HJT for 117. gange :)

Af Guru MaGiX | 23-05-2004 19:05 | 1208 visninger | 2 svar, hop til seneste

Ja så blev det min tur til at få muget ud i lortet, kvajede mig lige med MSN+ 3,0 det meste blev dog fjernet med Adaware 6.0, men har en belastende search bar jeg mangler, plus formentligt lidt mere :) Men here goes: Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:ProgrammerFælles filerSymantec SharedccEvtMgr.exe C:ProgrammerNorton Internet SecurityNISUM.EXE C:WINDOWSExplorer.EXE C:ProgrammerFælles filerSymantec SharedccApp.exe C:ProgrammerIntelNCSPROSetPRONoMgr.exe C:WINDOWSSystem32 askswitch.exe C:WINDOWSSystem32fast.exe C:ProgrammerCreativeSBLiveAudioHQAHQTB.EXE C:ProgrammerSymantecNorton Ghost 2003GhostStartTrayApp.exe C:ProgrammerJavaj2re1.4.2_04injusched.exe C:ProgrammerMicrosoft IntelliType Pro ype32.exe C:ProgrammerWinampwinampa.exe C:ProgrammerICQLiteICQLite.exe C:WINDOWSSystem32devldr32.exe C:ProgrammerMessengermsmsgs.exe C:ProgrammerMessenger Plus! 3MsgPlus.exe C:WINDOWSSystem32RUNDLL32.EXE C:ProgrammerNorton Internet SecurityccPxySvc.exe C:PROGRA~1SymantecNORTON~1GHOSTS~2.EXE C:ProgrammerPalick SoftHDD TemperatureHDDTsvc.exe C:Program FilesFinePixViewerQuickDCF.exe C:[email protected] C:ProgrammerFælles filerMicrosoft SharedVS7Debugmdm.exe C:ProgrammerNorton AntiVirus avapsvc.exe C:ProgrammerVeriSignNAVI aviagent.exe C:ProgrammerNorton SystemWorksNorton UtilitiesNPROTECT.EXE C:WINDOWSSystem32 vsvc32.exe C:PROGRA~1NORTON~3SPEEDD~1 opdb.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32Fast.exe C:ProgrammerMSN MessengerMsnMsgr.Exe C:ProgrammerFolding@HomeFahCore_65.exe C:Program FilesmIRCmirc.exe C:WINDOWSSystem32ctfmon.exe C:ProgrammerInternet ExplorerIEXPLORE.EXE C:Documents and SettingsMaGiXSkrivebordHijackThis.exe C:ProgrammerInternet ExplorerIEXPLORE.EXE C:ProgrammerInternet ExplorerIEXPLORE.EXE R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://h2okoeling.dk[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.search.msn.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: VeriSign Inc. i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:ProgrammerVeriSigni-Navi-nav_4_1_4.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll O2 - BHO: (no name) - {18A02E9E-52BE-27F3-B24A-C8AE4A3FF833} - C:PROGRA~1FINDONEMfcd mess.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammerNorton AntiVirusNavShExt.dll O2 - BHO: (no name) - {CE000992-A58C-4441-8938-744CD72AB27F} - C:ProgrammerVeriSigni-Navi-nav_4_1_4.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammerNorton AntiVirusNavShExt.dll O3 - Toolbar: 01 log bird - {80430BC0-EE86-F93A-4283-5D2D18F380AB} - C:PROGRA~1FINDONEMfcd mess.dll O4 - HKLM..Run: [ccApp] "C:ProgrammerFælles filerSymantec SharedccApp.exe" O4 - HKLM..Run: [ccRegVfy] "C:ProgrammerFælles filerSymantec SharedccRegVfy.exe" O4 - HKLM..Run: [PRONoMgr.exe] C:ProgrammerIntelNCSPROSetPRONoMgr.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [anvshell] anvshell.exe O4 - HKLM..Run: [BackgroundSwitcher] C:WINDOWSSystem32gswitch.exe O4 - HKLM..Run: [CoolSwitch] C:WINDOWSSystem32 askswitch.exe O4 - HKLM..Run: [FastUser] C:WINDOWSSystem32fast.exe O4 - HKLM..Run: [EM_EXEC] C:PROGRA~1LogitechMOUSEW~1SYSTEMEM_EXEC.EXE O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe O4 - HKLM..Run: [AHQInit] C:ProgrammerCreativeSBLiveProgramAHQInit.exe O4 - HKLM..Run: [AudioHQ] C:ProgrammerCreativeSBLiveAudioHQAHQTB.EXE O4 - HKLM..Run: [GhostStartTrayApp] C:ProgrammerSymantecNorton Ghost 2003GhostStartTrayApp.exe O4 - HKLM..Run: [REGSHAVE] C:ProgrammerREGSHAVEREGSHAVE.EXE /AUTORUN O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04injusched.exe O4 - HKLM..Run: [type32] "C:ProgrammerMicrosoft IntelliType Pro ype32.exe" O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [ICQ Lite] C:ProgrammerICQLiteICQLite.exe -minimize O4 - HKLM..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU..Run: [MSMSGS] "C:ProgrammerMessengermsmsgs.exe" /background O4 - HKCU..Run: [MessengerPlus3] "C:ProgrammerMessenger Plus! 3MsgPlus.exe" /WinStart O4 - HKCU..Run: [msnmsgr] "C:ProgrammerMSN MessengerMsnMsgr.Exe" /background O4 - Startup: Folding@home 4.00.lnk = ? O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~3Office10EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: ICQ Lite (HKLM) O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM) O9 - Extra button: i-Nav Hjælp (HKLM) O9 - Extra 'Tools' menuitem: i-Nav Hjælp (HKLM) O9 - Extra 'Tools' menuitem: i-Nav Indstillinger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:ProgrammerInternet ExplorerPluginsNPDocBox.dll O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com[...] O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com[...] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com[...] O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com[...] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com[...] O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) - http://81.19.245.211[...] Takker på forhånd :) MaGiX
--

