Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Spy.HTML.Smitfraud.c

Started by Matz , Apr 18 2005 07:27 AM

  • This topic is locked This topic is locked

#1
Matz
Posted 18 April 2005 - 07:27 AM

Matz

    New Member

  • Member
  • Pip
  • 6 posts
Hi,
I've had a very nasty blue screen telling me that I now had a computer infected with smitfraud.c, "A fatal error in IE has occured at .... Error was caused by Trojan-Spy.HTML.Smitfraud.c". I constantly get internet popups, warning popups and have a lot of 'shameless' internet links on my desktop.
When I wanted to remove that (obviously), I removed some files and keys that are also mentioned in other smitfraud topics. Probably not the smartest thing to do though... now I'm confused (and know that I really am a newbie and need help from people who know what they are talking about). My desktop is now 'unlocked', but the popups and links still remain.

I removed Security iGuard, wp.exe, and wp.bmp. I ran Adaware, removed some cookies, that's all, then ran spybot S&D. That came with a problem concerning a registry change made to HKEY_USERS\S-1-5-18\Software\microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3. This was also the case for the directories S-1-5-19, S-1-5-20, S-1-5-21, and DEFAULT. I fixed that.
Still suffering from popups.

I hope I didn't make a fatal error and that someone is able to help me out!

Kind regards,

Thijs

Logfile of HijackThis v1.99.1
Scan saved at 15:26:22, on 18-4-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0352/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
  • 0

Advertisements

#2
Rawe
Posted 18 April 2005 - 07:38 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi there.
With SpyBot, you should download all available Beta- updates,
and UNcheck all Ignore Products from Ignore products - list in SpyBot.
Then, you should check all important updates from Windowsupdate if you don't have automatic updates - setting on. Also, if you have free version of Ad-aware (SE personal), check for updates with it. (Latest definitions are updated at 15.04)
Then run the full system scan..
Do you have the latest build?
And what comes to your HiJackThis - log, i can't help you with it cause i don't know the product..
These Hijackthis forums are very busy, so you could follow these instructions from this topic;
http://www.geekstogo...ons-t16830.html
and post fresh ad-aware log to Lavasoft support - category.
Thanks,

- Rawe :tazz:
  • 0

#3
Matz
Posted 18 April 2005 - 11:46 AM

Matz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Rawe,

Finally I got internet back for the moment (another problem).

With spybot I unchecked all the Ignore Products from Ignore products - list. Scan came up with the same item as mentioned in the first poste. Didn't do anything about it, because it will come back anyhow.
I've followed the guidelines on the ad-aware usage and have a log-file. Also this item repeats in every new scan.

Furthermore I installed a available update for windows, but that didn't matter as I rebooted and then went on with spybot and ad-aware with the problems mentioned above.
Thanks,

Thijs


Ad-Aware SE Build 1.05
Logfile Created on:maandag 18 april 2005 17:54:36
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:41 %
Total physical memory:458224 kb
Available physical memory:185644 kb
Total page file size:1082816 kb
Available on page file:887084 kb
Total virtual memory:2097024 kb
Available virtual memory:2047992 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects


18-4-2005 17:54:36 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 492
ThreadCreationTime : 18-4-2005 15:51:41
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 556
ThreadCreationTime : 18-4-2005 15:51:45
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 580
ThreadCreationTime : 18-4-2005 15:51:45
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 624
ThreadCreationTime : 18-4-2005 15:51:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Services en controllertoepassingen
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 636
ThreadCreationTime : 18-4-2005 15:51:45
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 804
ThreadCreationTime : 18-4-2005 15:51:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 880
ThreadCreationTime : 18-4-2005 15:51:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1076
ThreadCreationTime : 18-4-2005 15:51:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1132
ThreadCreationTime : 18-4-2005 15:51:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1264
ThreadCreationTime : 18-4-2005 15:51:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1484
ThreadCreationTime : 18-4-2005 15:51:53
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [btwdins.exe]
ModuleName : C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
Command Line : "C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe"
ProcessID : 1496
ThreadCreationTime : 18-4-2005 15:51:53
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Support Server
InternalName : BTWDIns
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTWDIns.EXE

#:13 [matlabserver.exe]
ModuleName : C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
Command Line : C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
ProcessID : 1532
ThreadCreationTime : 18-4-2005 15:51:53
BasePriority : Normal


#:14 [matlab.exe]
ModuleName : c:\matlab6p5\bin\win32\matlab.exe
Command Line : c:\matlab6p5\bin\win32\matlab.exe /Automation -Embedding
ProcessID : 1700
ThreadCreationTime : 18-4-2005 15:51:54
BasePriority : Normal
FileVersion : 6.0.0.180601
ProductVersion : 6.0.0.180601
ProductName : MATLAB
CompanyName : The MathWorks Inc.
FileDescription : matlab
InternalName : matlab
LegalCopyright : Copyright © 2002
LegalTrademarks : MATLAB® is a registered trademark of The MathWorks, Inc.
OriginalFilename : matlab.exe

#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 448
ThreadCreationTime : 18-4-2005 15:52:00
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Verkenner
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : EXPLORER.EXE

#:16 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RunDll32.exe
Command Line : "C:\WINDOWS\System32\RunDll32.exe" cmicnfg.cpl,CMICtrlWnd
ProcessID : 640
ThreadCreationTime : 18-4-2005 15:52:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Een DLL-bestand als toepassing starten
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : RUNDLL.EXE

#:17 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 744
ThreadCreationTime : 18-4-2005 15:52:00
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:18 [datala~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Command Line : "C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE"
ProcessID : 832
ThreadCreationTime : 18-4-2005 15:52:00
BasePriority : Normal
FileVersion : 5, 0, 2, 561
ProductVersion : 5, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:19 [trayap~1.exe]
ModuleName : C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
Command Line : "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE"
ProcessID : 848
ThreadCreationTime : 18-4-2005 15:52:00
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 0
ProductName : Nokia Tray Application
FileDescription : Nokia Tray Application
InternalName : Nokia Tray Application
LegalCopyright : Copyright © 2001 - 2004 Nokia. All Rights Reserved.
OriginalFilename : TrayApplication.EXE

#:20 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 864
ThreadCreationTime : 18-4-2005 15:52:00
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:21 [bttray.exe]
ModuleName : C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
Command Line : "C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe"
ProcessID : 972
ThreadCreationTime : 18-4-2005 15:52:01
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTTray.exe

#:22 [servic~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
Command Line : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE -Embedding
ProcessID : 1052
ThreadCreationTime : 18-4-2005 15:52:01
BasePriority : Normal
FileVersion : 6, 0, 9, 0
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:23 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[370]SUSDS2248021efc25ee4da03bcddab8604d9d
ProcessID : 360
ThreadCreationTime : 18-4-2005 15:52:45
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Besturingssysteem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Automatische updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Alle rechten voorbehouden.
OriginalFilename : wuauclt.exe

#:24 [btstac~1.exe]
ModuleName : C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
Command Line : C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE -Embedding
ProcessID : 400
ThreadCreationTime : 18-4-2005 15:52:47
BasePriority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Stack COM Server
InternalName : BTStackServer
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTStackServer.exe

#:25 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1424
ThreadCreationTime : 18-4-2005 15:54:25
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-329068152-651377827-725345543-1004\Software\Microsoft\Internet Explorer\MainStart Pagehotoffers.info

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.hotoffers...s.info/ad0352/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-329068152-651377827-725345543-1004\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.hotoffers...s.info/ad0352/"

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

18:05:37 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:00.656
Objects scanned:286070
Objects identified:1
Objects ignored:0
New critical objects:1
  • 0

#4
Rawe
Posted 18 April 2005 - 11:58 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Erm..
Did i ask you to post your ad-aware log to THIS "thread" ?
..
  • 0

#5
Matz
Posted 18 April 2005 - 12:16 PM

Matz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Erm.... You did actually.
I've posted a new topic in the adaware thread.

That doesn't mean though that my problems are solved! If there is anyone able to see what the problem is by reading the hjt-log that would be great.
Thanx,

Thijs
  • 0

#6
ScHwErV
Posted 18 April 2005 - 01:17 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
User being helped here.

http://www.geekstogo...showtopic=17755

Thread closed.

ScHwErV :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP