Hej alle
Tak for de mange svar.
Jeg har fulgt ejvindh's forslag om at bruge hijackthis. Den liste som kommer du af det kommer her, er der noget jeg bør rette?
mvh
mogens
StartupList report, 07-08-2006, 23:10:26
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Mogens.STUEN\Skrivebord\hijackthis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FLLESF~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\TEXTware\HotKey\Twalink.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Mogens.STUEN\Skrivebord\hijackthis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Mogens.STUEN\Menuen Start\Programmer\Start]
SpywareGuard.lnk = C:\Programmer\SpywareGuard\sgmain.exe
Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start]
Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HotKey.lnk = C:\Programmer\TEXTware\HotKey\Twalink.exe
Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
AceGain LiveUpdate = C:\Programmer\AceGain\LiveUpdate\LiveUpdate.exe
TkBellExe = "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
PCSuiteTrayApplication = C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
DataLayer = C:\Programmer\Fælles filer\PCSuite\DataLayer\DataLayer.exe
QuickTime Task = "C:\Programmer\QuickTime\qttask.exe" -atboottime
SunJavaUpdateSched = C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Steam = C:\Programmer\Valve\Steam\Steam.exe -silent
PcSync = C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
tunebite.exe = D:\Programmer\tunebite\tunebite.exe -hidden
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
SpywareGuard Download Protection - C:\Programmer\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
(no name) - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
A3FED46591C552B1.job
AF446E1790CBE0EB.job
--------------------------------------------------
Enumerating Download Program Files:
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE =
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE =
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE =
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE =
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #5: C:\WINDOWS\system32\wshbth.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
--------------------------------------------------
End of report, 6.455 bytes
Report generated in 0,190 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only