/ebraryRdr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541444363
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38158.7002314815
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} (ProductIDGatherer.WindowsGatherer) - http://download.microsoft.com/download/a/3/7/a377aea1-7b14-4fa1-933c-43e657b37995/ProductIDGatherer.CAB
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD32FD8-2D46-49E3-A89F-AADD0ED75404}: NameServer = 85.255.113.124,85.255.112.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD32FD8-2D46-49E3-A89F-AADD0ED75404}: NameServer = 85.255.113.124,85.255.112.199
Avatar billede emilt Nybegynder
28. april 2006 - 16:55 #1
OG: Med venlig hilsen, og med håb om hjælp - Emilt
Avatar billede Computer Hjælp (Gratis) Mester
28. april 2006 - 17:17 #2
Under alle omstændigheder - læs og forstå hvorfor:
"Ubeskyttede pc’er holder i 20 minutter" ->
http://forum.mib-eu.dk/forum_posts.asp?TID=44
Avatar billede Computer Hjælp (Gratis) Mester
28. april 2006 - 17:18 #3
... kør i først omgang denne procedure:
SUPERAntiSpyware ->
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe +
http://www.spywarefri.dk/manualer/superantispyware-manual.htm

... og en 'frisk' HiJackThis log

(Ikke nødvendigvis mig der følger op...)
Avatar billede emilt Nybegynder
28. april 2006 - 17:40 #4
det prøver jeg, foreløbig tak... ny log om 5 min
Avatar billede emilt Nybegynder
28. april 2006 - 17:58 #5
jeg kan ikke komme til at installere superantispyware:

'systemadministratoren har angivet systemregler der forhindrer denne installation'

- men det er jo mig der er systemadministrator!
Avatar billede levithan Nybegynder
28. april 2006 - 19:32 #6
den bruger du logger på som har den administrator rettieheder eller prøv det samme i fejlsikret tilstand med netværksunderstyttelse
Avatar billede levithan Nybegynder
28. april 2006 - 19:33 #7
Og foresten så er din hijackthis out of date = HijackThis v1.97.7 = du skal bruge version 1.99.1
Avatar billede emilt Nybegynder
29. april 2006 - 04:12 #8
ok, gør det i morgen formiddag. tak for tippet
Avatar billede ejvindh Ekspert
29. april 2006 - 10:07 #9
Prøv dette fix, for at komme af med den pågældende infektion:

Under dette fix vil computeren blive genstartet, og du bør derfor printe vejledningen ud, for at have den ved din side under hele fixet. Fixet skal bruge adgang til internettet, så det skal du sikre dig, at der er.

-- Hent den nyeste version af HJT her:
http://danborg.org/spy1/HJT/hijackthis.exe

-- Hent FixWareout fra et af disse links:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

-- Gem filen på dit Skrivebord og dobbeltklik på den. Klik Next -> Install og check, at der er et flueben i "Run fixit" - klik herefter på Finish. Fixet vil nu starte, og du skal blot følge instruktionerne. Du vil blive bedt om at genstarte din computer - gør venligst det. Genstarten vil tage lidt længere tid end normalt...

-- Når dit system genstarter skal du fortsat følge den vejledning, der gives på skærmen. Når fixet er færdigt vil der åbnes en log (report.txt), som du skal gemme og lægge herind i næste post.

-- Kør herefter HijackThis (den nye version) - klik på "Do a systemscan only", og sæt et flueben ud for følgende linier - luk øvrige programvinduer - klik "Fix checked":

O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [dmfzr.exe] C:\WINDOWS\System32\dmfzr.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0BD32FD8-2D46-49E3-A89F-AADD0ED75404}: NameServer = 85.255.113.124,85.255.112.199
O17 - HKLM\System\CS1\Services\Tcpip\..\{0BD32FD8-2D46-49E3-A89F-AADD0ED75404}: NameServer = 85.255.113.124,85.255.112.199

-- Luk HJT. Genstart din computer, og kopier indholdet af C:\fixwareout\report.txt herind sammen med en frisk HijackThis log.
Avatar billede ejvindh Ekspert
29. april 2006 - 10:08 #10
SuperAntispyware kan ikke tage denne infektion -- så i første omgang er der ingen grund til at bøvle videre med denne scanner (det er dog en god scanner, som det bagefter kan være en god ide at få installeret *S*).
Avatar billede emilt Nybegynder
29. april 2006 - 11:55 #11
prøver nu... har kørt superspywarescan, den fandt noget, men browserproblemet er, som du gættede ejvindh, ikke løst-
Avatar billede emilt Nybegynder
29. april 2006 - 12:38 #12
frisk hijackthislog:

Logfile of HijackThis v1.99.1
Scan saved at 12:33:10, on 29-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmer\SpywareGuard\sgbhp.exe
D:\Blandede installationsfiler mm\HijackThis.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Wico2002] C:\Programmer\win control\wico2002.exe /info
O4 - HKLM\..\Run: [dmttj.exe] C:\WINDOWS\System32\dmttj.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: PopupPopper Kontrol Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ez.statsbiblioteket.dk:2048/support/plugins/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541444363
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146289325033
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

Og Fixwareout:

Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\hyvmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate

»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\DMAVO.EXE      44.122 2002-09-09
Avatar billede ejvindh Ekspert
29. april 2006 - 12:49 #13
Det gav bid, men fixet kom desværre ikke helt i bund. Der er en fil, som jeg er lidt i tvivl om:
O4 - HKLM\..\Run: [Wico2002] C:\Programmer\win control\wico2002.exe /info

Ved du selv hvad dette er? Ellers prøv at uploade den til Jotti:
http://virusscan.jotti.org/

Klik på Gennemse, og klik dig så frem til C:\Programmer\win control\wico2002.exe

Klik så Submit. Så kommer der en lille log over forskellige scanninger frem. Den må du gerne klippe ind i næste svar.

