Vraag & Antwoord
Pop ups en spyware en trojan-meldingen van antivirus....
1 antwoord
- Hoi,
Sinds ik Bitgrabber had geïnstalleerd begon m'n F-secure de ene melding na de andere te geven over spyware en trojans…Onmiddellijk Bitgrabber er terug afgegooid via uninstall en move on boot op andere progs die ik herkende van bitgrabber.
Heb hierna hitmanpro laten lopen, volledige virusscan (f-secure en cure it) gedaan, ccleaner, en zoveel mogelijk moves on boot (Gipo@Utillities) op alle files die F-secure antivirus er zelf niet afkreeg of kon isoleren. Ook heb ik Smitfraudfix in veilige modus laten lopen, en nog steeds blijf ik irritante pop ups, foutmeldingen, alsook meldingen van trojan en spyware krijgen.
Hieronder een logfile van hijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 11:16:21, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\FSGK32.EXE
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fssm32.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FCH32.EXE
C:\Program Files\Telenet Internet Security Pack\Common\FAMEH32.EXE
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsqh.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsrw.exe
C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
C:\Program Files\Telenet Internet Security Pack\FSPC\fspc.exe
C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsav32.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE
C:\Program Files\LNM Client\Client.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\wes\steam.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TELENE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
C:\Program Files\Telenet Internet Security Pack\FSGUI\fsguidll.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\weazle\Bureaublad\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {124B5174-B651-4276-5106-9A744F53AA9B} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AdsManager Class - {D1C8F9CE-563E-11D8-813C-005022E14DE3} - C:\Program Files\LNM Client\AddAPI.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telenet Internet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telenet Internet Security Pack\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Telenet Internet Security Pack\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Spam Internet Flag Hide] C:\Documents and Settings\All Users\Application Data\Logo 16 Spam Internet\bike tons.exe
O4 - HKCU\..\Run: [LNM Client] "C:\Program Files\LNM Client\Client.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\wes\steam.exe" -silent
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: Telenet Internet Security Pack.lnk = C:\Program Files\Telenet Internet Security Pack\backweb\3638286\Program\fspex.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Deze pop-up blokkeren - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Telenet Internet Security Pack\FSPC\fspcmsie.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: IE-shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-shield… - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Telenet Internet Security Pack\Anti-Spyware\ieshield.dll
O9 - Extra button: LNM Client - {5D602A21-B929-11d7-A5D3-005022E14DE3} - www.lnm.eu (file missing)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://weazle69.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4932/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Telenet Internet Security Pack (BackWeb Plug-in - 3638286) - BackWeb Technologies Inc. - C:\PROGRA~1\TELENE~1\backweb\3638286\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Telenet Internet Security Pack\backweb\3638286\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Telenet Internet Security Pack\Common\FSMA32.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
En eentje van deljob:
——————————————————–
BACKUPS CREATED in C:\DELJOB
AFEFC91591CC40A9.job
——————————————————–
FILES IN TASKS FOLDER
Scheduled scanning task.job
——————————————————–
EXPORT APP DATA FOLDERS
——————————————————–
Het volume in station C heeft geen naam.
Het volumenummer is 60A3-0C5D
Map van C:\Documents and Settings\weazle\Application Data
30/12/2006 04:39 <DIR> Adobe
23/01/2007 03:34 <DIR> ATI
23/01/2007 01:24 <DIR> BSplayer
23/01/2007 03:05 <DIR> DoesBall
30/12/2006 04:27 <DIR> F-Secure
22/01/2007 17:45 <DIR> Help
30/12/2006 04:39 <DIR> INTERT~1 InterTrust
23/01/2007 00:58 <DIR> Lavasoft
30/12/2006 06:17 <DIR> MACROM~1 Macromedia
30/12/2006 05:28 <DIR> Mozilla
30/12/2006 03:08 <DIR> OFFICE~1 OfficeUpdate12
06/01/2007 05:23 <DIR> PCTOOL~1 PC Tools
12/01/2007 23:03 <DIR> Real
13/01/2007 09:23 <DIR> Skype
30/12/2006 07:01 <DIR> Sun
0 bestand(en) 0 bytes
15 map(pen) 4.434.968.576 bytes beschikbaar
Het volume in station C heeft geen naam.
Het volumenummer is 60A3-0C5D
Map van C:\Documents and Settings\All Users\Application Data
17/01/2007 17:15 <DIR> F-Secure
11/01/2007 06:19 456 HPZINS~1.LOG hpzinstall.log
23/01/2007 02:30 <DIR> LOGO16~1 Logo 16 Spam Internet
05/01/2007 22:10 <DIR> MESSEN~1 Messenger Plus!
09/01/2007 16:21 <DIR> Skype
23/01/2007 03:10 <DIR> SPYBOT~1 Spybot - Search & Destroy
23/01/2007 02:22 <DIR> TEMP
08/01/2007 03:13 <DIR> WINDOW~1 Windows Genuine Advantage
1 bestand(en) 456 bytes
7 map(pen) 4.434.968.576 bytes beschikbaar
——————————————————–
Daarstraks gaf ie zelfs in het opstartmenu: slave not detected, press F4 to abort. No boot record found on drive. Drive error. Na drie harde resets (stopcontact uittrekken) kreeg ik 'm terug aan de praat.
Kan iemand me uit de nood helpen aub, want ik vrees dat het van kwaad naar erger aan't gaan is. (Hopelijk houdt 'ie 't nog zolang dat ik nog op't net kan, lol).
Thx anyways…
Wes
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.