Logfile of HijackThis v1.97.7
Scan saved at 17:41:38, on 07-04-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\exp1orer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://nrjrxm.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://nrjrxm.t.rack.cc/sp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://nrjrxm.t.rack.cc/hp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://nrjrxm.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://nrjrxm.t.rack.cc/hp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://nrjrxm.t.rack.cc/sp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://nrjrxm.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://www.alfa-search.com/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://nrjrxm.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
http://nrjrxm.t.rack.cc/hp.php (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKLM\..\Run: [exp1orer] C:\WINDOWS\exp1orer.exe .
O4 - HKLM\..\Run: [Tapicfg.exe] C:\WINDOWS\System32\tapicfg.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {0A7F4407-A1C8-496A-9670-F13370CAAACC} (SysReg_DK Control) -
http://81.19.245.211/system/SysREG_DK.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) -
http://runonce.msn.com/setacceptlang.cab