Brug for hjælp til vandkøling? Så se her: http://www.h2okoeling.dk[...] Danmarks nye vandkølings side. Nu med nyt forum, kig forbi :)

#1
Zyph
Semi Nørd
23-05-2004 19:18

Rapporter til Admin

Dem 4 her kan jeg ikke lige finde noget på? O3 - Toolbar: 01 log bird - {80430BC0-EE86-F93A-4283-5D2D18F380AB} - C:PROGRA~1FINDONEMfcd mess.dll O4 - HKLM..Run: [BackgroundSwitcher] C:WINDOWSSystem32gswitch.exe O4 - HKLM..Run: [CoolSwitch] C:WINDOWSSystem32 askswitch.exe O4 - HKLM..Run: [FastUser] C:WINDOWSSystem32fast.exe O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe O4 - HKLM..Run: [WinampAgent] C:ProgrammerWinampwinampa.exe O4 - Startup: Folding@home 4.00.lnk = ? O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O9 - Extra button: i-Nav Hjælp (HKLM) O9 - Extra 'Tools' menuitem: i-Nav Hjælp (HKLM) O9 - Extra 'Tools' menuitem: i-Nav Indstillinger (HKLM)
--
http://zyph.dk[...] - If everything else fails just boogie Mvh Oskar

#2
Armageddon
Maxi Nørd
23-05-2004 19:37

Rapporter til Admin

Hejsa, Tja, MaGiX det kan jo ske for selv de bedste :) Men lad os da fixe det. Start med at deaktivere systemgendannelse. Kør en ny scanning med HJT og sæt flueben ved disse: R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.search.msn.com[...] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com[...] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com[...] O2 - BHO: (no name) - {18A02E9E-52BE-27F3-B24A-C8AE4A3FF833} - C:PROGRA~1FINDONEMfcd mess.dll O3 - Toolbar: 01 log bird - {80430BC0-EE86-F93A-4283-5D2D18F380AB} - C:PROGRA~1FINDONEMfcd mess.dll Du kan med fordel fixe disse også så de ikke starter op med Windows O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdreg.exe O4 - HKLM..Run: [SunJavaUpdateSched] C:ProgrammerJavaj2re1.4.2_04 injusched.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE Luk alle øvrige programvinduer så kun HJT er åben. Klik på ”Fix checked”. Luk programmet og genstart i fejlsikret tilstand. Find og slet denne: C:PROGRA~1FINDONEMfcd mess.dll Genstart normalt. Kør en ny scanning med HJT og smid loggen herind til kontrol.
--
/Armageddon - [email protected] http://www.mdegn.dk[...]