• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
alfa1001

Problems wirh removing common hijack

2 posts in this topic

Hello, I have a PC scanned with adeware and spybot.. Spybot detects a

common hijack trojan. He does a clean but the problem resists.

 

Can someone help me?

 

Thanks,

Christophe

Share this post


Link to post
Share on other sites

Btw. This are the hijack logs:

 

startup log:

 

StartupList report, 19/07/2004, 18:06:47

StartupList version: 1.52

Started from : C:\Documents and Settings\user4\Bureaublad\HijackThis.EXE

Detected: Windows 2000 SP4 (WinNT 5.00.2195)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\Program Files\Network Associates\VirusScan\Webscanx.exe

C:\WINNT\Explorer.EXE

C:\web.exe

C:\WINNT\system32\ctfmon.exe

C:\Documents and Settings\user4\Application Data\unta.exe

C:\WINNT\System32\wbwpgek.exe

C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\wzqkpick.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\user4\Bureaublad\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\user4\Menu Start\Programma's\Opstarten]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten]

Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINNT\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Synchronization Manager = mobsync.exe /logon

LoadQM = loadqm.exe

mysoft = C:\web.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

ctfmon.exe = ctfmon.exe

System Soap Pro = C:\PROGRA~1\SYSTEM~1\soap.exe min

Isnr = C:\Documents and Settings\user4\Application Data\unta.exe

Naipbep = C:\WINNT\System32\wbwpgek.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINNT\System32\mshta.exe "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = "C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = "C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE

 

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *

StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\System32\ie4uinit.exe

 

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *

StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINNT\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINNT\System32\scrnsave.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINNT\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINNT\Explorer\Explorer.exe: not present

C:\WINNT\System\Explorer.exe: not present

C:\WINNT\System32\Explorer.exe: not present

C:\WINNT\Command\Explorer.exe: not present

C:\WINNT\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINNT

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Register-editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

(no name) - C:\WINNT\System32\ecfdlnzp.dll - {648A4123-9544-7AB8-8E56-67550FD22918}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

*No jobs found*

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[DirectAnimation Java Classes]

CODEBASE = file://C:\WINNT\Java\classes\dajava.cab

OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab

OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[MediaTicketsInstaller Control]

InProcServer32 = C:\WINNT\DOWNLO~1\MEDIAT~1.OCX

CODEBASE = http://www.mt-download.com/MediaTicketsInstaller.cab

 

[update Class]

InProcServer32 = C:\WINNT\System32\iuctl.dll

CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...8176.1425115741

 

[shockwave Flash Object]

InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\Program Files\Microsoft Firewall Client\wspwsp.dll

NameSpace #2: C:\WINNT\System32\rnr20.dll

NameSpace #3: C:\WINNT\System32\winrnr.dll

Protocol #1: C:\Program Files\Microsoft Firewall Client\wspwsp.dll

Protocol #2: C:\Program Files\Microsoft Firewall Client\wspwsp.dll

Protocol #3: C:\Program Files\Microsoft Firewall Client\wspwsp.dll

Protocol #4: C:\Program Files\Microsoft Firewall Client\wspwsp.dll

Protocol #5: C:\WINNT\system32\msafd.dll

Protocol #6: C:\WINNT\system32\msafd.dll

Protocol #7: C:\WINNT\system32\msafd.dll

Protocol #8: C:\WINNT\system32\rsvpsp.dll

Protocol #9: C:\WINNT\system32\rsvpsp.dll

Protocol #10: C:\WINNT\system32\msafd.dll

Protocol #11: C:\WINNT\system32\msafd.dll

Protocol #12: C:\WINNT\system32\msafd.dll

Protocol #13: C:\WINNT\system32\msafd.dll

Protocol #14: C:\WINNT\system32\msafd.dll

Protocol #15: C:\WINNT\system32\msafd.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Microsoft ACPI-stuurprogramma: System32\DRIVERS\ACPI.sys (system)

Omgeving voor AFD-netwerkondersteuning: \SystemRoot\System32\drivers\afd.sys (autostart)

Alerter: %SystemRoot%\System32\services.exe (autostart)

Application Management: %SystemRoot%\system32\services.exe (manual start)

Stuurprogramma voor RAS asyncrone media: System32\DRIVERS\asyncmac.sys (manual start)

Standaard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ATM ARP-client-protocol: System32\DRIVERS\atmarpc.sys (manual start)

Audiostub-stuurprogramma: System32\DRIVERS\audstub.sys (manual start)

AVSync Manager: "C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" (autostart)

Intelligente achtergrondsoverdrachtservice: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)

Computer Browser: %SystemRoot%\System32\services.exe (autostart)

Cd-rom-stuurprogramma: System32\DRIVERS\cdrom.sys (system)

Indexing-service: C:\WINNT\System32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)

DHCP Client: %SystemRoot%\System32\services.exe (autostart)

Stuurprogramma voor schijfstations: System32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative-service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Stuurprogramma voor Schijfbeheer: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)

Microsoft DirectMusic-softwaresynthesizer (WDM): system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\services.exe (autostart)

Intel PRO Adapter-stuurprogramma: System32\DRIVERS\e100bnt5.sys (manual start)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+-gebeurtenissysteem: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)

Fax-service: %systemroot%\system32\faxsvc.exe (manual start)

Stuurprogramma voor diskettestationcontroller: System32\DRIVERS\fdc.sys (manual start)

Stuurprogramma voor diskettestation: System32\DRIVERS\flpydisk.sys (manual start)

Stuurprogramma voor Volumebeheer: System32\DRIVERS\ftdisk.sys (system)

Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)

Algemene pakketclassificeerder: System32\DRIVERS\msgpc.sys (manual start)

Stuurprogramma voor i8042-toetsenbord en PS/2-muispoort: System32\DRIVERS\i8042prt.sys (system)

i81x: System32\DRIVERS\i81xnt5.sys (manual start)

IntelIde: System32\DRIVERS\intelide.sys (system)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC-stuurprogramma: System32\DRIVERS\ipsec.sys (manual start)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus-stuurprogramma: System32\DRIVERS\isapnp.sys (system)

Stuurprogramma voor verschillende toetsenbordtypen: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave-audiomixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\services.exe (autostart)

Workstation: %SystemRoot%\System32\services.exe (autostart)

TCP/IP NetBIOS Helper-service: %SystemRoot%\System32\services.exe (autostart)

TCP/IP Print Server: %SystemRoot%\System32\tcpsvcs.exe (manual start)

McShield: "C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe" (manual start)

Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)

Messenger: %SystemRoot%\System32\services.exe (autostart)

NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)

Stuurprogramma voor muistypen: System32\DRIVERS\mouclass.sys (system)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)

Windows Installer: C:\WINNT\System32\MsiExec.exe /V (manual start)

Microsoft Streaming Service-proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock-proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Kwaliteitsbeheer Proxy: system32\drivers\MSPQM.sys (manual start)

NaiFiltr: \??\C:\Program Files\Common Files\Network Associates\McShield\NaiFiltr.sys (manual start)

NaiFsRec: System32\drivers\NaiFsRec.sys (system)

RAS NDIS TAPI-stuurprogramma: System32\DRIVERS\ndistapi.sys (manual start)

I/O-protocol van NDIS-gebruikersmodus: System32\DRIVERS\ndisuio.sys (manual start)

RAS NDIS WAN-stuurprogramma: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS-interface: System32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (manual start)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)

NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)

Net Logon: %SystemRoot%\System32\lsass.exe (autostart)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

Parallel class-stuurprogramma: System32\DRIVERS\parallel.sys (manual start)

Stuurprogramma voor parallelle poort: System32\DRIVERS\parport.sys (system)

PCI Bus-stuurprogramma: System32\DRIVERS\pci.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)

WAN-minipoort (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\services.exe (autostart)

Stuurprogramma voor Directe parallelle verbinding: System32\DRIVERS\ptilink.sys (manual start)

Stuurprogramma voor Automatische verbinding voor RAS: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WAN-minipoort (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Microsoft Streaming Network-raw channel-toegang: system32\drivers\RCA.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

Stuurprogramma voor afspeelfilter van digitale cd-audio: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Remote Registry-service: %SystemRoot%\system32\regsvc.exe (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)

RunAs-service: %SystemRoot%\system32\services.exe (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter-stuurprogramma: System32\DRIVERS\serenum.sys (manual start)

Stuurprogramma voor seriële poort: System32\DRIVERS\serial.sys (system)

SerRdr: System32\DRIVERS\serrdr.sys (autostart)

Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

Intel 82801 Audio Driver (WDM) - SigmaTel Codec: system32\drivers\STAC97.sys (manual start)

Software Bus-stuurprogramma: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)

Microsoft System-audioapparaat: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Stuurprogramma voor TCP/IP-protocol: System32\DRIVERS\tcpip.sys (system)

Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)

Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)

Stuurprogramma voor Microsoft USB Universal Host Controller: System32\DRIVERS\uhcd.sys (manual start)

Microcode Update-stuurprogramma: System32\DRIVERS\update.sys (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Stuurprogramma voor Microsoft USB Standaard-hub: System32\DRIVERS\usbhub.sys (manual start)

Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)

VgaSave: \SystemRoot\System32\drivers\vga.sys (system)

Windows Time: %SystemRoot%\System32\services.exe (autostart)

RAS IP ARP-stuurprogramma: System32\DRIVERS\wanarp.sys (manual start)

Stuurprogramma voor Microsoft WINMM WDM-audiocompatibiliteit: system32\drivers\wdmaud.sys (manual start)

Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)

Automatische updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)

Draadloze configuratie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: C:\DOCUME~1\user4\LOCALS~1\Temp\GLB1A2B.EXE||c:\documents and settings\user4\cookies\user4@cs.valuead[1].txt||c:\documents and settings\user4\cookies\user4@trafficmp[2].txt||c:\documents and settings\user4\cookies\user4@tribalfusion[1].txt||c:\documents and settings\user4\cookies\user4@valuead[2].txt||c:\program files\clocksync\sync.exe_tobedeleted

 

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll

WebCheck: C:\WINNT\System32\webcheck.dll

SysTray: stobject.dll

 

--------------------------------------------------

End of report, 26 987 bytes

Report generated in 0,210 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

 

 

Hijacklog:

Logfile of HijackThis v1.97.7

Scan saved at 18:03:01, on 19/07/2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\Program Files\Network Associates\VirusScan\Webscanx.exe

C:\WINNT\Explorer.EXE

C:\web.exe

C:\WINNT\system32\ctfmon.exe

C:\Documents and Settings\user4\Application Data\unta.exe

C:\WINNT\System32\wbwpgek.exe

C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\WINZIP\wzqkpick.exe

C:\Documents and Settings\user4\Bureaublad\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://notariaat.g-net.be/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SBSVANERMENGEM:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {648A4123-9544-7AB8-8E56-67550FD22918} - C:\WINNT\System32\ecfdlnzp.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [mysoft] C:\web.exe

O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe

O4 - HKCU\..\Run: [system Soap Pro] C:\PROGRA~1\SYSTEM~1\soap.exe min

O4 - HKCU\..\Run: [isnr] C:\Documents and Settings\user4\Application Data\unta.exe

O4 - HKCU\..\Run: [Naipbep] C:\WINNT\System32\wbwpgek.exe

O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=

O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8176.1425115741

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dmnvanermengem.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dmnvanermengem.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dmnvanermengem.local

 

 

Thx ;-)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0