1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

problems with supersearch!

Discussion in 'Virus & Other Malware Removal' started by Sabbaga, Dec 17, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Sabbaga

    Sabbaga Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    18
    hey guys, I'm going completely crazy with all this supersearch, 'cause, it simply turned out to be my homepage even 'though I change it every time...It doesn't change anything!
    So I Hijacked, and here's my log:

    Logfile of HijackThis v1.95.0
    Scan saved at 08:32:50, on 17/12/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Arquivos de programas\PCI Audio Applications\Bin\EchoCtrl.exe
    C:\WINDOWS\Mixer.exe
    C:\Arquivos de programas\QuickTime\qttask.exe
    C:\WINDOWS\System32\rmctrl.exe
    C:\Arquivos de programas\Winamp\Winampa.exe
    C:\Arquivos de programas\Ahead\InCD\InCD.exe
    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\74566286.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Arquivos de programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Paula\Meus documentos\Meus arquivos recebidos\Hijack this\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://81.211.105.9/search.php?v=1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://81.211.105.9/index.php?v=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://81.211.105.9/index.php?v=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: (no name) - {333B2D6D-3DF7-4040-BC5E-E79564E578DD} - (no file)
    O3 - Toolbar: &RĂ¡dio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [C-Media Echo Control] C:\Arquivos de programas\PCI Audio Applications\Bin\EchoCtrl.exe
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [47088259.exe] C:\WINDOWS\System32\47088259.exe
    O4 - HKCU\..\Run: [Popup Ad Filter] C:\Arquivos de programas\Meaya\Popup Ad Filter\PopFilter.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Allow Popups - C:\Arquivos de programas\Meaya\Popup Ad Filter\WhiteGetUrl.js
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Arquivos de programas\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2787712C-2CE4-4C02-9F09-C89F29E7C5CB} (xLauncherImpl Class) - http://www.x2web.com.br/component/x2client.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2125e010e8d96b0cfa19/netzip/RdxIE601_br.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
     
  2. cybertech

    cybertech Moderator

    Joined:
    Apr 16, 2002
    Messages:
    69,446
    Sabbaga

    Please don't use someone another person's thread, start your own next time...

    Run HJT again and put checks in these items

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://81.211.105.9/search.php?v=1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://81.211.105.9/index.php?v=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://81.211.105.9/index.php?v=1
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [47088259.exe] C:\WINDOWS\System32\47088259.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2125e010e8d96b...RdxIE601_br.cab

    Close all browser windows before you click "fix checked".

    Use Ctrl+alt+del to terminate C:\WINDOWS\System32\47088259.exe Then find and delete it.

    Reboot your machine.

    Post back and let us know how things are going.
     
  3. Sabbaga

    Sabbaga Thread Starter

    Joined:
    Jul 1, 2003
    Messages:
    18
    welll....didn't work....sorry....I mean, it still my home page even though I'vI did it all of this...do you have anything else for me to do?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/188009