|
12.09.2004., 16:25 | #1 |
CurSedPala
Datum registracije: Jan 2004
Lokacija: Bec
Postovi: 173
|
HijackThis- pomozite
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\mssvc32.exe F:\Norton\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\scagent.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\services\msxmidi.exe F:\Norton\navapw32.exe F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\windows\system32\winexplor.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe C:\windows\system32\winapig.exe C:\Program Files\Winad Client\Winad.exe F:\Logitech\MouseWare\system\em_exec.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\WINDOWS\System32\ctfmon.exe F:\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\System32\cli.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Winad Client\WinClt.exe C:\Programme\Web_Rebates\WebRebates1.exe F:\Downloads\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F3 - REG:win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll O2 - BHO: (no name) - {4EA1105E-B440-7DB5-D358-10550AD92842} - C:\WINDOWS\System32\xnzkqn.dll O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: (no name) - {AEBE8B99-77A1-4EA2-A2DC-3A66E47C5511} - C:\WINDOWS\System32\dkkkf.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll O4 - HKLM\..\Run: [mssvc32] mssvc32.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NAV Agent] F:\Norton\navapw32.exe O4 - HKLM\..\Run: [Zone Labs Client] F:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe" O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe O4 - HKLM\..\Run: [winstart] C:\windows\system32\winapig.exe O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\RunServices: [mssvc32] mssvc32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LDM] F:\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [Ducd] C:\Dokumente und Einstellungen\Tihi\Anwendungsdaten\nabu.exe O4 - HKCU\..\Run: [Unm] C:\WINDOWS\System32\cli.exe O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O13 - DefaultPrefix: http://www.microsoet.com/start.php?url= O13 - WWW Prefix: http://www.microsoet.com/start.php?url= O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/420/online.chm::/on-line.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://www.terra.es/personal7/hsjqpd...::/on-line.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://c:\x.cab O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://62.4.84.150/data/sc.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {FFA6CE4C-2199-4A4F-9542-12E0163D6841} - http://sessa.isprime.com:8080/tel2net/CABDialer.cab O18 - Filter: text/html - {DD4F82E6-827B-481F-A312-69DEF42748F5} - C:\WINDOWS\System32\dkkkf.dll O18 - Filter: text/plain - {DD4F82E6-827B-481F-A312-69DEF42748F5} - C:\WINDOWS\System32\dkkkf.dll
__________________
Viarama U8568 Pro P4 2.66@2.8Ghz 512 ddr Maxtor 120 Gb 9600 XT 545/310 MX 510 Zadnje izmijenjeno od: Black Lotus. 12.09.2004. u 16:59. |
12.09.2004., 17:31 | #2 |
Moderator
Datum registracije: Aug 2003
Lokacija: Zagreb
Postovi: 3,193
|
Pogasi: C:\WINDOWS\System32\mssvc32.exe C:\WINDOWS\system32\scagent.exe C:\WINDOWS\System32\services\msxmidi.exe C:\windows\system32\winexplor.exe C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe C:\windows\system32\winapig.exe C:\Program Files\Winad Client\Winad.exe F:\Logitech\MouseWare\system\em_exec.exe C:\Programme\Web_Rebates\WebRebates0.exe C:\WINDOWS\System32\cli.exe C:\Program Files\Winad Client\WinClt.exe C:\Programme\Web_Rebates\WebRebates1.exe Sredi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://your-searcher.com/sp.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost F3 - REG:win.ini: run=C:\WINDOWS\System32\services\msxmidi.exe O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - c:\windows\iehr.dll O2 - BHO: (no name) - {4EA1105E-B440-7DB5-D358-10550AD92842} - C:\WINDOWS\System32\xnzkqn.dll O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: (no name) - {AEBE8B99-77A1-4EA2-A2DC-3A66E47C5511} - C:\WINDOWS\System32\dkkkf.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.3000.1001\de-at\msntb.dll O4 - HKLM\..\Run: [mssvc32] mssvc32.exe O4 - HKLM\..\Run: [mysoft] C:\windows\system32\winexplor.exe O4 - HKLM\..\Run: [msnappau] "C:\Programme\MSN Apps\Updater\01.02.3000.1001\de-at\msnappau.exe" O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe O4 - HKLM\..\Run: [winstart] C:\windows\system32\winapig.exe O4 - HKLM\..\Run: [Winad Client] C:\Program Files\Winad Client\Winad.exe O4 - HKLM\..\Run: [WebRebates0] "C:\Programme\Web_Rebates\WebRebates0.exe" O4 - HKLM\..\RunServices: [mssvc32] mssvc32.exe O4 - HKCU\..\Run: [Ducd] C:\Dokumente und Einstellungen\Tihi\Anwendungsdaten\nabu.exe O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\msxmidi.exe O8 - Extra context menu item: Web Rebates - file://C:\Programme\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O13 - DefaultPrefix: http://www.microsoet.com/start.php?url= O13 - WWW Prefix: http://www.microsoet.com/start.php?url= O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/420/online.chm::/on-line.exe O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C:oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=dp::/win.exe O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://www.terra.es/personal7/hsjqp...m::/on-line.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://c:\x.cab O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://62.4.84.150/data/sc.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab O16 - DPF: {FFA6CE4C-2199-4A4F-9542-12E0163D6841} - http://sessa.isprime.com:8080/tel2net/CABDialer.cab O18 - Filter: text/html - {DD4F82E6-827B-481F-A312-69DEF42748F5} - C:\WINDOWS\System32\dkkkf.dll O18 - Filter: text/plain - {DD4F82E6-827B-481F-A312-69DEF42748F5} - C:\WINDOWS\System32\dkkkf.dll
__________________
|
|
|
Oglas
|
|
13.09.2004., 13:25 | #3 |
CurSedPala
Datum registracije: Jan 2004
Lokacija: Bec
Postovi: 173
|
THX men
__________________
Viarama U8568 Pro P4 2.66@2.8Ghz 512 ddr Maxtor 120 Gb 9600 XT 545/310 MX 510 |
|
|
Oglas
|
|
|
|