Hey.
Jeg ved godt der har været ca. 3mia tråde omkring Log filer fra HJT, men nu søger jeg en venlig sjæl der kan give lidt hjælp, for jeg er seriøst trær af alle de "pop-up's" og så det at jeg ikke kan sætte min start side til Hol.dk, men i stedet en eller anden lorte search side.. :/
Please er der ikke nogle der kan hjælpe.?
HJT Log.:
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSMixer.exe
C:Program FilesJavaj2re1.4.2_03injusched.exe
C:Program FilesD-Toolsdaemon.exe
C:Program FilesAnalogXNetStat Live
sl.exe
C:PROGRA~1ALWILS~1Avast4aswDisp.exe
C:WINDOWSsystem32ctfmon.exe
C:PROGRA~1inioDLM.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Dfssvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesmIRCmirc.exe
C:Program FilesICQIcq.exe
C:DOCUME~1ADMINI~1LOCALS~1Tempjjbk.dat
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesWinampwinamp.exe
C:Documents and SettingsAdministratorDesktophjt.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP =
http://bqqbci.t.muxa.cc[...] (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,Shellnext =
http://www.hol.dk[...]
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:Program FilesGoogleGoogleToolbar2.dll (disabled by BHODemon)
O2 - BHO: (no name) - {C57FEE4C-D000-4146-B4EE-69F1FE8B8CFB} - C:WINDOWSsystem32podcl.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSsystem32msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [Mirabilis ICQ] C:PROGRA~1ICQICQNet.exe
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_03injusched.exe
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Windows Security Assistant] C:WINDOWSsystem32
undll32.vbe
O4 - HKLM..Run: [sys] regedit -s sys.reg
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKLM..Run: [NetStat Live] C:Program FilesAnalogXNetStat Live
sl.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4aswDisp.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [UserFaultCheck] %systemroot%system32dumprep 0 -u
O4 - HKLM..RunServices: [Windows Security Assistant] C:WINDOWSsystem32
undll32.vbe
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Windows Security Assistant] C:WINDOWSsystem32
undll32.vbe
O4 - HKCU..Run: [Zinio DLM] C:PROGRA~1inioDLM.exe /hide
O4 - Startup: BHODemon 2.0.lnk = C:Program FilesBHODemon 2BHODemon.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Google Search - res://c:program filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:program filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:program filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:program filesgoogleGoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O10 - Unknown file in Winsock LSP: c:program filesspamfighterproxyproxy.dll
O10 - Unknown file in Winsock LSP: c:program filesspamfighterproxyproxy.dll
O10 - Unknown file in Winsock LSP: c:program filesspamfighterproxyproxy.dll
O10 - Unknown file in Winsock LSP: c:program filesspamfighterproxyproxy.dll
O10 - Unknown file in Winsock LSP: c:program filesspamfighterproxyproxy.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com[...]
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com[...]
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
http://download.microsoft.com[...]
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net[...]
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net[...]
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://scanner.virus112.com[...]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com[...]
O16 - DPF: {D3426292-3750-4D80-9D0F-2816F61A6D15} (SpeedTest Control) -
http://81.19.245.211[...]
O17 - HKLMSystemCCSServicesTcpip..{A870FA8F-C144-4F4F-B1BF-6B1CD9612AF7}: NameServer = 193.162.153.164 194.239.134.83
--
Det er menneskeligt at fejle, men idiotisk at blive ved, og husk lige: At tænke før man taler, er som at tørre sig i røven før man skider