Derudover kunne jeg godt tænke mig, hvis du vil prøve at køre Fixwareout én gang mere. Der er en entry tilbage i HJT-loggen, som egentlig burde være fixet af værktøjet. Du må gerne lægge fixwareout-loggen herind igen efter kørslen :-)
Avatar billede emilt Nybegynder
29. april 2006 - 12:55 #14
wico er jeg ret sikker på er et program jeg har installeret der hedder 'win control'som jeg brugte ifb med at få mine systempolitikker til at makke ret, for at sige det meget forenklet. jeg kan godt afinstallere det hvis du mener det kan være spywarebefængt, men umiddelbart tror jeg det ikke... jeg gør som du siger igen! og tak for tålmodigheden.
Avatar billede ejvindh Ekspert
29. april 2006 - 13:05 #15
Grunden til at jeg spurgte til programmet var, at jeg ikke kunne finde oplysninger på det. Hvis du ikke har grund til at mistænke det for noget, har jeg heller ikke *S*
Avatar billede ejvindh Ekspert
29. april 2006 - 13:07 #16
Jeg glemte lige: Når du har kørt Fixwareout, vil jeg også gerne have at du laver en ny log med Hijackthis, som du lægger herind *S*
Avatar billede emilt Nybegynder
29. april 2006 - 13:24 #17
værsgo:


Fixwareout ver 1.003
Last edited 04/26/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jttmd
...

Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is lagitamate



»»»»» Search by size and names...

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\DMTTJ.EXE      44.122 2002-09-09

---------------------
JOTTI:
Service 
Service load:  0%        100% 

File:  wico2002.exe 
Status:  POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) 
MD5  2668fd0eef038537ef2f06055a43c8fb 
Packers detected:  -
Scanner results 
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
Dr.Web  Found BACKDOOR.Trojan (probable variant) 
F-Prot Antivirus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
UNA  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing
----------------------------------------
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 13:21:38, on 29-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Blandede installationsfiler mm\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Wico2002] C:\Programmer\win control\wico2002.exe /info
O4 - HKLM\..\Run: [dmjha.exe] C:\WINDOWS\System32\dmjha.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: PopupPopper Kontrol Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ez.statsbiblioteket.dk:2048/support/plugins/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541444363
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146289325033
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe
Avatar billede ejvindh Ekspert
29. april 2006 - 13:35 #18
Nå, du uploadede alligevel wico2002.exe til Jotti, og Dr.Web slog ud på den. Det kan godt være en false positve, eftersom den er baseret på en heuristisk undersøgelse. Dr.Web's heuristiske undersøgelser er lidt berygtede for at give falske positiver. Jeg vil derfor lade det være op til dig selv at afgøre, hvor vigtig programmet er for dig, i forhold til en (lille) risiko, for at den kan være inficeret.

Derudover ser det ud til, at du har en ny version af Wareout-infektionen, som bøvler lidt. Vi skal nu nok få den ned med nakken, men det kan godt tage et par runder. Prøv dette:

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør HJT, og find en linie, der følger dette mønster:
O4 - HKLM\..\Run: [dm***.exe] C:\WINDOWS\System32\dm***.exe
(*** står for 3 tilfældige tegn)

Marker linien, og klik på "Fix checked".

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

Alle filer, der følger dette mønster:
C:\WINDOWS\System32\dm***.exe
(*** står for 3 tilfældige tegn)

-- Genstart herefter computeren til normal tilstand, og lav en frisk log fra Hijackthis, som du lægger herind.

-- Du må også gerne lave en log med Silentrunners:
http://www.silentrunners.org/Silent%20Runners.vbs

Kør programmet, klik på Ja. Klik på OK. Vent så indtil der kommer en besked om at logfilen er færdig. Find log-filen, og læg den herind (den lægger sig i samme mappe som silentrunner programmet ligger i).
Avatar billede emilt Nybegynder
29. april 2006 - 13:37 #19
vi tager en runde mere :-)
Avatar billede emilt Nybegynder
29. april 2006 - 13:58 #20
Logfile of HijackThis v1.99.1
Scan saved at 13:51:49, on 29-04-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmer\SpywareGuard\sgmain.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Blandede installationsfiler mm\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\Programmer\PopupPopper\PopLib.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmer\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Wico2002] C:\Programmer\win control\wico2002.exe /info
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: PopupPopper Kontrol Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Programmer\PopupPopper\SiteList.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ez.statsbiblioteket.dk:2048/support/plugins/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138541444363
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146289325033
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe



"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"msnmsgr" = ""C:\Programmer\MSN Messenger\msnmsgr.exe" /background" [** WMI GetObject error **]
"IE Privacy Keeper" = ""C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -stcleanup" [** WMI GetObject error **]
"Skype" = ""C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized" [** WMI GetObject error **]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SystemTray" = "SysTray.Exe" [** WMI GetObject error **]
"Jet Detection" = "C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [** WMI GetObject error **]
"CTStartup" = "C:\Programmer\Creative\Splash Screen\CTEaxSpl.EXE /run" [** WMI GetObject error **]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [** WMI GetObject error **]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" [** WMI GetObject error **]
"zBrowser Launcher" = "C:\Programmer\Logitech\iTouch\iTouch.exe" [** WMI GetObject error **]
"NVCLOCK" = "rundll32 nvclock.dll,fnNvclock" [** WMI GetObject error **]
"Logitech Utility" = "Logi_MwX.Exe" [** WMI GetObject error **]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" [** WMI GetObject error **]
"Wico2002" = "C:\Programmer\win control\wico2002.exe /info" [** WMI GetObject error **]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Windows Media Player"
                                        \StubPath  = "C:\WINDOWS\INF\unregmp2.exe /ShowWMP" [** WMI GetObject error **]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                  \InProcServer32\(Default) = "C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" [** WMI GetObject error **]
{41353F8B-78CE-48A5-BE44-153ED293D192}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Control Popups in Internet Explorer"
                  \InProcServer32\(Default) = "C:\Programmer\PopupPopper\PopLib.dll" [** WMI GetObject error **]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
  -> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
                  \InProcServer32\(Default) = "C:\Programmer\SpywareGuard\dlprotect.dll" [** WMI GetObject error **]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [** WMI GetObject error **]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{00022613-0000-0000-C000-000000000046}" = "Egenskabsark for multimediefiler"
  -> {HKLM...CLSID} = "Filegenskabsark for multimedier"
                  \InProcServer32\(Default) = "mmsys.cpl" [** WMI GetObject error **]
"{176d6597-26d3-11d1-b350-080036a75b03}" = "ICM-scannerstyring"
  -> {HKLM...CLSID} = "ICM-scannerstyring"
                  \InProcServer32\(Default) = "icmui.dll" [** WMI GetObject error **]
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "NTFS Sikkerhedsside"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til sikkerhed"
                  \InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Egenskabsside for OLE-dokumentfil"
  -> {HKLM...CLSID} = "Egenskabsside for OLE-dokumentfil"
                  \InProcServer32\(Default) = "docprop.dll" [** WMI GetObject error **]
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Grænsefladeudvidelse til deling"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til deling"
                  \InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]
"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"
  -> {HKLM...CLSID} = "PlusPack CPL-fil"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [** WMI GetObject error **]
"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmkort"
  -> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærmkort"
                  \InProcServer32\(Default) = "deskadp.dll" [** WMI GetObject error **]
"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærm"
  -> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærm"
                  \InProcServer32\(Default) = "deskmon.dll" [** WMI GetObject error **]
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Kontrolpanel-udvidelse til skærmpanorering"
  -> {HKLM...CLSID} = "Kontrolpanel-udvidelse til skærmpanorering"
                  \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "DS Security-side"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til sikkerhed"
                  \InProcServer32\(Default) = "dssec.dll" [** WMI GetObject error **]
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Kompatibilitetsside"
  -> {HKLM...CLSID} = "Kompatibilitetsside"
                  \InProcServer32\(Default) = "SlayerXP.dll" [** WMI GetObject error **]
"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Shell Scrap DataHandler"
  -> {HKLM...CLSID} = "Shell fragmentdatahandler"
                  \InProcServer32\(Default) = "shscrap.dll" [** WMI GetObject error **]
"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Udvidelsen Diskcopy"
  -> {HKLM...CLSID} = "Udvidelsen DISKCOPY"
                  \InProcServer32\(Default) = "diskcopy.dll" [** WMI GetObject error **]
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Grænsefladeudvidelser til Microsoft Windows-netværksobjekter"
  -> {HKLM...CLSID} = "Udvidelser til grænsefladen i Microsoft Windows-netværksobjekter"
                  \InProcServer32\(Default) = "ntlanui2.dll" [** WMI GetObject error **]
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "ICM-skærmstyring"
  -> {HKLM...CLSID} = "ICM-skærmstyring"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [** WMI GetObject error **]
"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "ICM-printerstyring"
  -> {HKLM...CLSID} = "ICM-printerstyring"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [** WMI GetObject error **]
"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Grænsefladeudvidelse til webudskrift"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til webudskrift"
                  \InProcServer32\(Default) = "printui.dll" [** WMI GetObject error **]
"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"
  -> {HKLM...CLSID} = "Microsoft Disk Quota UI"
                  \InProcServer32\(Default) = "dskquoui.dll" [** WMI GetObject error **]
"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Rejsetaske"
  -> {HKLM...CLSID} = "Rejsetaske"
                  \InProcServer32\(Default) = "syncui.dll" [** WMI GetObject error **]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-ikon"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [** WMI GetObject error **]
"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"
  -> {HKLM...CLSID} = "Skrifttyper"
                  \InProcServer32\(Default) = "fontext.dll" [** WMI GetObject error **]
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "ICC-profil"
  -> {HKLM...CLSID} = "ICC-profil"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [** WMI GetObject error **]
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Printers Sikkerhedsside"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til sikkerhed"
                  \InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Grænsefladeudvidelse til deling"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til deling"
                  \InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"
  -> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"
                  \InProcServer32\(Default) = "deskperf.dll" [** WMI GetObject error **]
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto PKO-filtype"
  -> {HKLM...CLSID} = "CryptPKO Class"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [** WMI GetObject error **]
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Crypto signeringsfiltype"
  -> {HKLM...CLSID} = "CryptSig Class"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [** WMI GetObject error **]
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Netværksforbindelser"
  -> {HKLM...CLSID} = "Netværksforbindelser"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [** WMI GetObject error **]
"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Netværksforbindelser"
  -> {HKLM...CLSID} = "Netværk via modem"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [** WMI GetObject error **]
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "Scannere og kameraer"
  -> {HKLM...CLSID} = "Scannere og kameraer"
                  \InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "Scannere og kameraer"
  -> {HKLM...CLSID} = "Scannere og kameraer"
                  \InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{905667aa-acd6-11d2-8080-00805f6596d2}" = "Scannere og kameraer"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "Scannere og kameraer"
