Hijack This log

Status
Niet open voor verdere reacties.
K

Kaioh Shin

Gebruiker
Lid geworden
10 jun 2004
Berichten
36
Okee, weer terug van weggeweest. Deze computer is van een vriend van mij en zelfs het opstart deuntje dat je hoort bij windows 98 stotterde :rolleyes: .
Ik heb spyware guard erop gegooit en met Ad Aware gescand en verwijderd.
Nog steeds staat er bij Running Processes enorm veel onzin, maar op de een of andere manier loopt AA nu vast bij het verwijderen van die 34 bestanden die die nog vind :( .

hier mijn logje dan maar :confused: .

Logfile of HijackThis v1.97.7
Scan saved at 17:15:47, on 22-9-20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_JETSEND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MIJN DOCUMENTEN\ANTI-SPYWARE.****\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cguku.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scooter-freaks.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gfkxh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cguku.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gfkxh.dll/sp.html#29126
O4 - HKLM\..\Run: [HPIJetSend] C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_JETSEND.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CRPA.EXE] C:\WINDOWS\CRPA.EXE
O4 - HKLM\..\RunServices: [CROE.EXE] C:\WINDOWS\SYSTEM\CROE.EXE
O4 - HKLM\..\RunServices: [CRKB32.EXE] C:\WINDOWS\SYSTEM\CRKB32.EXE
O4 - HKLM\..\RunServices: [JAVAIT.EXE] C:\WINDOWS\JAVAIT.EXE
O4 - HKLM\..\RunServices: [CRPZ32.EXE] C:\WINDOWS\SYSTEM\CRPZ32.EXE
O4 - HKLM\..\RunServices: [JAVAIW32.EXE] C:\WINDOWS\JAVAIW32.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Vriendelijke groet, Kaioh Shin...
Als ik iets niet goed heb gedaan, zeg het dan even... Dan zal ik proberen om deze computer zover te krijgen om datgene uit te voeren wat nodig is...

// Kaioh Shin
 
Download dan:
Hijack This. Zorg dat je minstens versie 1.98.2 hebt

jij hebt dus een verkeerde versie van hijack gebruikt.
Even de nieuwste versie gebruiken en het logje gewoon hier weer neerzetten.
 
sorry :o

l
l
\/

Logfile of HijackThis v1.98.2
Scan saved at 17:35:08, on 22-9-20
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_JETSEND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
C:\PROGRAM FILES\WINAD CLIENT\WINCLT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\ICD2.TMP\JINSTALL.EXE
C:\WINDOWS\TEMP\JINSTALLER142_05.EXE
C:\WINDOWS\TEMP\JAVE1C4.TMP.EXE
C:\WINDOWS\SYSTEM\MSIEXEC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\COMMON FILES\JAVA\UPDATE\BASE IMAGES\J2RE1.4.2-B28\PATCH-J2RE1.4.2_05-B04\PATCHJRE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cguku.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scooter-freaks.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gfkxh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gfkxh.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [HPIJetSend] C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_JETSEND.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [CRPA.EXE] C:\WINDOWS\CRPA.EXE
O4 - HKLM\..\RunServices: [CROE.EXE] C:\WINDOWS\SYSTEM\CROE.EXE
O4 - HKLM\..\RunServices: [CRKB32.EXE] C:\WINDOWS\SYSTEM\CRKB32.EXE
O4 - HKLM\..\RunServices: [JAVAIT.EXE] C:\WINDOWS\JAVAIT.EXE
O4 - HKLM\..\RunServices: [CRPZ32.EXE] C:\WINDOWS\SYSTEM\CRPZ32.EXE
O4 - HKLM\..\RunServices: [JAVAIW32.EXE] C:\WINDOWS\JAVAIW32.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
 
Geplaatst door Kaioh Shin
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\cguku.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gfkxh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gfkxh.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"
O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE
O4 - HKLM\..\RunServices: [CRPA.EXE] C:\WINDOWS\CRPA.EXE
O4 - HKLM\..\RunServices: [CROE.EXE] C:\WINDOWS\SYSTEM\CROE.EXE
O4 - HKLM\..\RunServices: [CRKB32.EXE] :\WINDOWS\SYSTEM\CROE.EXE
O4 - HKLM\..\RunServices: [JAVAIT.EXE] C:\WINDOWS\JAVAIT.EXE
O4 - HKLM\..\RunServices: [CRPZ32.EXE] C:\WINDOWS\SYSTEM\CRPZ32.EXE
O4 - HKLM\..\RunServices: [JAVAIW32.EXE] C:\WINDOWS\JAVAIW32.EXE
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
Klik om te vergroten...

Hoi Kaioh Shin,

1. Probeer de volgende dingen te verwijderen in Configuratiescherm bij Software:
Winad
Integrated Search Technologies
WebRebates

2. Download CWShredder, maar gebruik het nog niet!
http://radiosplace.com/

3. Sluit alle vensters behalve HijackThis, dus ook dit venster(!), vink bovenstaande (zie quote) aan en druk op Fix Checked.

4. Voer CWShredder nu uit, druk op de Fix knop.

5. Start opnieuw op in veilige modus, en zorg ervoor dat verborgen- en systeembestanden worden weergegeven. Verwijder nu:

C:\WINDOWS\cguku.dll <<Dit bestand
C:\WINDOWS\gfkxh.dll <<Dit bestand
C:\Program Files\ISTsvc\ <<Deze map
C:\PROGRAM FILES\WEB_REBATES\ <<Deze map
C:\PROGRAM FILES\WINAD CLIENT\ <<Deze map
C:\WINDOWS\CRPA.EXE <<Dit bestand
C:\WINDOWS\SYSTEM\CROE.EXE <<Dit bestand
C:\WINDOWS\JAVAIT.EXE <<Dit bestand
C:\WINDOWS\SYSTEM\CRPZ32.EXE <<Dit bestand
C:\WINDOWS\JAVAIW32.EXE <<Dit bestand

6. Voer nog eens CWShredder uit.. Gewoon voor de zekerheid :)

7. Reboot in 'normale modus' en post hier een nieuw logje
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan Onderaan