• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Keusen

Home Search Hijacker

8 posts in this topic

I read all the FAQs and followed the directions, without success.

I tried AdAware, Spybot and CWshredder to remove the hijacker.

I ran the newest version of HijckThis. I fixed the R1 and R0 entries.

The Hijack returns after restarting the computer but I am afraid I couldn't find which entry to fix in the run section.

 

Can anyone help?

Andy

 

 

 

 

Here's my HijackThis Log:

 

 

Logfile of HijackThis v1.98.0

Scan saved at 12:43:12, on 11.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ienx32.exe

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Programme\Eicon\Diva\DiTask.exe

C:\Programme\Eicon\Diva\Divamon.exe

C:\Programme\Eicon\Diva\watch.exe

C:\Programme\Eicon\Diva\cgserver.exe

C:\Programme\Eicon\Diva\diinfo.exe

C:\Programme\Winamp\winampa.exe

C:\WINDOWS\sdkfq.exe

C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe

C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpmsn.dll/sp.html#96676

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://gpmsn.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://gpmsn.dll/index.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gpmsn.dll/sp.html#96676

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gpmsn.dll/sp.html#96676

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://gpmsn.dll/index.html#96676

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {39B55E7F-513F-C3C3-44BF-B0378C8CBFEF} - C:\WINDOWS\system32\netys32.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"

O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"

O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"

O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe

O4 - HKLM\..\RunOnce: [ienx32.exe] C:\WINDOWS\system32\ienx32.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200201...meInstaller.exe

O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll

O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

Share this post


Link to post
Share on other sites

OK,

 

The Buster Log is:

 

-- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\ntrr32.exe

Removed! : C:\WINDOWS\timxba.dat

Removed! : C:\WINDOWS\xhukl.dat

Removed! : C:\WINDOWS\System32\ntbb.dll

Removed! : C:\WINDOWS\System32\qkngy.dll

Removed! : C:\WINDOWS\System32\wppib.dat

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

 

And the new HJT log is:

 

Logfile of HijackThis v1.98.0

Scan saved at 09:39:22, on 12.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Programme\Eicon\Diva\DiTask.exe

C:\Programme\Eicon\Diva\Divamon.exe

C:\Programme\Eicon\Diva\watch.exe

C:\Programme\Eicon\Diva\cgserver.exe

C:\Programme\Eicon\Diva\diinfo.exe

C:\Programme\Winamp\winampa.exe

C:\WINDOWS\sdkfq.exe

C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe

C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

C:\WINDOWS\system32\syshu32.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {3E92881C-5DEB-061D-127B-BAA4818F8349} - C:\WINDOWS\system32\ntbb.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"

O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"

O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"

O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200201...meInstaller.exe

O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll

O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

Share this post


Link to post
Share on other sites

Boot into safe mode and run another scan with About:buster.

 

Then scan with adaware and run CW shredder (make sure you click the fix button)

 

Then boot back into normal mode and post a fresh hijackthis log and an About:buster report.

Share this post


Link to post
Share on other sites

The safe mode HJT log is:

 

Logfile of HijackThis v1.98.0

Scan saved at 19:14:04, on 13.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {65987126-98A1-4B3E-486F-57E4F99A69FD} - C:\WINDOWS\sysjv.dll (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"

O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"

O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"

O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe

O4 - HKLM\..\RunOnce: [winiq.exe] C:\WINDOWS\system32\winiq.exe

O4 - HKLM\..\RunOnce: [addyo.exe] C:\WINDOWS\addyo.exe

O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\appel32.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200201...meInstaller.exe

O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll

O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

 

 

And the safe mode About:buster report is:

 

 

- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\cjelox.dat

Removed! : C:\WINDOWS\krpgf.dat

Removed! : C:\WINDOWS\ngyomq.dat

Removed! : C:\WINDOWS\oztrkm.dat

Removed! : C:\WINDOWS\pxjzow.dat

Removed! : C:\WINDOWS\sysjv.dll

Removed! : C:\WINDOWS\System32\joxkk.dat

Removed! : C:\WINDOWS\System32\ljvbh.dll

Removed! : C:\WINDOWS\System32\syshu32.exe

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

Share this post


Link to post
Share on other sites

Run about:buster in normal mode. Then reboot and post a fresh hijackthis log and about:buster report.

Share this post


Link to post
Share on other sites

The normal mode About:Buster log is:

 

-- Scan 1 --------

About:Buster Version 1.27

Removed! : C:\WINDOWS\krpgf.dat

Removed! : C:\WINDOWS\System32\joxkk.dat

Removed! : C:\WINDOWS\System32\ljvbh.dll

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

Here's the fresh HJT log:

 

Logfile of HijackThis v1.98.0

Scan saved at 10:39:49, on 14.07.2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winiq.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Programme\Eicon\Diva\DiTask.exe

C:\Programme\Eicon\Diva\Divamon.exe

C:\Programme\Eicon\Diva\watch.exe

C:\Programme\Eicon\Diva\cgserver.exe

C:\Programme\Winamp\winampa.exe

C:\WINDOWS\sdkfq.exe

C:\Programme\Eicon\Diva\diinfo.exe

C:\Programme\Sony Corporation\Image Transfer\SonyTray.exe

C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

C:\Dokumente und Einstellungen\Andreas Keusen\Eigene Dateien\Downloads\HJT\HijackThis.exe

 

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {65987126-98A1-4B3E-486F-57E4F99A69FD} - C:\WINDOWS\sysjv.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [CXMon] "C:\Programme\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [DiTask.exe] "C:\Programme\Eicon\Diva\DiTask.exe"

O4 - HKLM\..\Run: [Divamon.exe] "C:\Programme\Eicon\Diva\Divamon.exe"

O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Programme\Eicon\Diva\watch.exe"

O4 - HKLM\..\Run: [CGServer] "C:\Programme\Eicon\Diva\cgserver.exe"

O4 - HKLM\..\Run: [bJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe

O4 - HKLM\..\Run: [sdkfq.exe] C:\WINDOWS\sdkfq.exe

O4 - HKLM\..\RunOnce: [winiq.exe] C:\WINDOWS\system32\winiq.exe

O4 - HKLM\..\RunOnce: [addyo.exe] C:\WINDOWS\addyo.exe

O4 - HKLM\..\RunOnce: [appel32.exe] C:\WINDOWS\appel32.exe

O4 - HKLM\..\RunOnce: [iefd32.exe] C:\WINDOWS\system32\iefd32.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - Global Startup: Image Transfer.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200201...meInstaller.exe

O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll

O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL

Share this post


Link to post
Share on other sites

I've got this problem too and have run all the programs in safe and normal mode of xp. Can't wait to hear what I need to get rid of lol. =)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0