  -> {HKLM...CLSID} = "Scannere og kameraer"
                  \InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "Scannere og kameraer"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]
"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"
  -> {HKLM...CLSID} = "Remote Sessions CPL Extension"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [** WMI GetObject error **]
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"
  -> {HKLM...CLSID} = "Auto Update Property Sheet Extension"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\wuaucpl.cpl" [** WMI GetObject error **]
"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Shell-udvidelser til Windows Scripting Host"
  -> {HKLM...CLSID} = "Shell extensions for Windows Scripting Host"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\wshext.dll" [** WMI GetObject error **]
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Microsoft-dataforbindelse"
  -> {HKLM...CLSID} = "Microsoft OLE DB Service Component Data Links"
                  \InProcServer32\(Default) = "C:\Programmer\Fælles filer\System\Ole DB\oledb32.dll" [** WMI GetObject error **]
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"
  -> {HKLM...CLSID} = "Scheduling UI icon handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [** WMI GetObject error **]
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"
  -> {HKLM...CLSID} = "Scheduling UI property sheet handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [** WMI GetObject error **]
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Planlagte opgaver"
  -> {HKLM...CLSID} = "Planlagte opgaver"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [** WMI GetObject error **]
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Søg"
  -> {HKLM...CLSID} = "Søg"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Hjælp og support"
  -> {HKLM...CLSID} = "Hjælp og support"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Hjælp og support"
  -> {HKLM...CLSID} = "Windows Sikkerhed"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Kør..."
  -> {HKLM...CLSID} = "Kør..."
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internettet"
  -> {HKLM...CLSID} = "Internettet"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "E-mail"
  -> {HKLM...CLSID} = "E-mail"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Fonts"
  -> {HKLM...CLSID} = "Fonts"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Administration"
  -> {HKLM...CLSID} = "Administration"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"
  -> {HKLM...CLSID} = "Audio Media Properties Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"
  -> {HKLM...CLSID} = "Video Media Properties Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"
  -> {HKLM...CLSID} = "Wav Properties Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"
  -> {HKLM...CLSID} = "Avi Properties Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"
  -> {HKLM...CLSID} = "Midi Properties Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]
"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"
  -> {HKLM...CLSID} = "Video Thumbnail Extractor"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]
"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Værktøjslinje til Microsoft Internet"
  -> {HKLM...CLSID} = "Værktøjslinje til Microsoft Internet"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "Download Status"
  -> {HKLM...CLSID} = "Download Status"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Augmented Shell Folder"
  -> {HKLM...CLSID} = "Augmented Shell Folder"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Augmented Shell Folder 2"
  -> {HKLM...CLSID} = "Augmented Shell Folder 2"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"
  -> {HKLM...CLSID} = "BandProxy"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Microsoft BrowserBand"
  -> {HKLM...CLSID} = "Microsoft BrowserBand"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Search Band"
  -> {HKLM...CLSID} = "Search Band"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{32683183-48a0-441b-a342-7c2a440a9478}" = "Media Band"
  -> {HKLM...CLSID} = "Media Band"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "In-pane search"
  -> {HKLM...CLSID} = "In-pane search"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Websøgning"
  -> {HKLM...CLSID} = "Websøgning"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Registry Tree Options Utility"
  -> {HKLM...CLSID} = "Registry Tree Options Utility"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse"
  -> {HKLM...CLSID} = "&Adresse"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Redigeringsboks til adresse"
  -> {HKLM...CLSID} = "Redigeringsboks til adresse"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Microsoft AutoComplete"
  -> {HKLM...CLSID} = "Microsoft AutoComplete"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"
  -> {HKLM...CLSID} = "TridentImageExtractor"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{6756A641-DE71-11d0-831B-00AA005B4383}" = "MRU AutoComplete List"
  -> {HKLM...CLSID} = "MRU AutoComplete List"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Custom MRU AutoCompleted List"
  -> {HKLM...CLSID} = "Custom MRU AutoCompleted List"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"
  -> {HKLM...CLSID} = "Accessible"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Track Popup Bar"
  -> {HKLM...CLSID} = "Track Popup Bar"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Address Bar Parser"
  -> {HKLM...CLSID} = "Address Bar Parser"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Microsoft History AutoComplete List"
  -> {HKLM...CLSID} = "Microsoft History AutoComplete List"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Microsoft Shell Folder AutoComplete List"
  -> {HKLM...CLSID} = "Microsoft Shell Folder AutoComplete List"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Microsoft Multiple AutoComplete List Container"
  -> {HKLM...CLSID} = "Microsoft Multiple AutoComplete List Container"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Shell Band Site Menu"
  -> {HKLM...CLSID} = "Shell Band Site Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"
  -> {HKLM...CLSID} = "Shell DeskBarApp"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Shell DeskBar"
  -> {HKLM...CLSID} = "Shell DeskBar"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"
  -> {HKLM...CLSID} = "Shell Rebar BandSite"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "User Assist"
  -> {HKLM...CLSID} = "User Assist"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Global Folder Settings"
  -> {HKLM...CLSID} = "Global Folder Settings"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"
  -> {HKLM...CLSID} = "Favorites Band"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"
  -> {HKLM...CLSID} = "Shell Automation Inproc Service"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"
  -> {HKLM...CLSID} = "Shell DocObject Viewer"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"
  -> {HKLM...CLSID} = "Microsoft Browser Architecture"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"
  -> {HKLM...CLSID} = "Internetgenvej"
                  \InProcServer32\(Default) = "shdocvw.dll" [** WMI GetObject error **]
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft URL-oversigtstjeneste"
  -> {HKLM...CLSID} = "Microsoft URL-oversigtstjeneste"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{FF393560-C2A7-11CF-BFF4-444553540000}" = "Oversigt"
  -> {HKLM...CLSID} = "Oversigt"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
  -> {HKLM...CLSID} = "Temporary Internet Files"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"
  -> {HKLM...CLSID} = "Temporary Internet Files"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"
  -> {HKLM...CLSID} = "Microsoft Url Search Hook"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "Velkomstbillede til Internet Explorer 4-suiten"
  -> {HKLM...CLSID} = "Velkomstbillede til Internet Explorer 4-suiten"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"
  -> {HKLM...CLSID} = "CDF Extension Copy Hook"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"
  -> {HKLM...CLSID} = "ISFBand OC"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"
  -> {HKLM...CLSID} = "Search Assistant OC"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internettet"
