Mededeling

Collapse
No announcement yet.

Hijack this log van Hans Nooteboom

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Hijack this log van Hans Nooteboom

    Logfile of HijackThis v1.98.2
    Scan saved at 21:27:10, on 31-10-2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\PopUp Killer\PopUpKiller.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CSBB\CSV7P36.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\progra~1\intern~1\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\HANSNO~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zmuwnathjdnpayeddemsqbkb.com/mwbfugg4y8xryTPKvqkBT8ydi19rtJwHFG8dlruk9PWErfFf824HwUVtbONJVkFt.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zvvdehoven.nl/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7FAEEC20-077B-EA8A-F6F0-77F00BE435A6} - C:\PROGRA~1\SECOND~1\NameShow.exe (file missing)
    O2 - BHO: (no name) - {892F3E67-7EC1-2AAB-A6D5-56696A312F68} - C:\DOCUME~1\JACQUE~1\APPLIC~1\SECOND~1\NameShow.exe
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {CC0769BF-F115-54D0-A589-63D59F66512B} - C:\PROGRA~1\SECOND~1\NameShow.exe (file missing)
    O2 - BHO: (no name) - {D2ECCBC1-E31F-2EF3-F0EC-4D8FAEE4B7A4} - C:\DOCUME~1\HANSNO~1\APPLIC~1\SECOND~1\NameShow.exe
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CSV7P36] C:\Program Files\CSBB\CSV7P36.exe
    O4 - HKLM\..\Run: [browseencprogramflap] C:\Documents and Settings\All Users\Application Data\coal info browse enc\4 dent.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [16 Idle] C:\DOCUME~1\HANSNO~1\APPLIC~1\GLUEACID\Forddeafdvd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Snelkoppeling naar Microsoft Outlook.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094671128781
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9817A350-05A9-4261-A829-6B689F35D6F2}: NameServer = 192.168.2.1

  • #2
    Hoi Hans, en welkom op ASO!

    1. Ga naar Deze Computer, dubbelklik daar op C. Dubbelklik op Program Files. Klik nu op "Bestand" > "Nieuw" > "Map". Noem deze map HJT of HijackThis. Plaats nu de HijackThis.exe in DIE map. Draai in het vervolg HijackThis vanuit DIE map . Dit in verband met de backups die dit programma maakt

    2. Start HijackThis, en vink onderstaande regels aan:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zmuwnathjdnpayeddemsqbkb....tbONJVkFt.html

    O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000002230} - C:\Program Files\CSBB\CSBB.DLL
    O2 - BHO: (no name) - {7FAEEC20-077B-EA8A-F6F0-77F00BE435A6} - C:\PROGRA~1\SECOND~1\NameShow.exe (file missing)
    O2 - BHO: (no name) - {892F3E67-7EC1-2AAB-A6D5-56696A312F68} - C:\DOCUME~1\JACQUE~1\APPLIC~1\SECOND~1\NameShow.exe
    O2 - BHO: (no name) - {CC0769BF-F115-54D0-A589-63D59F66512B} - C:\PROGRA~1\SECOND~1\NameShow.exe (file missing)
    O2 - BHO: (no name) - {D2ECCBC1-E31F-2EF3-F0EC-4D8FAEE4B7A4} - C:\DOCUME~1\HANSNO~1\APPLIC~1\SECOND~1\NameShow.exe

    O4 - HKLM\..\Run: [CSV7P36] C:\Program Files\CSBB\CSV7P36.exe
    O4 - HKLM\..\Run: [browseencprogramflap] C:\Documents and Settings\All Users\Application Data\coal info browse enc\4 dent.exe
    O4 - HKCU\..\Run: [16 Idle] C:\DOCUME~1\HANSNO~1\APPLIC~1\GLUEACID\Forddeafdvd.exe
    3. Sluit alle andere vensters en browsers, en klik op de knop “Fix Checked”.

    4. Start opnieuw op in veilige modus.
    Zorg ervoor dat verborgen bestanden en mappen zichtbaar zijn: Verkenner > Extra > Mapopties > Tablad Weergave > scroll naar beneden en vink het vakje voor "Verborgen bestanden en mappen weergeven" aan.

    5. Ga naar Windows Verkenner (Rechtsklikken op Start - Verkennen). Zoek en verwijder het volgende:
    Mappen:
    C:\Program Files\CSBB
    C:\Program Files\SECOND...
    C:\Documents and Settings\JACQUE~1\Application Data\SECOND...
    C:\Documents and Settings\HANSNO~1\Application Data\SECOND...
    C:\Documents and Settings\All Users\Application Data\coal info browse enc
    C:\Documents and Settings\HANSNO~1\Application Data\GLUEACID

    6. Start opnieuw op in normale modus, maak een nieuw logje aan met HijackThis, en post dat hier

    Comment


    • #3
      Nieuwe log

      Logfile of HijackThis v1.98.2
      Scan saved at 22:10:23, on 31-10-2004
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\hkcmd.exe
      C:\WINDOWS\System32\DSentry.exe
      C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\PopUp Killer\PopUpKiller.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\PROGRA~1\MICROS~3\Office10\OUTLOOK.EXE
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\system32\drivers\KodakCCS.exe
      C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\SAVScan.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\RealVNC\VNC4\WinVNC4.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\HANSNO~1\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe
      C:\WINDOWS\system32\wuauclt.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zvvdehoven.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: Snelkoppeling naar Microsoft Outlook.lnk = ?
      O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: officejet 6100.lnk = ?
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094671128781
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9817A350-05A9-4261-A829-6B689F35D6F2}: NameServer = 192.168.2.1

      Comment


      • #4
        Een keurig logje weer!

        Neem deze pagina door ter preventie:
        http://www.nucia.eu/ne/main/spyware_hoevoorkom.html

        Comment


        • #5
          Bedankt

          Prachtig werk, dit verdient alle lof. De strijd tegen de crimenelen van de spy and spam

          Hans

          Comment


          • #6
            Graag gedaan hoor

            Comment

            Sorry, you are not authorized to view this page
            Working...
            X