Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hardnekkig about:blank hijack, kan iemand het logje cecken?

M@rc
5 antwoorden
  • Kan iemand even kijken wat er in dit geval moet gebeuren. Ik heb sphfix geprobeert evenals cwschredder maar bij iedere reboot wordt de hijack weer geinstaleerd. Ik doe ergens iets fout, zou iemand kunnen aangeven welke stappen ik precies moet volgen?

    Alvast bedankt, hier volgt de log na de spybot run:

    Logfile of HijackThis v1.99.1
    Scan saved at 17:33:16, on 14/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\shnlog.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\intmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\system32\LogFiles\A7271900.so
    C:\WINDOWS\popuper.exe
    C:\WINDOWS\system32\intmonp.exe
    C:\DOCUME~1\GUYBOW~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
    O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp950C.tmp
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe
    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
    pjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
    pjpi142_03.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3EEAFA-6311-4A99-8512-37B09261A7C9}: NameServer = 80.225.252.178 80.225.252.186
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
  • Print deze instructies uit of sla ze op in een kladblokbestand en plaatst dit op je bureaublad.

    Je hebt HijackThis gestart vanuit de zip in je Temp-map. Unzip HijackThis, en plaats HijackThis.exe in een eigen map (vb.: c:\hijackthis). Start HijackThis uit deze map. De reden hiervoor is dat HijackThis backups maakt van de sleutels die je verwijdert, en misschien kunnen we deze backups wel eens een keer nodig hebben. In je Temp-map gaan deze backups heel makkelijk verloren.

    Download smitRem.exe.
    Pak alle bestanden uit op je bureaublad.

    Download, installeer en update de free trial versie van Ewido Security Suite.

    Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu".
    Als je Ewido voor de eerste keer start, zal je een foutmelding krijgen "Database could not be found!". Deze melding is normaal. Klik op "OK".
    In het hoofdscherm van Ewido, klik je op "Update" in het linkse menu, en vervolgens op de knop "Start update".
    Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan.
    Sluit Ewido. Laat het nog [b:a947ae1bb4]niet[/b:a947ae1bb4] scannen.

    Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen
    die je hier kan vinden.
    Gebruik het programma nog niet.

    Start je computer op in veilige modus.

    Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

    [b:a947ae1bb4]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/
    F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
    O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp950C.tmp
    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)[/b:a947ae1bb4]

    Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm.
    Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal.
    Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig.

    Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt.

    Open Ewido Security Suite.
    klik op "Scanner".
    Klik op "complete system scan".
    Laat het programma je pc scannen.

    Tijdens de scan zal je gevraagd worden of je de gevonden bestanden wil verwijderen. Klik dan op "OK".
    Als de scan beëindigd is, zal je een knop zien "Bewaar rapport".
    Klik op Bewaar rapport en sla het rapport op, op je bureaublad.
    Sluit Ewido af.


    Ga naar Start - Configuratiescherm - Beeldscherm - tabblad Bureaublad - klik op de knop "Bureaublad aanpassen" - tabblad Website. Haal indien nog aanwezig het vinkje weg bij "Security Info".

    Herstart je computer in normale modus.

    Doe een online scan via Panda's online virus scan.
    Als je de mogelijkheid krijgt om dit logje op te slaan doe je dit.

    Herstart De computer.
    Maak een nieuw HijackThislog en post deze.
    Post het logje van de online-scan.
    Post ook het rapport (logje) van Ewido.
    Zoek naar c:\smitfiles.txt en post de inhoud van dit bestand ook.
    Vertel even hoe de situatie nu is.
  • Ok, het duurde even maar het is gelukt. T ziet er naar uit dat alles weg is.

    Hier zijn de logs:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:45:08, on 14/08/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\HT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
    pjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
    pjpi142_03.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3EEAFA-6311-4A99-8512-37B09261A7C9}: NameServer = 80.225.252.178 80.225.252.186
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe


    ———————————————————
    ewido security suite - Scan report
    ———————————————————

    + Created on: 20:46:56, 14/08/2005
    + Report-Checksum: BD3D8304

    + Scan result:

    :mozilla.20:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
    :mozilla.46:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
    :mozilla.57:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
    :mozilla.73:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    C:\FINDnFIX\Files2\un.exe -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\HT\backups\backup-20050814-200311-272.dll -> Spyware.Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gba1865.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\gba1865.exe -> Dialer.Generic : Cleaned with backup


    ::Report End




    Incident Status Location

    Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys




    smitRem log file
    version 2.3

    by noahdfear

    The current date is: 14/08/2005
    The current time is: 20:07:52.03

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ShudderLTD key present! Running LTDFix!

    ShudderLTD key was successfully removed! :)


    Pre-run Files Present


    ~~~ Program Files ~~~

    PSGuard


    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~

    adult
    cars
    sexual life
    shopping
    job search.url
    poker.url
    Online Gambling.url
    online dating.url
    Black Jack Online.url
    Online Pharmacy\Adipex.url
    Black Jack Online.url
    Home Loan.url
    Network Security.url
    Online Dating.url
    Online Pharmacy.url
    Remove Spyware.url
    Spam Filters.url
    Take It Here - Free * TGP.url
    Web Detective.url
    Online Gambling folder
    Online Pharmacy folder


    ~~~ system32 folder ~~~

    oleext.dll
    wppp.html
    intmonp.exe
    msmsgs.exe
    ole32vbs.exe
    shnlog.exe
    intmon.exe
    hhk.dll
    logfiles


    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~

    sites.ini
    popuper.exe


    ~~~ Drive root ~~~

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Post-run Files Present


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Wininet.dll ~~~

    CLEAN! :)


    Heb je enig idee waar het vandaan is gekomen zodat ik kan voorkomen dat het weer gebeurt? Wellicht een suggestie voor een goed progje ter preventie?

    In ieder geval heel erg bedankt!
  • [quote:cce96e3c6e="Fritsie"]
    Heb je enig idee waar het vandaan is gekomen zodat ik kan voorkomen dat het weer gebeurt? Wellicht een suggestie voor een goed progje ter preventie?[/quote:cce96e3c6e]

    Waarschijnlijk op één van de 'duistere' sites van het internet. (Crackje gezocht misschien?)

    Logjes zien er goed uit.
    Deze bestanden mag je nog verwijderen:
    C:\WINDOWS\smdat32m.sys
    C:\WINDOWS\system32\hp950C.tmp

    Lukt het niet, dan meld je je even terug.

    Heb je nog problemen?
  • Alles werkt weer als vanouds, thnx a lot! :lol:

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.