TR/Small.dld.F0

Discussion in 'adware, spyware & hijack cleaning' started by djlacruise, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. djlacruise

    djlacruise Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    1
    Hi, my log looks the following:

    What can I safely remove? Thank you very much for your help!!!

    Ben


    Logfile of HijackThis v1.97.7
    Scan saved at 19:08:03, on 10.07.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\AVPersonal\AVGUARD.EXE
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Programme\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programme\Dell\AccessDirect\dadapp.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Programme\Winamp3\winampa.exe
    C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\AVPersonal\AVGNT.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programme\MSN Messenger\MsnMsgr.Exe
    C:\windows\rundll32.exe
    C:\windows\happychina.exe
    C:\WINDOWS\System32\iexplore.exe
    C:\Programme\Digital Line Detect\DLG.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\ZONEAL~1.EXE
    C:\Programme\Microsoft Office\Office\WINWORD.EXE
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Dokumente und Einstellungen\jonathan baltzer\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis1977.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search123.biz/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\fmajh.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\fmajh.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?bzbjr (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?bzbjr (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\fmajh.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?bzbjr (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=enc
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\fmajh.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\fmajh.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?bzbjr (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.placeforsearch.com/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\fmajh.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.abc-search.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?bzbjr (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?bzbjr (obfuscated)
    O1 - Hosts: 209.66.115.34 easypic.com
    O1 - Hosts: 209.66.115.34 pichunter.com
    O1 - Hosts: 209.66.115.34 pussyslot.com
    O1 - Hosts: 209.66.115.34 sexocean.com
    O1 - Hosts: 209.66.115.34 worldsex.com
    O1 - Hosts: 209.66.115.34 www.easypic.com
    O1 - Hosts: 209.66.115.34 www.pichunter.com
    O1 - Hosts: 209.66.115.34 www.pussyslot.com
    O1 - Hosts: 209.66.115.34 www.sexocean.com
    O1 - Hosts: 209.66.115.34 www.worldsex.com
    O1 - Hosts: 209.66.115.34 www.pinkworld.com
    O1 - Hosts: 209.66.115.34 pinkworld.com
    O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot\SDHelper.dll
    O2 - BHO: (no name) - {CB3B21F0-1FED-4904-BA61-6C96212FDD13} - C:\WINDOWS\System32\fmajh.dll
    O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717765721306} - C:\WINDOWS\System32\wer1306.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DadApp] C:\Programme\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [sys] regedit -s sys.reg
    O4 - HKLM\..\Run: [system] c:\Free_Sex_Download.exe
    O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
    O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
    O4 - HKCU\..\Run: [Happy China] C:\windows\happychina.exe
    O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
    O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINDOWS\system32\deinst_qfe001.exe
    O4 - HKCU\..\Run: [SpywareGuard] C:\WINDOWS\system32\winproc32.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Programme\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
    O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
    O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} - http://www.thepaymentcentre.com/build/preload2.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_EN_XP.cab
    O16 - DPF: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - http://www.cameup.com/download2/ToolBand.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\MAIN.MHT!http://d.dialer2004.com//enter/main.chm::/load.exe
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111123} - http://zalmancrave.ud-dial.biz/1/dexGB586.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://cashsearch.biz/legal/x.chm::/load.exe
    O16 - DPF: {11111111-1111-1111-1111-111111111237} - http://63.219.178.91/1/deaGB89.exe
    O16 - DPF: {11111111-1111-1111-1234-123423452345} - http://66.117.38.54/dexUK505.exe
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
    O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/21b43246824727798523/netzip/RdxIE601_de.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49460} - http://****here.ud-dial.biz/dexUK505.exe
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binaries/IA/netpe32_EN_XP.cab
    O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} - http://www.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_GB.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://online.cryogen.us/download/elenco/imt108u1s1m_adult.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{656AAAED-E4C2-432B-B399-D29A7888665D}: NameServer = 62.104.191.241 62.104.196.134
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F341419F-1549-4AB9-8ADF-347EBD3B8047}: NameServer = 194.106.56.6,194.106.33.42
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.