Jump to content


Photo

I.E.'s homepage res://*.dll


  • Please log in to reply
1 reply to this topic

#1 PaWouC

PaWouC

    Member

  • New Member
  • Pip
  • 2 posts

Posted 08 July 2004 - 07:12 AM

I folowed your recommendation steps from

http://forums.spywar...?showtopic=4817

and after that I launched Hijack.

There are useful logs:
1)Startup log generated by RegCleaner 4.3 (I see nothing bad)

[syntax: Program, Filename, Loaded from ]

Desktop, N/A, Start Menu
Desktop, N/A, Start Menu (Common User)
Dsb, C:\Program Files\DSB\DSB.exe, HKEY_LM\Run
ICQ Lite, C:\Program Files\ICQLite\ICQLite.exe -trayboot, HKEY_CU\RunOnce
ICQ Lite, C:\Program Files\ICQLite\ICQLite.exe -minimize, HKEY_LM\Run
Ipxw.exe, C:\WINDOWS\system32\ipxw.exe, HKEY_LM\Run
Microsoft Office, N/A, Start Menu (Common User)
SpybotSD TeaTimer, C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe, HKEY_CU\Run
Syscl.exe, C:\WINDOWS\system32\syscl.exe, HKEY_LM\Run
THGuard, "C:\Program Files\TrojanHunter 3.9\THGuard.exe", HKEY_LM\Run
WinampAgent, "C:\Program Files\Winamp\Winampa.exe", HKEY_LM\Run


2)Log Generated by HijackThis

Logfile of HijackThis v1.97.7
Scan saved at 14:00:20, on 8.7.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\javaki32.exe
C:\Program Files\DSB\DSB.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ipxw.exe
C:\Program Files\TrojanHunter 3.9\THGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kdeja.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kdeja.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kdeja.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kdeja.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kdeja.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kdeja.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find777.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.22.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F1 - win.ini: run=C:\WINDOWS\System32\services\exploit.exe
O2 - BHO: (no name) - {E3C75ADD-28CA-1552-C53A-CB5117FD483C} - C:\WINDOWS\wingy.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSB] C:\Program Files\DSB\DSB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [syscl.exe] C:\WINDOWS\system32\syscl.exe
O4 - HKLM\..\Run: [ipxw.exe] C:\WINDOWS\system32\ipxw.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ 4.1 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {2E90275C-D7E4-41A6-81D4-E4A7C53D241B} (ITLSCSWiz2 Class) - https://clearinghous...com/tlscabu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8167.1634143519
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmo.cz
O17 - HKLM\Software\..\Telephony: DomainName = dmo.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmo.cz

What I can KickOut, please help.

#2 PaWouC

PaWouC

    Member

  • New Member
  • Pip
  • 2 posts

Posted 18 July 2004 - 03:41 AM

I solved problems by Ad-Aware program HiJackThis.exe and AboutBuster.exe program.


After removing shits by Ad-Aware, Remove some things by your thinking except RO's and R1's and then run AboutBuster.exe more times then one.

Restart and that's all.

Edited by PaWouC, 18 July 2004 - 03:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button