  -> {HKLM...CLSID} = "Internettet"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"
  -> {HKLM...CLSID} = "Internet Explorer"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"
  -> {HKLM...CLSID} = "Explorer Band"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]
"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Shell Programstyring"
  -> {HKLM...CLSID} = "Shell Programstyring"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [** WMI GetObject error **]
"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Optælling af installerede programmer"
  -> {HKLM...CLSID} = "Optælling af installerede programmer"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [** WMI GetObject error **]
"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"
  -> {HKLM...CLSID} = "Darwin App Publisher"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [** WMI GetObject error **]
"{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"
  -> {HKLM...CLSID} = "Shell Image Verbs"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"
  -> {HKLM...CLSID} = "Shell Image Data Factory"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "Udpakning af miniaturer til GDI+-filer"
  -> {HKLM...CLSID} = "Udpakning af miniaturer til GDI+-filer"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Dokumentinfo om miniaturehandler (DOCFILES)"
  -> {HKLM...CLSID} = "Dokumentinfo om miniaturehandler (DOCFILES)"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]
"{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "Udpakning af HTML-miniaturer"
  -> {HKLM...CLSID} = "Udpakning af HTML-miniaturer"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"
  -> {HKLM...CLSID} = "Shell Image Property Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Guiden Webudgivelse"
  -> {HKLM...CLSID} = "Guiden Webudgivelse"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]
"{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Bestil billedudskrift over World Wide Web"
  -> {HKLM...CLSID} = "Bestil billedudskrift over World Wide Web"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Objekt til guiden Webudgivelse"
  -> {HKLM...CLSID} = "Objekt til guiden Webudgivelse"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]
"{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Guiden Få et Passport"
  -> {HKLM...CLSID} = "Guiden Få et Passport"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]
"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "ZIP-komprimeret mappe"
  -> {HKLM...CLSID} = "CompressedFolder"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [** WMI GetObject error **]
"{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"
  -> {HKLM...CLSID} = "Compressed (zipped) Folder Right Drag Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [** WMI GetObject error **]
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"
  -> {HKLM...CLSID} = "Compressed (zipped) Folder SendTo Target"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [** WMI GetObject error **]
"{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"
  -> {HKLM...CLSID} = "Microsoft FTP Folder"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [** WMI GetObject error **]
"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"
  -> {HKLM...CLSID} = "Microsoft DocProp Shell Ext"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"
  -> {HKLM...CLSID} = "Microsoft DocProp Inplace Edit Box Control"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]
"{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"
  -> {HKLM...CLSID} = "Microsoft DocProp Inplace ML Edit Box Control"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"
  -> {HKLM...CLSID} = "Microsoft DocProp Inplace Droplist Combo Control"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]
"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"
  -> {HKLM...CLSID} = "Microsoft DocProp Inplace Calendar Control"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"
  -> {HKLM...CLSID} = "Microsoft DocProp Inplace Time Control"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]
"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [** WMI GetObject error **]
"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [** WMI GetObject error **]
"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [** WMI GetObject error **]
"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"
  -> {HKLM...CLSID} = "MyDocs Drop Target"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [** WMI GetObject error **]
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"
  -> {HKLM...CLSID} = "MyDocs menu and properties"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [** WMI GetObject error **]
"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"
  -> {HKLM...CLSID} = "Offline Files Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"
  -> {HKLM...CLSID} = "Offline Files Folder Options"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Mappen Offlinefiler"
  -> {HKLM...CLSID} = "Mappen Offlinefiler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"
  -> {HKLM...CLSID} = "Microsoft Agent Character Property Sheet Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [** WMI GetObject error **]
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"
  -> {HKLM...CLSID} = "DfsShell Class"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [** WMI GetObject error **]
"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"
  -> {HKLM...CLSID} = "DropTarget-objekt til guiden Billedudskrivning"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [** WMI GetObject error **]
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"
  -> {HKLM...CLSID} = "ExtractIcon Class"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [** WMI GetObject error **]
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"
  -> {HKLM...CLSID} = "Cabinet"
                  \InProcServer32\(Default) = "cabview.dll" [** WMI GetObject error **]
"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "Efter &personer..."
  -> {HKLM...CLSID} = "Efter &personer..."
                  \InProcServer32\(Default) = "C:\PROGRA~1\OUTLOO~1\wabfind.dll" [** WMI GetObject error **]
"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"
  -> {HKLM...CLSID} = "WMP Burn Audio CD Launcher"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [** WMI GetObject error **]
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"
  -> {HKLM...CLSID} = "WMP Play As Playlist Launcher"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [** WMI GetObject error **]
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"
  -> {HKLM...CLSID} = "WMP Add To Playlist Launcher"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [** WMI GetObject error **]
"{568804CA-CBD7-11d0-9816-00C04FD91972}" = "Menu Shell Folder"
  -> {HKLM...CLSID} = "Menu Shell Folder"
                  \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM32\BROWSEUI.DLL" [** WMI GetObject error **]
"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Menu Band"
  -> {HKLM...CLSID} = "Menu Band"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Tracking Shell Menu"
  -> {HKLM...CLSID} = "Tracking Shell Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"
  -> {HKLM...CLSID} = "Menu Site"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Desk Bar"
  -> {HKLM...CLSID} = "Menu Desk Bar"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"
  -> {HKLM...CLSID} = "IShellFolderBand"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Links"
  -> {HKLM...CLSID} = "&Links"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Thumbnail Image"
  -> {HKLM...CLSID} = "Thumbnail Image"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}" = "Miniaturer"
  -> {HKLM...CLSID} = "Miniaturer"
                  \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM32\THUMBVW.DLL" [** WMI GetObject error **]
"{7D688A77-C613-11D0-999B-00C04FD655E1}" = "SlowFile Icon Overlay"
  -> {HKLM...CLSID} = "SlowFile Icon Overlay"
                  \InProcServer32\(Default) = "C:\WINDOWS\SYSTEM32\SHELL32.DLL" [** WMI GetObject error **]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [** WMI GetObject error **]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [** WMI GetObject error **]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
  -> {HKLM...CLSID} = "SpywareGuard.Handler"
