Link overtager min browser
Et eller andet skidt har jeg fået på min computer for der er uønskede link til alt muligt skrammel når jeg browser.Jeg har brugt spyboot og lavet en log med hijackthis....
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:02:40, on 16-06-2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Programmer\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\AVG\AVG2013\avgidsagent.exe
C:\Programmer\AVG\AVG2013\avgwdsvc.exe
C:\Documents and Settings\HMO\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Programmer\Java\jre7\bin\jqs.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Programmer\AVG\AVG2013\avgnsx.exe
C:\Programmer\AVG\AVG2013\avgemcx.exe
C:\PROGRA~1\FLLESF~1\MICROS~1\DW\DW20.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\norton commander\NC.EXE
c:\unzipped\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mandala.dk/m/user_home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\HMO\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [InstallerLauncher] "C:\DOCUME~1\HMO\LOKALE~1\Temp\GZ_INSTALL_1\setuplauncher.exe" /run:"C:\DOCUME~1\HMO\LOKALE~1\Temp\GZ_INSTALL_1\Installer.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmer\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://tbedits.utilitychest.com/one-toolbaredits/menusearch.jhtml?s=204540489&p2=^ZO^xdm071^YY^dk&si=PI_UT_FIG_DEN_20&a=8ED538F8-C2D8-4682-81B5-C67AD1BA0253&n=2013061423&cv=2
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG2013\avgwdsvc.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\HMO\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: Google Update Tjeneste (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmer\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Programmer\Fælles filer\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
--
End of file - 8611 bytes
yderligere har jeg en søgebar som hedder Search Here som fuldstændigt overtager så jeg ikke kan installere Google Searchbar i Firefox.