Logfile of HijackThis v1.97.7
Scan saved at 08:58:49, on 06-11-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\d3tz.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINNT\system32\internat.exe
C:\Documents and Settings\Administrator\Application Data\v???.exe
C:\Palm\hotsync.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Web_Rebates\WebRebates1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.iwantsearch.com/to.php?ID1=817&ID2=56874538&ID3=63765656627&ID4=0&ID5={18A9CC92-9F19-444A-BEE5-5B4E4F9BE064}R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://lookfor.cc/sp.php?pin=29126R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://lookfor.cc/sp.php?pin=29126R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://lookfor.cc?pin=29126R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://lookfor.cc/sp.php?pin=29126R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BED78C89-E6B2-7B64-877B-13F78817EFC7} - C:\WINNT\system32\d3ve.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Ueur] C:\Documents and Settings\Administrator\Application Data\v???.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Web Rebates -
file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: IXOS_JavaViewer -
http://webdkba052.corp.novocorp.net:92/sap/its/w3/htdocs/JAVAVW/w3vw.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {10000000-1000-0000-1000-000000000000} -
file://C:\Program Files\Internet Explorer\fjudvvvr.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?bt=ie&p=c5459642a0b12dd3a7c3a2b2a44b1e4aab0738ec7ca9dbcf2148868f4c2536928ac5820cbd9e9cf718567f40072e3860522cb616980cd858077a831c510d7fc8:5e843a409a5ce0d070f0817523680ce4O16 - DPF: {22222222-2222-2222-2222-222222222222} -
file://c:\x.cabO16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) -
http://www.advnt01.com/dialer/internazionale_ver3.CABO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) -
http://www.mt-download.com/MediaTicketsInstaller.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38254.0989930556O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.novocorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.novocorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.novocorp.net
Ny bruger
Nybegynder
Opret
Preview