                  \InProcServer32\(Default) = "C:\Programmer\SpywareGuard\spywareguard.dll" [** WMI GetObject error **]
"{62998FFD-B0A8-4019-8B86-CF0785539EC5}" = "IE Privacy Keeper Secure Delete Shell Extension"
  -> {HKLM...CLSID} = "ShellExt Class"
                  \InProcServer32\(Default) = "C:\Programmer\UnH Solutions\IE Privacy Keeper\SecureDelete.dll" [** WMI GetObject error **]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [** WMI GetObject error **]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
                  \InProcServer32\(Default) = "C:\Programmer\Real\RealPlayer\rpshell.dll" [** WMI GetObject error **]
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [** WMI GetObject error **]
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [** WMI GetObject error **]
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Kanalfil"
  -> {HKLM...CLSID} = "Channel"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Genvej til kanal"
  -> {HKLM...CLSID} = "Genvej til kanal"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object"
  -> {HKLM...CLSID} = "Channel Handler Object"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"
  -> {HKLM...CLSID} = "Channel Menu Handler Object"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"
  -> {HKLM...CLSID} = "Channel Shortcut Property Pages"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"
  -> {HKLM...CLSID} = "WebCheck"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"
  -> {HKLM...CLSID} = "Subscription Mgr"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Subscription Folder"
  -> {HKLM...CLSID} = "Subscription Folder"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"
  -> {HKLM...CLSID} = "WebCheckWebCrawler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"
  -> {HKLM...CLSID} = "WebCheckChannelAgent"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"
  -> {HKLM...CLSID} = "TrayAgent"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"
  -> {HKLM...CLSID} = "Code Download Agent"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"
  -> {HKLM...CLSID} = "ConnectionAgent"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"
  -> {HKLM...CLSID} = "PostAgent"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"
  -> {HKLM...CLSID} = "WebCheck SyncMgr Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX-cachemappe"
  -> {HKLM...CLSID} = "ActiveX-cachemappe"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [** WMI GetObject error **]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = "Webmapper"
  -> {HKLM...CLSID} = "Webmapper"
                  \InProcServer32\(Default) = "C:\PROGRA~1\FÆLLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL" [** WMI GetObject error **]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\Programmer\Microsoft Office\OFFICE11\msohev.dll" [** WMI GetObject error **]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {HKLM...CLSID} = "Portable Media Devices"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [** WMI GetObject error **]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [** WMI GetObject error **]
"{bd094550-486a-11d0-9556-080009bb52b4}" = "XferPro32"
  -> {HKLM...CLSID} = "XferPro32"
                  \InProcServer32\(Default) = "C:\PROGRA~2\SABASO~1\XFERPR~1\xfershel.dll" [** WMI GetObject error **]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" [** WMI GetObject error **]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {HKLM...CLSID} = "AVG7 Find Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" [** WMI GetObject error **]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Browseui preloader"
  -> {HKLM...CLSID} = "Browseui preloader"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]
INFECTION WARNING! "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Component Categories cache daemon"
  -> {HKLM...CLSID} = "Component Categories cache daemon"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided)
  -> {HKLM...CLSID} = "URL Exec Hook"
                  \InProcServer32\(Default) = "shell32.dll" [** WMI GetObject error **]
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided)
  -> {HKLM...CLSID} = "SpywareGuard.Handler"
                  \InProcServer32\(Default) = "C:\Programmer\SpywareGuard\spywareguard.dll" [** WMI GetObject error **]
INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
  -> {HKLM...CLSID} = "SABShellExecuteHook Class"
                  \InProcServer32\(Default) = "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [** WMI GetObject error **]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"
  -> {HKLM...CLSID} = "PostBootReminder-objekt"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"
  -> {HKLM...CLSID} = "ShellFolder for CD Burning"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"
  -> {HKLM...CLSID} = "SysTray"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [** WMI GetObject error **]
"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
  -> {HKLM...CLSID} = "WebCheck"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! SASWinLogon\DLLName = "C:\Programmer\SUPERAntiSpyware\SASWINLO.dll" [** WMI GetObject error **]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"
  -> {HKLM...CLSID} = "AP Class Install Handler filter"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]
INFECTION WARNING! deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
  -> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]
INFECTION WARNING! gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
  -> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]
INFECTION WARNING! lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"
  -> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]
INFECTION WARNING! text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"
  -> {HKLM...CLSID} = "WebView MIME Filter"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\Programmer\Fælles filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [** WMI GetObject error **]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
{24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
{24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
{66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" [** WMI GetObject error **]
EncodeDecode\(Default) = "{bd094550-486a-11d0-9556-080009bb52b4}"
  -> {HKLM...CLSID} = "XferPro32"
                  \InProcServer32\(Default) = "C:\PROGRA~2\SABASO~1\XFERPR~1\xfershel.dll" [** WMI GetObject error **]
IEPKSecureDelete\(Default) = "{62998FFD-B0A8-4019-8B86-CF0785539EC5}"
  -> {HKLM...CLSID} = "ShellExt Class"
                  \InProcServer32\(Default) = "C:\Programmer\UnH Solutions\IE Privacy Keeper\SecureDelete.dll" [** WMI GetObject error **]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
  -> {HKLM...CLSID} = "Offline Files Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]
Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
  -> {HKLM...CLSID} = "Open With Context Menu Handler"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
  -> {HKLM...CLSID} = "Kontekstmenu til kryptering"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [** WMI GetObject error **]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
  -> {HKLM...CLSID} = "Kontekstmenu til kryptering"
                  \InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]
Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"
  -> {HKLM...CLSID} = "Offline Files Menu"
                  \InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]
Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
  -> {HKLM...CLSID} = "Grænsefladeudvidelse til deling"
                  \InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [** WMI GetObject error **]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                  \InProcServer32\(Default) = "C:\Programmer\Grisoft\AVG Free\avgse.dll" [** WMI GetObject error **]
IEPKSecureDelete\(Default) = "{62998FFD-B0A8-4019-8B86-CF0785539EC5}"
  -> {HKLM...CLSID} = "ShellExt Class"
                  \InProcServer32\(Default) = "C:\Programmer\UnH Solutions\IE Privacy Keeper\SecureDelete.dll" [** WMI GetObject error **]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                  \InProcServer32\(Default) = "C:\Programmer\WinRAR\rarext.dll" [** WMI GetObject error **]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Emil Thomsen.GONZA\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [** WMI GetObject error **]


