Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijacklog for smitfraud

Started by aircase , Apr 30 2005 05:27 PM

  • Please log in to reply

#1
aircase
Posted 30 April 2005 - 05:27 PM

aircase

    New Member

  • Member
  • Pip
  • 1 posts
Request actions to solve smitfraud trojan.
Logfile of HijackThis v1.99.1
Scan saved at 1:14:48, on 1-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\system32\pavsrv.exe
E:\Program Files\Web_Rebates\WebRebates0.exe
E:\temp\msbb.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\System32\emakesv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Spamihilator\spamihilator.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\AVENGINE.EXE
E:\PROGRA~1\INCRED~1\bin\IMApp.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Program Files\Web_Rebates\WebRebates1.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\MSN Apps\Updater\01.02.3000.1001\nl\msnappau.exe
E:\WINDOWS\system32\r?ndll32.exe
E:\Documents and Settings\CEES\Mijn documenten\From the Web\Software\Hijack
This\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www
searching-4u.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.searching...search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www
searching-4u.com/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.searching...search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina =
file:///E:/Program%20Files/eMakeSV/Portal/portal.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InterPay Shared Browser Helper Object -
{43872F3D-F7C8-4fa6-BE94-B3C263C1E2A9} - E:\WINDOWS\System32\BhoIPay.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
E:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {89DA58B1-E50D-CFD2-2227-E75B542834E8} -
E:\WINDOWS\System32\fcy.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN
Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
e:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program
Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll
NvStartup
O4 - HKLM\..\Run: [WebRebates0] "E:\Program Files\Web_Rebates\WebRebates0
exe"
O4 - HKLM\..\Run: [msbb] e:\temp\msbb.exe
O4 - HKLM\..\Run: [gvov] e:\windows\gvov.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [eMakeSV] E:\WINDOWS\System32\emakesv.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32
exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [IncrediMail] E:\Program Files\IncrediMail\bin\IncMail.exe
/c
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Spamihilator] "E:\Program Files\Spamihilator\spamihilator
exe"
O4 - HKCU\..\RunOnce: [Srv32 spool service] E:\WINDOWS\System32\spoolsrv32
exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://e:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Alle links in deze pagina openen... -
E:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blokkeer alle plaatjes afkomstig van dezelfde
server - E:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://e:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://e:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Markeren - E:\Program Files\Avant
Browser\Highlight.htm
O8 - Extra context menu item: Opgeslagen momentopname van de pagina -
res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Toevoegen aan Reclame Black List - E:\Program
Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Web Rebates - file://E:\Program
Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Zoeken - E:\Program Files\Avant Browser\Search
htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
E:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4
2_03\bin\npjpi142_03.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS
EXE
O9 - Extra button: Microsoft AntiSpyware helper -
{9A539D09-4FAA-485A-B48C-6711B87A7BE8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{9A539D09-4FAA-485A-B48C-6711B87A7BE8} - (no file) (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.netpaloffers
net/NetpalOffers/DMO1/shnahiatt.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...ers/MetaStream3
cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?1&4&04.00
07.02&http://www.toyota.com/rav4/ext360.html
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public
windupdates.com/get_file
php?bt=ie&p=f000cfd84064750d9ff670ca95bb207a82492892b3b9ab0b150d34825d6c1f4fa
5632c97c7c30f0d562bb0995df42c0e856e17f438bb38f5ace6de305:6a2feff70aa50e4b3d9d
f067011f31e
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static
windupdates.com/cab/6247971CanadaInc/ie/bridge-c5.cab
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk
com/php/hwsoliii_scecab_81.68.254.33.910310954429568844_6017279.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner
MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -
http://www.webshots....SDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai
net/7/1540/52/20040105/qtinstall.info.apple
com/mickey/nl/win/QuickTimeFullInstaller.exe
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) -
http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft
com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098535776796
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) -
http://www.xxxtoolba...006_regular.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} (DialXSCtl Object) -
http://dialxs.nl/install/dialxs.ocx
O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper
Object) - http://kitcentral.wanadoo
nl/download/install/win32/nl/instwact/instwact.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-downlo....cab?refid=4746
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader)
- http://community.web...otoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) - http://messenger.msn
com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload
Component) - http://f010.mail.lyc...ileUploader.cab
O16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -
https://www.p3.postb...l/GTO/PBGNX.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) -
http://www.sponsorad...bTelecomInt.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
http://www2.incredim...er/imloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
E:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software -
E:\WINDOWS\SYSTEM32\pavsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP