Vraag & Antwoord

Beveiliging & privacy

Hardnekkig about:blank hijack, kan iemand het logje cecken?

5 antwoorden
  • Kan iemand even kijken wat er in dit geval moet gebeuren. Ik heb sphfix geprobeert evenals cwschredder maar bij iedere reboot wordt de hijack weer geinstaleerd. Ik doe ergens iets fout, zou iemand kunnen aangeven welke stappen ik precies moet volgen? Alvast bedankt, hier volgt de log na de spybot run: Logfile of HijackThis v1.99.1 Scan saved at 17:33:16, on 14/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\shnlog.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\intmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\system32\LogFiles\A7271900.so C:\WINDOWS\popuper.exe C:\WINDOWS\system32\intmonp.exe C:\DOCUME~1\GUYBOW~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp950C.tmp O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\system32\msmsgs.exe O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3EEAFA-6311-4A99-8512-37B09261A7C9}: NameServer = 80.225.252.178 80.225.252.186 O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • Print deze instructies uit of sla ze op in een kladblokbestand en plaatst dit op je bureaublad. Je hebt HijackThis gestart vanuit de zip in je Temp-map. Unzip HijackThis, en plaats HijackThis.exe in een eigen map (vb.: c:\hijackthis). Start HijackThis uit deze map. De reden hiervoor is dat HijackThis backups maakt van de sleutels die je verwijdert, en misschien kunnen we deze backups wel eens een keer nodig hebben. In je Temp-map gaan deze backups heel makkelijk verloren. Download [url=http://noahdfear.geekstogo.com/click%20counter/click.php?id=1]smitRem.exe[/url]. Pak alle bestanden uit op je bureaublad. Download, installeer en update de free trial versie van [url=http://www.ewido.net/en/download/]Ewido Security Suite[/url]. Tijdens de installatie, onder "Additional Options", haal je de vinkjes weg bij "Install background guard" en "Install scan via context menu". Als je Ewido voor de eerste keer start, zal je een foutmelding krijgen "Database could not be found!". Deze melding is normaal. Klik op "OK". In het hoofdscherm van Ewido, klik je op "Update" in het linkse menu, en vervolgens op de knop "Start update". Als de updates gedaan zijn, zal er op de status bar beneden "Update successful" staan. Sluit Ewido. Laat het nog [b:a947ae1bb4]niet[/b:a947ae1bb4] scannen. Als je Adaware SE nog niet geïnstalleerd hebt, download, installeer en update het dan volgens de richtlijnen die je [url=http://users.pandora.be/marcvn/spyware/1414188.htm] hier[/url] kan vinden. Gebruik het programma nog niet. Start je computer op in [url=http://users.pandora.be/marcvn/spyware/1378056.htm]veilige modus[/url]. Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items: [b:a947ae1bb4]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bestwebslinks.com/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bestwebslinks.com/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bestwebslinks.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.bestwebslinks.com/ F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hp950C.tmp O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)[/b:a947ae1bb4] Open de smitrem-map op je bureaublad, en dubbelklik op RunThis.bat. Volg de aanwijzigingen op het scherm. Je bureaublad en ikoontjes zullen even verdwijnen en daarna terug verschijnen, dit is normaal. Wacht tot het tooltje zijn werk heeft gedaan en Disk Cleanup afgelopen is. Dit kan enige tijd duren, dus wees geduldig. Voer een volledige scan uit met Adaware en verwijder alles wat gevonden wordt. Open Ewido Security Suite. klik op "Scanner". Klik op "complete system scan". Laat het programma je pc scannen. Tijdens de scan zal je gevraagd worden of je de gevonden bestanden wil verwijderen. Klik dan op "OK". Als de scan beëindigd is, zal je een knop zien "Bewaar rapport". Klik op Bewaar rapport en sla het rapport op, op je bureaublad. Sluit Ewido af. Ga naar Start - Configuratiescherm - Beeldscherm - tabblad Bureaublad - klik op de knop "Bureaublad aanpassen" - tabblad Website. Haal indien nog aanwezig het vinkje weg bij "Security Info". Herstart je computer in normale modus. Doe een online scan via [url=http://www.pandasoftware.com/activescan/com/activescan_principal.htm]Panda's online virus scan[/url]. Als je de mogelijkheid krijgt om dit logje op te slaan doe je dit. Herstart De computer. Maak een nieuw HijackThislog en post deze. Post het logje van de online-scan. Post ook het rapport (logje) van Ewido. Zoek naar c:\smitfiles.txt en post de inhoud van dit bestand ook. Vertel even hoe de situatie nu is.
  • Ok, het duurde even maar het is gelukt. T ziet er naar uit dat alles weg is. Hier zijn de logs: Logfile of HijackThis v1.99.1 Scan saved at 21:45:08, on 14/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\WINDOWS\Explorer.EXE C:\HT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAgentExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B0A2C7FC-8666-44D6-A990-2FCE3B933341} (ING Bank Autorisatiescherm) - https://secure.ingbank.nl/download/DigiSign.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,23/mcgdmgr.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FA3EEAFA-6311-4A99-8512-37B09261A7C9}: NameServer = 80.225.252.178 80.225.252.186 O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 20:46:56, 14/08/2005 + Report-Checksum: BD3D8304 + Scan result: :mozilla.20:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.21:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.22:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.23:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.24:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.25:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.26:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup :mozilla.29:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.30:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup :mozilla.38:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup :mozilla.44:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.45:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup :mozilla.46:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.47:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.57:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup :mozilla.68:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.69:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.70:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup :mozilla.73:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup :mozilla.74:C:\Documents and Settings\Guy Bowen\Application Data\Mozilla\Firefox\Profiles\bmakua9l.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup C:\FINDnFIX\Files2\un.exe -> Spyware.Hijacker.Generic : Cleaned with backup C:\HT\backups\backup-20050814-200311-272.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gba1865.exe -> Dialer.Generic : Cleaned with backup C:\WINDOWS\Downloaded Program Files\gba1865.exe -> Dialer.Generic : Cleaned with backup ::Report End Incident Status Location Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys smitRem log file version 2.3 by noahdfear The current date is: 14/08/2005 The current time is: 20:07:52.03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ShudderLTD key present! Running LTDFix! ShudderLTD key was successfully removed! :) Pre-run Files Present ~~~ Program Files ~~~ PSGuard ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ adult cars sexual life shopping job search.url poker.url Online Gambling.url online dating.url Black Jack Online.url Online Pharmacy\Adipex.url Black Jack Online.url Home Loan.url Network Security.url Online Dating.url Online Pharmacy.url Remove Spyware.url Spam Filters.url Take It Here - Free * TGP.url Web Detective.url Online Gambling folder Online Pharmacy folder ~~~ system32 folder ~~~ oleext.dll wppp.html intmonp.exe msmsgs.exe ole32vbs.exe shnlog.exe intmon.exe hhk.dll logfiles ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ sites.ini popuper.exe ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) Heb je enig idee waar het vandaan is gekomen zodat ik kan voorkomen dat het weer gebeurt? Wellicht een suggestie voor een goed progje ter preventie? In ieder geval heel erg bedankt!
  • [quote:cce96e3c6e="Fritsie"] Heb je enig idee waar het vandaan is gekomen zodat ik kan voorkomen dat het weer gebeurt? Wellicht een suggestie voor een goed progje ter preventie?[/quote:cce96e3c6e] Waarschijnlijk op één van de 'duistere' sites van het internet. (Crackje gezocht misschien?) Logjes zien er goed uit. Deze bestanden mag je nog verwijderen: C:\WINDOWS\smdat32m.sys C:\WINDOWS\system32\hp950C.tmp Lukt het niet, dan meld je je even terug. Heb je nog problemen?
  • Alles werkt weer als vanouds, thnx a lot! :lol:

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.