Startup items in "Emil Thomsen" & "All Users" startup folders:
--------------------------------------------------------------

C:\Documents and Settings\Emil Thomsen.GONZA\menuen Start\Programmer\Start
"SpywareGuard" -> shortcut to: "C:\Programmer\SpywareGuard\sgmain.exe" [** WMI GetObject error **]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
"hp psc 1000 series" -> shortcut to: "C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe" [** WMI GetObject error **]


Enabled Scheduled Tasks:
------------------------

"Start programmet Hastighedsoptimering" -> launches: "walign" [file not found]
"Påmindelse om udløb af programfjernelse" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /u /n:1" [** WMI GetObject error **]
"FRU Task #Hewlett-Packard#hp psc 1100 series#1087857350" -> launches: "C:\Programmer\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1100 series#1087857350"" [** WMI GetObject error **]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [** WMI GetObject error **]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [** WMI GetObject error **]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [** WMI GetObject error **]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [** WMI GetObject error **], 01 - 03, 06 - 11
%SystemRoot%\system32\rsvpsp.dll [** WMI GetObject error **], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{D799B0E4-BEDE-41D2-AEE0-1E3A1C4EF918}\
"MenuText" = "IE Privacy Keeper"
"Exec" = "C:\Programmer\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [** WMI GetObject error **]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{3E94F358-9537-4BBA-8D12-D7F8A0136973}\
"ButtonText" = "PopupPopper Kontrol Panel"
"Exec" = "C:\Programmer\PopupPopper\SiteList.exe" [** WMI GetObject error **]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Alerter, Alerter, "C:\WINDOWS\System32\svchost.exe -k LocalService" {"C:\WINDOWS\system32\alrsvc.dll" [** WMI GetObject error **]}
Alternativt logon, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [** WMI GetObject error **]}
Arbejdsstation, lanmanworkstation, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [** WMI GetObject error **]}
Automatisk konfiguration af trådløse enheder, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [** WMI GetObject error **]}
Automatiske opdateringer, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wuauserv.dll" [** WMI GetObject error **]}
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" [** WMI GetObject error **]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [** WMI GetObject error **]
Beskyttet lager, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [** WMI GetObject error **]
COM+-hændelsessystem, EventSystem, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\es.dll" [** WMI GetObject error **]}
DHCP-klientprogram, Dhcp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [** WMI GetObject error **]}
Distributed Link Tracking Client, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [** WMI GetObject error **]}
DNS-klient, Dnscache, "C:\WINDOWS\System32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [** WMI GetObject error **]}
Hardwaregenkendelse på brugergrænsefladen, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [** WMI GetObject error **]}
Hjælp og support, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [** WMI GetObject error **]}
Hurtigt brugerskift-kompatibilitet, FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [** WMI GetObject error **]}
Hændelseslog, Eventlog, "C:\WINDOWS\system32\services.exe" [** WMI GetObject error **]
IPSEC Policy Agent, PolicyAgent, "C:\WINDOWS\System32\lsass.exe" [** WMI GetObject error **]
Kryptografiske tjenester, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [** WMI GetObject error **]}
Messenger, Messenger, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\msgsvc.dll" [** WMI GetObject error **]}
Netværksforbindelser, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [** WMI GetObject error **]}
NLA (Network Location Awareness), Nla, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [** WMI GetObject error **]}
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" [** WMI GetObject error **]
Opgavestyring, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [** WMI GetObject error **]}
Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [** WMI
Avatar billede emilt Nybegynder
29. april 2006 - 14:25 #21
browseren virker nu og viderestiller ikke længere, jeg tror sgu vi (du!) klarede den. TAK! Jo mindre du mener der stadig ligger noget skidt kan du jo bare lægge svar ...

mvh emilt
Avatar billede emilt Nybegynder
29. april 2006 - 14:26 #22
jeg er lige væk i en time i øvrigt.
Avatar billede ejvindh Ekspert
29. april 2006 - 14:29 #23
Så slap du af med Wareout-infektionen :-)

Silentrunners-loggen ser dog lidt mærkelig ud, så jeg kunne godt tænke mig et ekstra check:

Hent Blacklight her http://www.f-secure.com/blacklight/try.shtml Scroll ned på siden, og klik "iaccept". På næste side kan du downloade Blacklight til skrivebordet. Dobbeltklik filen, og klik scan. Når den er færdig laver den en log på skrivebordet. Kopier loggen her ind. Du skal ikke lade Blacklight fjerne noget endnu.

Endelig var der også lidt spor af Sabasoft's XferPro32. Dette program bliver ranked som en pest af Etrust. Jeg kender det ikke selv, men hvis jeg var dig, ville jeg afinstallere det:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074629
Avatar billede emilt Nybegynder
29. april 2006 - 17:01 #24
gør jeg nu...
Avatar billede emilt Nybegynder
29. april 2006 - 17:29 #25
xferpro32 afinstalleret (det var vist noget jeg brugte til at macs binhex-formater eller sådan noget).

blacklight gav ingen resultater, 0 hidden items... og hurra for det!
Avatar billede ejvindh Ekspert
29. april 2006 - 19:36 #26
Det lyder godt. Så kan du vist betragte pc'en som "kureret".

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser denne artikel om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Jeg takker for point :-)
Avatar billede emilt Nybegynder
30. april 2006 - 13:01 #27
Det er mig der takker :-)
Avatar billede Computer Hjælp (Gratis) Mester
30. april 2006 - 21:19 #28
... du bør også få lagt M$ ServicePack2 på putter + efterfølgende M$ opdateringer ...

Du kan hente ServicePack2 (SP2) her som 'løs' fil (~280Mb):
http://intern.sdu.dk/it-service/tjenester/ftphotel/ftpindhold/
Download/copy til et passende sted på din HD.
Afbryd fra det 'farlige' internet (stikket fysisk UD).
Instaler SP2 pakken.
Når det er så gået godt og efter en genstart eller to - først DA tilslut internettet igen og gå i start ->programmer ->Windowsupdate og lade din maskine scanne for nyeste opdateringer. Installer dem du får anbefalet. Der skal nok være >45 'pakker' ...
Avatar billede ejvindh Ekspert
30. april 2006 - 21:28 #29
DR1: Ja, som der også står på dette link:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Avatar billede emilt Nybegynder
01. maj 2006 - 01:37 #30
ok. havde bare hørt fra nogle at der var nogle problemer med sp2 og at man kunne undvære den, hvis man havde sp1. men det har fået ordnet? hvis jeg installerer fra det link, er det så en ok udgave?
Avatar billede Computer Hjælp (Gratis) Mester
01. maj 2006 - 06:55 #31
Hvis der er 'snavs' på putter så kan det gå 'galt' ... men ifølge ovenstående er din putter nu 'ren'...
... der er kommet en pænt håndfuld opdateringer bagefter som vil klare det... husk at få dem med...

"Jeg har hørt at der skulle være problemer med at køre XP - så jeg tror at jeg vil undvære den og blive ved WIN98 ..." ...Flere og flere (tillægs)programmer kræver at du har SP2 på putter. Også rent sikkerhedsmæssigt er der flere elementer i SP2...


Citat fra http://www.spywarefri.dk/manualer/sikkerhedspakke.htm :
"...Det vigtigste for dit WindowsXP er, at installere SP2. Der er slet ikke tvivl om, at denne Service Pack beskytter dig meget bedre end SP1..."
Avatar billede emilt Nybegynder
01. maj 2006 - 17:17 #32
Ok! Jamen så gør jeg da bare det. Og tak fordi du lige blandede dig :-) Og ejvind: min computer, som ellers ikke er helt ny, den kører som smurt nu! Den er ganske enkelt hurtigere, også uden for internettet. Hvordan det kan lade sig gøre ved jeg ikke, men det er den - så TAK!
Avatar billede Computer Hjælp (Gratis) Mester
01. maj 2006 - 20:07 #33
... blandede og blandede - det står også i http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Safe Surfing...
Avatar billede ejvindh Ekspert
01. maj 2006 - 20:16 #34
Du er velkommen. Dejligt at høre, at alting virker som det skal nu :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
Manglende plads Af Prado i Windows 10 16/07/202416:11 17/07/202406:01
Windows 11 problem!!! Af Lion i Windows 9 16/07/202415:05 18/07/202419:43
Reduseret lydstyrke i Windows Af valby i Windows 25 12/07/202419:01 16/07/202415:56
Pixeline cd’er til PC Af Mathilde i Windows 13 05/07/202414:04 16/07/202416:03
Windows 10 - IIS 10 Af bsn i Windows 1 05/07/202401:14 19/07/202421:57
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 10:12 Har brug for tips til PC Af SilentSloth i PC
I dag 09:26 usb-stick kan ikke tilgås Af Nils Torben i Andet hardware
I dag 00:00 4 G kontra 5 G Af fjorbak i Routere & Switches
I går 22:23 Opdater et ark Af lurup i Excel
I går 19:13 Lyac taletidskort Af fjorbak i Mobiltelefoner
White papers
Flere white papers »


Premium
Teaser billede
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Læs mere »
Fire år gamle Wiz takker nej til Alphabets historiske opkøbstilbud på 160 milliarder kroner: Satser i stedet på børsnotering
Ny metode: Fremover skal din Windows-pc opdateres på en helt ny måde
Devoteam Danmark lander sit første underskud i 21 år: Moderselskab tvinges til at give økonomisk støtte
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Sådan forbereder energiselskabet OK sig på cyberangreb: "Prisen for ikke at gøre noget kan være forfærdeligt høj"
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
Bo solgte sit software-system for et treciftret millionbeløb: Brugte pengene på at købe 80 medarbejdere til ny storsatsning
Se alle »
White paper
Teaser billede
Sådan høster du forretningsfordelene ved Internet of Things
Læs mere »
Få mere ud af din cloudinfrastruktur og gør op med de konstant stigende omkostninger
Sådan gør du: Elektronisk dokumentudveksling i praksis
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »