Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hoe krijg ik het alsnog weg?

None
36 antwoorden
  • Hey,
    Ik wordt nu helemaal gek hier. Mijn pc heeft spyware en het gaat maar niet weg:
    Ik heb hitmanpro laten lopen en die verwijdert een heel hoop spyware
    daarna heb ik arovax antispyware laten lopen en die verwijdert dan de rest.
    Maar de spyware gaat niet weg zegmaar, want als ik die antispyware programma weer laat lopen na 5 min zie ik nog steeds dat ene bestand in mijn register ssqro.dll en dat troep in mijn cookies.


    Hoe krijg ik de spyware weg? want mijn antispyware programma vindt ze wel en beweert ze ook te verwijderen..maar als ik na m'n scan nog een keer laat lopen vindt hij ze weer terug
  • Plaats even een hijackthis log (zie spyware faq), dan kijkt er wel even een liefhebber naar.
  • Download [b:ce7b6df5e7]VirtumundoBegone[/b:ce7b6df5e7], sla dit op op je bureaublad.

    Start de computer in veilige modus.

    Dubbelklik op [b:ce7b6df5e7]VirtumundoBeGone.exe[/b:ce7b6df5e7] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op naar normale modus.
    Plaats de inhoud van het logbestand [b:ce7b6df5e7]VBG.TXT[/b:ce7b6df5e7], dat nu op je bureaublad staat, hier in je volgende bericht.

    Download: [b:ce7b6df5e7]RemoveVideoActiveXObject.exe[/b:ce7b6df5e7][/color:ce7b6df5e7]
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.

    Er zal een schermpje openen, daarin zullen snel enkele regels voorbijkomen, daarna zal dit scherm vanzelf sluiten, dit is normaal.
    [b:ce7b6df5e7]Mogelijk[/b:ce7b6df5e7] start er ook een uninstaller van een rogue scanner op, [b:ce7b6df5e7]sluit deze niet af[/b:ce7b6df5e7] maar volg eventuele aanwijzingen en laat deze zijn werk doen.

    Daarna de [b:ce7b6df5e7]PC herstarten[/b:ce7b6df5e7] en nogmaals RemoveVideoActiveXObject.exe dubbelklikken.
    Zoek daarna even het volgende bestand op C:\[b:ce7b6df5e7]RVAXO-results.log[/b:ce7b6df5e7]
    Dubbelklik dit bestand, het zal als een logje openen, post de inhoud in je volgende bericht tesamen met een logje van HijackThis.
  • ik had trouwens een ander prog laten lopen en dit was de uitslag:

    [img:93ecb25ddf]http://img474.imageshack.us/img474/9692/kkrotzooitl0.jpg[/img:93ecb25ddf]

    onderin staat dat iemand een bestand in mijjn pc heeft geplaatst waardoor hij makkelijk in mijn pc kan :x

    hoe kan ik dit oplossen?


    Logfile of HijackThis v1.99.1
    Scan saved at 16:08:17, on 18-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\UMUT~1.UMU\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu…?1175890710046
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Heb je virtumundobegone al geprobeerd?
  • dat zal ik nu proberen


    dits overgins wat ik had met reglooks:

    REGLOOKS logfile

    version 0.971
    vr 18-05-2007 16:25:42,20
    running from: "C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Bureaublad"

    — SSODL regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    only standard or legit regkeys found


    — STS regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
    only standard or legit regkeys found


    — USERINIT regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


    — SHELL regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "Shell"="Explorer.exe"


    — SYSTEM regkey —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    "System"=""


    — APPINIT_DLLS regkey —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "AppInit_DLLs"=""


    — NOTIFY regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    "ssqro" "DllName"="C:\\WINDOWS\\system32\\ssqro.dll"


    — RUN / LOAD regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "load"=""


    — BOOTEXECUTE regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    BootExecute= autocheck autochk *\0\0


    — PENDINGFILERENAMEOPERATIONS regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
    Pendingfilerenameoperations= \??\C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip\0\0\??\C:\Program Files\Java\jre1.5.0_11\lib\ext\TBM27.tmp\0\??\C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip\0\0


    — SHELLEXECUTEHOOKS regkey —

    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{56238299-39F1-4E9A-95CE-80F2E02D7A74}"=""


    — AUTORUN regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
    "AutoRun"=""


    — HKLM\Run regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "Arovax AntiSpyware"="C:\\Program Files\\Arovax AntiSpyware\\arovaxantispyware.exe /s"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    [Run\OptionalComponents]
    [Run\OptionalComponents\IMAIL]
    "Installed"="1"
    [Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"
    [Run\OptionalComponents\MSFS]
    "Installed"="1"


    — HKLM\RunOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKLM RunOnce keys found


    — HKLM\RunOnceEx regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    no HKLM RunOnceEx keys found


    — HKLM\RunServices regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKLM\RunServicesOnce regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKCU\Run regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"


    — HKCU\RunOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    no HKCU RunOnce keys found


    — HKCU\RunOnceEx regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    regkey does not exist


    — HKCU\RunServices regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    regkey does not exist


    — HKCU\RunServicesOnce regkeys —

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    regkey does not exist


    — HKU\.DEFAULT\Run regkeys —

    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


    — HKU\S-1-5-18\Run regkeys —

    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


    — HKU\S-1-5-19\Run regkeys —

    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


    — HKU\S-1-5-20\Run regkeys —

    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"


    — HKLM\Explorer\Run regkeys —

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — HKCU\Explorer\Run regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    regkey does not exist


    — Image File Execution regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
    no debuggers found


    — BROWSER HELPER OBJECTS regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" FILE ="C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\ActiveX\\AcroIEHelper.ocx"
    "{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll"
    "{55DB983C-BDBF-426f-86F0-187B02DDA39B}" FILE ="C:\\WINDOWS\\system32\\tuuanvjh.dll"
    "{56238299-39F1-4E9A-95CE-80F2E02D7A74}" FILE ="C:\\WINDOWS\\system32\\fccddba.dll"
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\ssv.dll"
    "{7E853D72-626A-48EC-A868-BA8D5E23E045}" regkey not found (ERROR)
    "{ECAE72A2-098A-4B40-ACDC-E46ABA112EFA}" FILE ="C:\\WINDOWS\\system32\\ssqro.dll"


    — TOOLBAR regkeys —

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
    no toolbars found


    — URLSEARCHHOOKS regkeys —

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
    regkey does not exist


    — CONTEXTMENUHANDLERS regkeys —

    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
    "BriefcaseMenu" CLSID ={85BBD920-42A0-1069-A2E4-08002B30309D} FILE ="syncui.dll"
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
    "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
    "ZLAVShExt" CLSID ={D9872D13-7651-4471-9EEE-F0A00218BEBB} FILE ="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlavscan.dll"
    "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

    HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
    "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
    "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
    "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

    HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
    "BriefcaseMenu" CLSID ={85BBD920-42A0-1069-A2E4-08002B30309D} FILE ="syncui.dll"
    "NetWareUNCMenu" CLSID ={e3f2bac0-099f-11cf-8daa-00aa004a5691} FILE ="nwprovau.dll"
    "WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
    "ZLAVShExt" CLSID ={D9872D13-7651-4471-9EEE-F0A00218BEBB} FILE ="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlavscan.dll"


    — ALTERNATESHELL regkey —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
    "AlternateShell"="cmd.exe"


    — SAFEBOOT MINIMAL SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
    sdauxservice
    sdcoreservice


    — SAFEBOOT NETWORK SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
    sdauxservice
    sdcoreservice


    — SERVICES —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\61883
    "DisplayName"="61883-eenheidsapparaat"
    system32\DRIVERS\61883.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Adobe LM Service
    "DisplayName"="Adobe LM Service"
    "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avc
    "DisplayName"="AVC-apparaat"
    system32\DRIVERS\avc.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CCDECODE
    "DisplayName"="Closed Caption-decoder"
    system32\DRIVERS\CCDECODE.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLEDX
    "DisplayName"="Team H2O CLEDX service"
    system32\DRIVERS\cledx.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmuda
    "DisplayName"="C-Media WDM Audio Interface"
    system32\drivers\cmuda.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidusb
    "DisplayName"="Microsoft HID Class-stuurprogramma"
    system32\DRIVERS\hidusb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IKFileFlt
    "DisplayName"="File Filter Driver"
    system32\drivers\ikfileflt.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IKFileSec
    "DisplayName"="File Security Driver"
    system32\drivers\ikfilesec.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IkSysFlt
    "DisplayName"="System Filter Driver"
    system32\drivers\iksysflt.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IKSysSec
    "DisplayName"="System Security Driver"
    system32\drivers\iksyssec.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iPod Service
    "DisplayName"="iPod-service"
    "C:\Program Files\iPod\bin\iPodService.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irsir
    "DisplayName"="Microsoft-stuurprogramma voor serieel infraroodapparaat"
    system32\DRIVERS\irsir.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KLIF
    "DisplayName"="KLIF"
    \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid
    "DisplayName"="Stuurprogramma voor muis-HID"
    system32\DRIVERS\mouhid.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE
    "DisplayName"="Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma"
    system32\drivers\MSTEE.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NABTSFEC
    "DisplayName"="NABTS/FEC VBI Codec"
    system32\DRIVERS\NABTSFEC.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation
    "DisplayName"="Clientservice voor NetWare"
    %SystemRoot%\system32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkIpx
    "DisplayName"="NWLink IPX/SPX/NetBIOS-compatibel transportprotocol"
    system32\DRIVERS
    wlnkipx.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkNb
    "DisplayName"="NWLink NetBIOS"
    system32\DRIVERS
    wlnknb.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkSpx
    "DisplayName"="NWLink SPX/SPXII-protocol"
    system32\DRIVERS
    wlnkspx.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWRDR
    "DisplayName"="NetWare Rdr"
    system32\DRIVERS
    wrdr.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ps_1394
    "PrependDeviceNameToDisplayName"=dword:00000000
    System32\Drivers\ps_1394.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ps_avs
    System32\Drivers\ps_avs.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    "DisplayName"="Remote Registry"
    %SystemRoot%\system32\svchost.exe -k LocalService

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rtl8139
    "DisplayName"="NT-stuurprogramma voor Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter"
    system32\DRIVERS\RTL8139.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdAuxService
    "DisplayName"="Spyware Doctor Auxiliary Service"
    C:\Program Files\Spyware Doctor\svcntaux.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdCoreService
    "DisplayName"="Spyware Doctor Service"
    C:\Program Files\Spyware Doctor\swdsvc.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\serenum
    "DisplayName"="Serenum Filter-stuurprogramma"
    system32\DRIVERS\serenum.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLIP
    "DisplayName"="BDA Slip De-Framer"
    system32\DRIVERS\SLIP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd
    System32\Drivers\sptd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSFS0509
    "DisplayName"="Spy Sweeper File System Filer Driver: 0509"
    SYSTEM32\Drivers\SSFS0509.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSHRMD
    "DisplayName"="Spy Sweeper Hookrack MiniDriver"
    SYSTEM32\Drivers\SSHRMD.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSIDRV
    "DisplayName"="Spy Sweeper Interdiction Driver"
    SYSTEM32\Drivers\SSIDRV.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSKBFD
    "DisplayName"="Webroot Spy Sweeper Keylogger Shield Keyboard Filter"
    System32\Drivers\sskbfd.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StarWindService
    "DisplayName"="StarWind iSCSI Service"
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\streamip
    "DisplayName"="BDA IPSink"
    system32\DRIVERS\StreamIP.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmcomm
    "DisplayName"="tmcomm"
    \??\C:\WINDOWS\system32\drivers\tmcomm.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbaudio
    "DisplayName"="Stuurprogramma voor USB-audio (WDM)"
    system32\drivers\usbaudio.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp
    "DisplayName"="Microsoft generiek hoofd-USB-stuurprogramma"
    system32\DRIVERS\usbccgp.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint
    "DisplayName"="Microsoft USB PRINTER Class"
    system32\DRIVERS\usbprint.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnjsvc
    "DisplayName"="Messenger USN Journal Reader service voor Gedeelde mappen"
    "C:\Program Files\MSN Messenger\usnsvc.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant
    "DisplayName"="vsdatant"
    System32\vsdatant.sys

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsmon
    "DisplayName"="TrueVector Internet Monitor"
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebrootSpySweeperService
    "DisplayName"="Webroot Spy Sweeper Engine"
    "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi
    "DisplayName"="Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation"
    %SystemRoot%\System32\svchost.exe -k netsvcs

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSTCODEC
    "DisplayName"="World Standard Teletext-codec"
    system32\DRIVERS\WSTCODEC.SYS

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{502981BF-1684-4180-ABD3-1894E0713258}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{7057EA91-B22B-42C5-B275-4F23E3069331}
    no imagepath value found

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{90B16F43-4A55-40FF-BD74-0CC1FD8B6166}
    no imagepath value found


    — SECURITYPROVIDERS regkey —

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    — SVCHOST regkey —

    HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
    HTTPFilter: HTTPFilter\0\0
    LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService: DnsCache\0\0
    netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
    DcomLaunch: DcomLaunch\0TermService\0\0
    rpcss: RpcSs\0\0
    imgsvc: StiSvc\0\0
    termsvcs: TermService\0\0
    WudfServiceGroup: WUDFSvc\0\0


    — WOW-CMDLINE regkeys —

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
    "cmdline" = %SystemRoot%\system32
    tvdm.exe
    "wowcmdline" = %SystemRoot%\system32
    tvdm.exe -a %SystemRoot%\system32\krnl386


    — STARTUP FOLDERS —

    C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Menu Start\Programma's\Opstarten\Adobe Gamma.lnk
    C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.lnk
    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\desktop.ini
    C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Microsoft Office.lnk


    — TASK SCHEDULER JOBS —

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job


    — File associations —

    .BAT files: ("%1" %*)
    .COM files: ("%1" %*)
    .EXE files: ("%1" %*)
    .HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
    .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
    .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
    .PIF files: ("%1" %*)
    .REG files: (regedit.exe "%1")
    .SCR files: ("%1" /S)
    .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
    .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


    FINISHED
  • De infectie die je had was mij al duidelijk, daarom postte ik meteen een fix :)
  • smeenk, als ik mijn pc wil starten met veilige modus, dan start di eniet op :(

    hij blijft dan hangen tijdens het opstarten..ik zie dan enkel zwart beeld met een knipperend grijsstreepje..dit beeld bleef ik 10 min houden:(

    moet ik langer wachten of is er een ander mogelijkheid?
  • Probeer dan maar in normale modus, vaak wil dat ook wel ;)
  • dit is 1:


    [05/18/2007, 17:23:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Bureaublad\VirtumundoBeGone.exe" )
    [05/18/2007, 17:23:54] - Detected System Information:
    [05/18/2007, 17:23:54] - Windows Version: 5.1.2600, Service Pack 2
    [05/18/2007, 17:23:55] - Current Username: Umut (Admin)
    [05/18/2007, 17:23:55] - Windows is in SAFE mode with Networking.
    [05/18/2007, 17:23:55] - Searching for Browser Helper Objects:
    [05/18/2007, 17:23:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/18/2007, 17:23:55] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/18/2007, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:55] - Checking for HKLM\…\Winlogon\Notify\SDHelper
    [05/18/2007, 17:23:55] - Key not found: HKLM\…\Winlogon\Notify\SDHelper, continuing.
    [05/18/2007, 17:23:55] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/18/2007, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:55] - Checking for HKLM\…\Winlogon\Notify\tuuanvjh
    [05/18/2007, 17:23:55] - Key not found: HKLM\…\Winlogon\Notify\tuuanvjh, continuing.
    [05/18/2007, 17:23:55] - BHO 4: {56238299-39F1-4E9A-95CE-80F2E02D7A74} ()
    [05/18/2007, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:55] - Checking for HKLM\…\Winlogon\Notify\fccddba
    [05/18/2007, 17:23:55] - Found: HKLM\…\Winlogon\Notify\fccddba - This is probably Virtumundo.
    [05/18/2007, 17:23:55] - Assigning {56238299-39F1-4E9A-95CE-80F2E02D7A74} MSEvents Object
    [05/18/2007, 17:23:55] - BHO list has been changed! Starting over…
    [05/18/2007, 17:23:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/18/2007, 17:23:55] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/18/2007, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:55] - Checking for HKLM\…\Winlogon\Notify\SDHelper
    [05/18/2007, 17:23:55] - Key not found: HKLM\…\Winlogon\Notify\SDHelper, continuing.
    [05/18/2007, 17:23:55] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/18/2007, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:55] - Checking for HKLM\…\Winlogon\Notify\tuuanvjh
    [05/18/2007, 17:23:55] - Key not found: HKLM\…\Winlogon\Notify\tuuanvjh, continuing.
    [05/18/2007, 17:23:55] - BHO 4: {56238299-39F1-4E9A-95CE-80F2E02D7A74} (MSEvents Object)
    [05/18/2007, 17:23:55] - ALERT: Found MSEvents Object!
    [05/18/2007, 17:23:55] - BHO 5: {6457D54F-DC06-423D-A30F-C8B16077259A} ()
    [05/18/2007, 17:23:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:55] - Checking for HKLM\…\Winlogon\Notify\ssqro
    [05/18/2007, 17:23:55] - Found: HKLM\…\Winlogon\Notify\ssqro - This is probably Virtumundo.
    [05/18/2007, 17:23:56] - Assigning {6457D54F-DC06-423D-A30F-C8B16077259A} MSEvents Object
    [05/18/2007, 17:23:56] - BHO list has been changed! Starting over…
    [05/18/2007, 17:23:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/18/2007, 17:23:56] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/18/2007, 17:23:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:56] - Checking for HKLM\…\Winlogon\Notify\SDHelper
    [05/18/2007, 17:23:56] - Key not found: HKLM\…\Winlogon\Notify\SDHelper, continuing.
    [05/18/2007, 17:23:56] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/18/2007, 17:23:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:56] - Checking for HKLM\…\Winlogon\Notify\tuuanvjh
    [05/18/2007, 17:23:56] - Key not found: HKLM\…\Winlogon\Notify\tuuanvjh, continuing.
    [05/18/2007, 17:23:56] - BHO 4: {56238299-39F1-4E9A-95CE-80F2E02D7A74} (MSEvents Object)
    [05/18/2007, 17:23:56] - ALERT: Found MSEvents Object!
    [05/18/2007, 17:23:56] - BHO 5: {6457D54F-DC06-423D-A30F-C8B16077259A} (MSEvents Object)
    [05/18/2007, 17:23:56] - ALERT: Found MSEvents Object!
    [05/18/2007, 17:23:56] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/18/2007, 17:23:56] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/18/2007, 17:23:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:56] - No filename found. Continuing.
    [05/18/2007, 17:23:56] - Finished Searching Browser Helper Objects
    [05/18/2007, 17:23:56] - *** Detected MSEvents Object
    [05/18/2007, 17:23:56] - Trying to remove MSEvents Object…
    [05/18/2007, 17:23:57] - Terminating Process: IEXPLORE.EXE
    [05/18/2007, 17:23:58] - Terminating Process: RUNDLL32.EXE
    [05/18/2007, 17:23:58] - Disabling Automatic Shell Restart
    [05/18/2007, 17:23:58] - Terminating Process: EXPLORER.EXE
    [05/18/2007, 17:23:58] - Suspending the NT Session Manager System Service
    [05/18/2007, 17:23:58] - Terminating Windows NT Logon/Logoff Manager
    [05/18/2007, 17:23:59] - Re-enabling Automatic Shell Restart
    [05/18/2007, 17:23:59] - File to disable: C:\WINDOWS\system32\fccddba.dll
    [05/18/2007, 17:23:59] - Removing HKLM\…\Browser Helper Objects\{56238299-39F1-4E9A-95CE-80F2E02D7A74}
    [05/18/2007, 17:23:59] - Removing HKCR\CLSID\{56238299-39F1-4E9A-95CE-80F2E02D7A74}
    [05/18/2007, 17:23:59] - Adding Kill Bit for ActiveX for GUID: {56238299-39F1-4E9A-95CE-80F2E02D7A74}
    [05/18/2007, 17:23:59] - Deleting ATLEvents/MSEvents Registry entries
    [05/18/2007, 17:23:59] - Removing HKLM\…\Winlogon\Notify\fccddba
    [05/18/2007, 17:23:59] - Searching for Browser Helper Objects:
    [05/18/2007, 17:23:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/18/2007, 17:23:59] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/18/2007, 17:23:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:59] - Checking for HKLM\…\Winlogon\Notify\SDHelper
    [05/18/2007, 17:23:59] - Key not found: HKLM\…\Winlogon\Notify\SDHelper, continuing.
    [05/18/2007, 17:23:59] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/18/2007, 17:23:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:59] - Checking for HKLM\…\Winlogon\Notify\tuuanvjh
    [05/18/2007, 17:23:59] - Key not found: HKLM\…\Winlogon\Notify\tuuanvjh, continuing.
    [05/18/2007, 17:23:59] - BHO 4: {6457D54F-DC06-423D-A30F-C8B16077259A} (MSEvents Object)
    [05/18/2007, 17:23:59] - ALERT: Found MSEvents Object!
    [05/18/2007, 17:23:59] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/18/2007, 17:23:59] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/18/2007, 17:23:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:23:59] - No filename found. Continuing.
    [05/18/2007, 17:23:59] - Finished Searching Browser Helper Objects
    [05/18/2007, 17:23:59] - *** Detected MSEvents Object
    [05/18/2007, 17:23:59] - Trying to remove MSEvents Object…
    [05/18/2007, 17:24:00] - Terminating Process: IEXPLORE.EXE
    [05/18/2007, 17:24:00] - Terminating Process: RUNDLL32.EXE
    [05/18/2007, 17:24:00] - Disabling Automatic Shell Restart
    [05/18/2007, 17:24:00] - Terminating Process: EXPLORER.EXE
    [05/18/2007, 17:24:00] - Suspending the NT Session Manager System Service
    [05/18/2007, 17:24:00] - Terminating Windows NT Logon/Logoff Manager
    [05/18/2007, 17:24:00] - Re-enabling Automatic Shell Restart
    [05/18/2007, 17:24:00] - File to disable: C:\WINDOWS\system32\ssqro.dll
    [05/18/2007, 17:24:01] - Renaming C:\WINDOWS\system32\ssqro.dll -> C:\WINDOWS\system32\ssqro.dll.vir
    [05/18/2007, 17:24:01] - File successfully renamed!
    [05/18/2007, 17:24:01] - Removing HKLM\…\Browser Helper Objects\{6457D54F-DC06-423D-A30F-C8B16077259A}
    [05/18/2007, 17:24:01] - Removing HKCR\CLSID\{6457D54F-DC06-423D-A30F-C8B16077259A}
    [05/18/2007, 17:24:01] - Adding Kill Bit for ActiveX for GUID: {6457D54F-DC06-423D-A30F-C8B16077259A}
    [05/18/2007, 17:24:01] - Deleting ATLEvents/MSEvents Registry entries
    [05/18/2007, 17:24:01] - Removing HKLM\…\Winlogon\Notify\ssqro
    [05/18/2007, 17:24:01] - Searching for Browser Helper Objects:
    [05/18/2007, 17:24:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/18/2007, 17:24:01] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/18/2007, 17:24:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:24:01] - Checking for HKLM\…\Winlogon\Notify\SDHelper
    [05/18/2007, 17:24:01] - Key not found: HKLM\…\Winlogon\Notify\SDHelper, continuing.
    [05/18/2007, 17:24:01] - BHO 3: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/18/2007, 17:24:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:24:01] - Checking for HKLM\…\Winlogon\Notify\tuuanvjh
    [05/18/2007, 17:24:01] - Key not found: HKLM\…\Winlogon\Notify\tuuanvjh, continuing.
    [05/18/2007, 17:24:01] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/18/2007, 17:24:01] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [05/18/2007, 17:24:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/18/2007, 17:24:01] - No filename found. Continuing.
    [05/18/2007, 17:24:01] - Finished Searching Browser Helper Objects
    [05/18/2007, 17:24:01] - Finishing up…
    [05/18/2007, 17:24:01] - A restart is needed.
    [05/18/2007, 17:24:11] - Attempting to Restart via STOP error (Blue Screen!)
  • er start btw geen programma als ik RemoveVideoActiveXObject.exe aanzet..nadat het zwarte balk weg is..dan gebeurd er niets meer

    moet ik dan zelf restarten?
  • —————-RemoveVideoActiveXObject.exe first run————-

    Files found:

    C:\WINDOWS\system32\ssqro.dll.vir
    C:\WINDOWS\system32\orqss.ini2
    C:\WINDOWS\system32\orqss.bak1
    C:\WINDOWS\system32\orqss.bak2
    C:\WINDOWS\system32\wudb.dll

    Uninstallers Rogue scanners:


    Folders Found:


    ————–RemoveVideoActiveXObject.exe last run—————

    Files found:


    Uninstallers Rogue scanners:


    Folders Found:



    Logfile of HijackThis v1.99.0
    Scan saved at 17:59:43, on 18-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\DOCUME~1\UMUT~1.UMU\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\tuuanvjh.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175890710046
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: iPod-service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service - Unknown - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • Doe de volgende stappen:

    1. Download ATF cleaner (gemaakt door Atribune)
    Dubbelklik op ATF cleaner om het programma te starten.
    Op het tabblad "Main", plaats je een vinkje bij [b:a1db5ee1b3]Select All[/b:a1db5ee1b3].
    Klik op de knop [b:a1db5ee1b3]Empty Selected[/b:a1db5ee1b3].

    Het volgende doen als je ook FireFox als browser hebt:
    Klik op tabblad "Firefox", plaats een vinkje bij [b:a1db5ee1b3]Select All[/b:a1db5ee1b3].
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    (dit haalt het vinkje weer weg bij "Firefox saved passwords")
    Klik op de knop [b:a1db5ee1b3]Empty Selected[/b:a1db5ee1b3].

    Het volgende doen als je ook Opera als browser hebt:
    Klik op tabblad "Opera", plaats een vinkje bij [b:a1db5ee1b3]Select All[/b:a1db5ee1b3].
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
    Klik op de knop [b:a1db5ee1b3]Empty Selected[/b:a1db5ee1b3].
    Ga naar het tabblad "Main" en klik op de knop [b:a1db5ee1b3]Exit[/b:a1db5ee1b3] om het programma af te sluiten.

    2. Download [b:a1db5ee1b3]Dr.Web CureIt[/b:a1db5ee1b3] naar je bureaublad:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    3. Start de computer in veilige modus.

    4. Dubbelklik [b:a1db5ee1b3]drweb-cureit.exe[/b:a1db5ee1b3] en sta het toe om de express scan te starten.
    Dit zal de bestanden scannen die momenteel in het geheugen geladen zijn en wanneer er iets gevonden wordt, klik de Yes to all knop bij de vraag 'cure it?'. Dit is enkel een korte scan.
    Eenmaal de korte scan is beeïndigd, Klik [b:a1db5ee1b3]Options[/b:a1db5ee1b3] > Change Settings
    Kies de "Scan"-tab en verwijder het vinkje bij "Heuristic analyse"
    Terug in het hoofdvenster kan je de drives selecteren die je wilt laten scannen.
    Selecteer hier alle drives. Een rood bolletje zal dan tevoorschijn komen op de drives die je laat scannen.
    Klik daarna de [b:a1db5ee1b3]groene pijl[/b:a1db5ee1b3] rechts om de scan te starten.
    Klik 'Yes to all' wanneer er gevraagd wordt om cure of move uit te voeren.
    Wanneer de scan gedaan is, kijk of je volgende icoontje kan aanklikken dat staat naast hetgeen gevonden werd: [img:a1db5ee1b3]http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif[/img:a1db5ee1b3]
    Indien wel, klik erop en daarna klik op het icoontje er net onder en kies: [b:a1db5ee1b3]Move incurable[/b:a1db5ee1b3] zoals je zal zien in volgende afbeelding:
    [img:a1db5ee1b3]http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif[/img:a1db5ee1b3]
    Dit zal de bestanden verplaatsen naar volgende map %userprofile%\DoctorWeb\quarantaine-folder indien het niet gedesinfecteerd kan worden. (dit in het geval dat we samples nodig hebben)
    Na bovenstaande te selecteren, in het menu bovenaan van Dr.Web CureIt, klik [b:a1db5ee1b3]file[/b:a1db5ee1b3] en kies [b:a1db5ee1b3]save report list[/b:a1db5ee1b3]. Bewaar de log op je bureaublad.
    Sluit daarna Dr.Web Cureit.

    5. [b:a1db5ee1b3]Herstart[/b:a1db5ee1b3] je computer in normale modus!! Belangrijke stap, want het kan zijn dat Dr.Web Cureit bestanden zal verplaatsen/verwijderen tijdens herstart.
    Na het herstarten, Kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post tesamen met een logje van Hijackthis ;)
  • Is het trouwens normaal dat mijn pc uit het niets restart? Dit overkomt mij elke dag zo een beetje


    Logfile of HijackThis v1.99.0
    Scan saved at 20:40:37, on 18-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\DOCUME~1\UMUT~1.UMU\LOCALS~1\Temp\Rar$EX01.688\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\tuuanvjh.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175890710046
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: iPod-service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service - Unknown - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




    tuuanvjh.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
    bmhyupjm.dll;C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Local Settings\Temp;Trojan.Virtumod;Deleted.;
    nyceqntd.dll;C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Local Settings\Temp;Trojan.Juan;Deleted.;
    qllsrasx.dll;C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Local Settings\Temp;Trojan.Virtumod;Deleted.;
    A0109951.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP102;Trojan.Ads;Deleted.;
    A0112001.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP102;Trojan.Virtumod;Deleted.;
    A0113006.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP102;Trojan.Ads;Deleted.;
    A0113007.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP102;Trojan.Virtumod;Deleted.;
    A0114013.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP103;Trojan.Ads;Deleted.;
    A0114014.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP103;Trojan.Virtumod;Deleted.;
    A0114201.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP104;Trojan.Ads;Deleted.;
    A0114205.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP104;Trojan.Virtumod;Deleted.;
    A0114270.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP104;Trojan.Ads;Deleted.;
    A0114278.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP104;Trojan.Virtumod;Deleted.;
    A0114371.dll;C:\System Volume Information\_restore{EB45199C-E37B-42F1-9DFE-9E104A096F53}\RP104;Trojan.Virtumod;Deleted.;
    aixuahko.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    d4xofa.dll;C:\WINDOWS\system32;Trojan.Ads;Deleted.;
    geeba.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    ghfpqldl.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    ohtefiep.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    ooktfvrp.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    pmnno.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
    pmvjkjfu.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
  • Download [b:9c8e990123]Combofix[/b:9c8e990123] naar je bureaublad.
    Dubbelklik [b:9c8e990123]combofix.exe[/b:9c8e990123]
    Volg de instructies.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post ;)
  • alstublieft :)

    "Umut" - 2007-05-18 21:26:52 Service Pack 2
    ComboFix 07-05.17.6.V - Running from: "C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Bureaublad\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\install.log


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))


    2007-05-18 18:54 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\DoctorWeb
    2007-05-18 17:57 29,693 –a—— C:\WINDOWS\system32\RemoveVideoActiveXObject.reg
    2007-05-18 17:57 <DIR> d——– C:\WINDOWS\system32\RVAXO
    2007-05-18 17:21 <DIR> d——– C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\Webroot
    2007-05-18 17:19 <DIR> d——– C:\WINDOWS\pss
    2007-05-18 16:04 <DIR> d——– C:\HJT
    2007-05-17 14:17 <DIR> d——– C:\Program Files\Arovax AntiSpyware
    2007-05-15 12:50 <DIR> d——– C:\Program Files\DkZ Studio
    2007-05-15 11:18 33,792 –a—— C:\WINDOWS\system32\drivers\cledx.sys
    2007-05-15 11:17 704,512 –a—— C:\WINDOWS\system32\SYNSOACC.dll
    2007-05-15 11:17 45,056 –a—— C:\WINDOWS\system32\Synsopos.exe
    2007-05-15 11:17 16,896 –a—— C:\WINDOWS\system32\drivers\synasUSB.sys
    2007-05-15 11:17 147,456 –a—— C:\WINDOWS\system32\SynsoLChk.dll
    2007-05-15 11:17 <DIR> d——– C:\Program Files\Syncrosoft
    2007-05-13 12:03 83,536 –a—— C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-05-13 12:03 626,688 –a—— C:\WINDOWS\system32\msvcr80.dll
    2007-05-13 12:03 59,984 –a—— C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-05-13 12:03 52,304 –a—— C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-05-13 12:03 39,248 –a—— C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-05-13 12:03 26,064 –a—— C:\WINDOWS\system32\drivers\kcom.sys
    2007-05-13 12:03 <DIR> d——– C:\Program Files\Spyware Doctor
    2007-05-13 12:03 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\PC Tools
    2007-05-10 18:34 512 –a—— C:\ScanSectorLog.dat
    2007-05-10 18:01 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\MailFrontier
    2007-05-10 17:51 7,662,624 –ahs—- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-05-10 17:51 280,352 –ahs—- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-05-10 17:42 4,212 —h—– C:\WINDOWS\system32\zllictbl.dat
    2007-05-10 17:41 75,512 –a—— C:\WINDOWS\zllsputility.exe
    2007-05-10 17:41 11,264 –a—— C:\WINDOWS\system32\SpOrder.dll
    2007-05-10 17:40 1,087,216 –a—— C:\WINDOWS\system32\zpeng24.dll
    2007-05-10 17:40 <DIR> d——– C:\WINDOWS\system32\ZoneLabs
    2007-05-10 17:39 <DIR> d——– C:\WINDOWS\Internet Logs
    2007-05-10 16:17 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\.housecall6.6
    2007-05-10 15:09 <DIR> d——– C:\Program Files\Lavasoft
    2007-05-10 11:27 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Lavasoft
    2007-05-10 11:23 <DIR> d——– C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Webroot
    2007-05-10 11:22 22,080 –a—— C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-05-10 11:22 21,056 –a—— C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-05-10 11:22 20,544 –a—— C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-05-10 11:22 164 –a—— C:\install.dat
    2007-05-10 11:22 144,960 –a—— C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-05-10 11:22 <DIR> d——– C:\Program Files\Webroot
    2007-05-10 11:22 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Webroot
    2007-05-10 11:21 <DIR> d——– C:\Program Files\SpywareBlaster
    2007-05-10 11:21 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Webroot
    2007-05-10 11:09 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2007-05-09 15:01 71,680 –a—— C:\WINDOWS\g16723265.exe
    2007-05-09 14:41 71,680 –a—— C:\WINDOWS\g15520828.exe
    2007-05-09 14:19 71,680 –a—— C:\WINDOWS\g14198859.exe
    2007-05-09 13:57 71,680 –a—— C:\WINDOWS\g12879187.exe
    2007-05-09 13:35 71,680 –a—— C:\WINDOWS\g11557812.exe
    2007-05-09 13:23 71,680 –a—— C:\WINDOWS\g10839125.exe
    2007-05-09 13:15 71,680 –a—— C:\WINDOWS\g10340062.exe
    2007-05-09 12:55 71,680 –a—— C:\WINDOWS\g9138078.exe
    2007-05-09 12:05 71,680 –a—— C:\WINDOWS\g6137578.exe
    2007-05-09 11:43 71,680 –a—— C:\WINDOWS\g4817390.exe
    2007-05-09 00:32 71,680 –a—— C:\WINDOWS\g2693906.exe
    2007-05-09 00:12 71,680 –a—— C:\WINDOWS\g1491328.exe
    2007-05-08 23:54 71,680 –a—— C:\WINDOWS\g408890.exe
    2007-05-07 00:20 <DIR> d——– C:\Program Files\The Little App Factory
    2007-05-07 00:09 <DIR> d——– C:\Program Files\EphPod
    2007-05-06 16:39 <DIR> d——– C:\Program Files\Ahead
    2007-04-30 17:53 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Media Player Classic
    2007-04-30 17:52 765,952 –a—— C:\WINDOWS\system32\xvidcore.dll
    2007-04-30 17:52 73,728 –a—— C:\WINDOWS\system32\dpl100.dll
    2007-04-30 17:52 639,066 –a—— C:\WINDOWS\system32\divx.dll
    2007-04-30 17:52 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
    2007-04-30 17:52 217,088 –a—— C:\WINDOWS\system32\yv12vfw.dll
    2007-04-30 17:52 200,704 –a—— C:\WINDOWS\system32\ssldivx.dll
    2007-04-30 17:52 196,608 –a—— C:\WINDOWS\system32\dtu100.dll
    2007-04-30 17:52 180,224 –a—— C:\WINDOWS\system32\xvidvfw.dll
    2007-04-30 17:52 10,752 –a—— C:\WINDOWS\system32\ff_vfw.dll
    2007-04-30 17:52 1,565,480 –a—— C:\WINDOWS\system32\wmv9vcm.dll
    2007-04-30 17:52 1,044,480 –a—— C:\WINDOWS\system32\libdivx.dll
    2007-04-30 17:52 <DIR> d——– C:\Program Files\K-Lite Codec Pack
    2007-04-30 17:52 <DIR> d——– C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Real
    2007-04-30 17:52 <DIR> d——– C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real
    2007-04-30 17:50 <DIR> d——– C:\My Downloads
    2007-04-30 17:34 86,016 –a—— C:\WINDOWS\unvise32qt.exe
    2007-04-30 17:34 <DIR> d——– C:\WINDOWS\system32\QuickTime
    2007-04-22 12:39 665,424 –a—— C:\WINDOWS\system32\wmv8dmoe.dll
    2007-04-22 12:39 572,752 –a—— C:\WINDOWS\system32\wmvdmoe.dll
    2007-04-22 12:39 438,608 –a—— C:\WINDOWS\system32\wmv8dmod.dll
    2007-04-22 12:39 1,683,792 –a—— C:\WINDOWS\system32\wmvcore2.dll
    2007-04-20 14:55 <DIR> d——– C:\Program Files\Common Files\Wise Installation Wizard
    2007-04-18 18:34 <DIR> d——– C:\WINDOWS\Downloaded Installations
    2007-04-18 16:12 <DIR> d——– C:\Program Files\Omerta Script
    2007-04-18 16:01 <DIR> d——– C:\Program Files\mIRC


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-05-18 14:42:57 ——– d—–w C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Azureus
    2007-05-18 11:33:54 ——– d—–w C:\Program Files\iTunes
    2007-05-18 11:32:57 ——– d—–w C:\Program Files\iPod
    2007-05-18 11:24:05 ——– d—–w C:\Program Files\QuickTime
    2007-05-17 14:24:21 ——– d—–w C:\Program Files\Hitman Pro
    2007-05-15 10:48:50 737,280 —-a-w C:\WINDOWS\iun6002.exe
    2007-05-14 11:52:01 ——– d—–w C:\Program Files\Mediafour
    2007-05-14 11:45:42 ——– d—–w C:\Program Files\PokerStars
    2007-05-09 15:55:02 ——– d—–w C:\Program Files\VstPlugins
    2007-05-07 13:02:49 ——– d—–w C:\Program Files\Waves
    2007-05-06 15:51:41 ——– d—–w C:\Program Files\PKR
    2007-04-30 15:39:39 ——– d—–w C:\Program Files\Apple Software Update
    2007-04-22 10:50:13 ——– d—–w C:\Program Files\coolpro2
    2007-04-10 18:57:54 ——– d—–w C:\Program Files\Audacity
    2007-04-08 13:06:04 ——– d—–w C:\Program Files\Messenger
    2007-04-08 13:02:38 70,008 —-a-w C:\WINDOWS\system32\perfc013.dat
    2007-04-08 13:02:38 443,060 —-a-w C:\WINDOWS\system32\perfh013.dat
    2007-04-08 12:57:10 ——– d—–w C:\Program Files\MSXML 4.0
    2007-04-06 19:42:00 ——– d—–w C:\Program Files\PokerStars.NET
    2007-04-06 19:38:28 ——– d—–w C:\Program Files\PartyGaming
    2007-04-06 19:38:14 ——– d—–w C:\Program Files\C-Media 3D Audio
    2007-04-06 19:37:53 ——– d—–w C:\Program Files\C-Media 3D Audio(2)
    2007-03-23 15:25:43 ——– d—–w C:\Program Files\Steinberg
    2007-03-21 22:30:53 ——– d—–w C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Apple Computer
    2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 17:43:09 ——– d—–w C:\DOCUME~1\UMUT~1.UMU\APPLIC~1\Syntrillium
    2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
    2007-03-03 19:51:16 671 —-a-w C:\WINDOWS\mozver.dat
    2007-03-01 21:33:34 0 —-a-w C:\WINDOWS
    sreg.dat
    2007-03-01 20:35:12 577,165 —-a-w C:\WINDOWS\Audio Damage VST plug-ins Uninstaller.exe
    2007-03-01 18:31:37 21,748 —-a-w C:\WINDOWS\system32\emptyregdb.dat
    2007-02-28 17:58:19 0 –sha-r C:\MSDOS.SYS
    2007-02-28 17:58:19 0 –sha-r C:\IO.SYS
    2007-02-28 17:58:19 0 —-a-w C:\CONFIG.SYS
    2007-02-28 17:58:19 0 —-a-w C:\AUTOEXEC.BAT
    2007-02-05 20:20:07 185,344 —-a-w C:\WINDOWS\system32\upnphost.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 17:39]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "Arovax AntiSpyware"="C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" [2007-05-27 16:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]


    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 nwprovau
    Security Packages kerberos msv1_0 schannel wdigest
    Notification Packages scecli

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HTTPFilter HTTPFilter
    LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
    NetworkService DnsCache
    DcomLaunch DcomLaunch TermService
    rpcss RpcSs
    imgsvc StiSvc
    termsvcs TermService
    WudfServiceGroup WUDFSvc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

    *newlycreated* -PROCEXP90

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    ********************************************************************

    catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-18 21:32:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-18 21:34:57
    C:\ComboFix-quarantined-files.txt … 2007-05-18 21:34


    — E O F —
  • Download [b:0045e62ade]OTMoveIt.exe[/b:0045e62ade] en plaats het op je bureaublad: [b:0045e62ade]OTMoveIt.exe[/color:0045e62ade][/b:0045e62ade]
    Open OTMoveIt.exe.
    In het linkerpaneel, waar staat: "Paste List of Files/Folders to be Moved" ,kopieer en plak je onderstaand vetgedrukt tekst:

    [b:0045e62ade]C:\WINDOWS\g16723265.exe
    C:\WINDOWS\g15520828.exe
    C:\WINDOWS\g14198859.exe
    C:\WINDOWS\g12879187.exe
    C:\WINDOWS\g11557812.exe
    C:\WINDOWS\g10839125.exe
    C:\WINDOWS\g10340062.exe
    C:\WINDOWS\g9138078.exe
    C:\WINDOWS\g6137578.exe
    C:\WINDOWS\g4817390.exe
    C:\WINDOWS\g2693906.exe
    C:\WINDOWS\g1491328.exe
    C:\WINDOWS\g408890.exe [/b:0045e62ade]

    Daarna klik je op de [b:0045e62ade]MoveIt[/b:0045e62ade] knop onderaan.
    Wanneer het programma voltooid is zal het een log aanmaken (********_******.log – de * staat voor datum en tijd) in volgende map: C:\_OTMoveIt\[b:0045e62ade]MovedFiles[/b:0045e62ade]\
    Kopieer en plak de inhoud van die log in je volgende post.

    Doe een online scan via Panda's online virus scan.
    Als de scan voltooid is, kan je op de pagina die je dan te zien krijgt, op een button klikken om een logje van de scan te zien.
    Sla dit logje op je bureaublad op.
    Post het logje van Panda in je volgende bericht ;)
  • sorry dat het zo lang heeft geduurd, maar gister had ik die panda prog anderhalf uur lopen toen reboote mij pc weer eens.
    Ik moet strax werken en ben rond kwart voor 6 thuis, dan zal ik het nog eens laten lopen!
  • Incident Status Location

    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[stat.onestat.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.weborama.fr/]
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.adultfriendfinder.com/]
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[stats1.reliablestats.com/]
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.bs.serving-sys.com/]
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.burstnet.com/]
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.com.com/]
    Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.metriweb.be/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.overture.com/]
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.perf.overture.com/]
    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.realmedia.com/]
    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.revenue.net/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.xiti.com/]
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[.yadro.ru/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[server.iad.liveperson.net/hc/34854471]
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Application Data\Mozilla\Firefox\Profiles\j6p2jdum.default\cookies.txt[www.burstbeacon.com/]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Bureaublad\ComboFix.exe[ComboFixT
    ircmd.exe]
    Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Umut.UMUT-63E9AD4C7E\Cookies\umut@weborama[1].txt
    Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Arovax AntiSpyware\quarantine\archive 18.05.2007 20-50-25.dat
    Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Arovax AntiSpyware\quarantine\archive 19.05.2007 18-03-29.dat
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS
    ircmd.exe
    Spyware:Cookie/Falkag Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.as-eu.falkag.net/]
    Spyware:Cookie/BurstNet Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.burstnet.com/]
    Spyware:Cookie/Casalemedia Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.casalemedia.com/]
    Spyware:Cookie/Falkag Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.as-us.falkag.net/]
    Spyware:Cookie/Maxserving Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.maxserving.com/]
    Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.statcounter.com/]
    Spyware:Cookie/Yadro Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.yadro.ru/]
    Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.uol.com.br/]
    Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[ad.yieldmanager.com/]
    Spyware:Cookie/MetriWeb Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.metriweb.be/]
    Spyware:Cookie/onestat.com Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[stat.onestat.com/]
    Spyware:Cookie/Serving-sys Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.serving-sys.com/]
    Spyware:Cookie/WUpd Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.revenue.net/]
    Spyware:Cookie/Searchportal Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[searchportal.information.com/]
    Spyware:Cookie/Belnk Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.belnk.com/]
    Spyware:Cookie/Com.com Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.com.com/]
    Spyware:Cookie/Xiti Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.xiti.com/]
    Spyware:Cookie/bravenetA Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.bravenet.com/]
    Spyware:Cookie/Hbmediapro Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.adopt.hbmediapro.com/]
    Spyware:Cookie/RealMedia Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.realmedia.com/]
    Spyware:Cookie/cs.sexcounter Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.cs.sexcounter.com/]
    Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.zedo.com/]
    Spyware:Cookie/fe.lea.lycos Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[fe.lea.lycos.es/]
    Spyware:Cookie/Toplist Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.toplist.cz/]
    Spyware:Cookie/Hypercount Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.hypercount.com/]
    Spyware:Cookie/2o7 Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.2o7.net/]
    Spyware:Cookie/PointRoll Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.ads.pointroll.com/]
    Spyware:Cookie/CentrPort Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.centrport.net/]
    Spyware:Cookie/Tradedoubler Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.tradedoubler.com/]
    Spyware:Cookie/Tribalfusion Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.tribalfusion.com/]
    Spyware:Cookie/Versiontracker Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.versiontracker.com/]
    Spyware:Cookie/Adserver Not disinfected F:\Documents and Settings\Umut\Application Data\Mozilla\Firefox\Profiles\6c0xxbjl.default\COOKIES.TXT[.z1.adserver.com/]
    Potentially unwanted tool:Application/Processor Not disinfected




    C:\WINDOWS\g16723265.exe moved successfully.
    C:\WINDOWS\g15520828.exe moved successfully.
    C:\WINDOWS\g14198859.exe moved successfully.
    C:\WINDOWS\g12879187.exe moved successfully.
    C:\WINDOWS\g11557812.exe moved successfully.
    C:\WINDOWS\g10839125.exe moved successfully.
    C:\WINDOWS\g10340062.exe moved successfully.
    C:\WINDOWS\g9138078.exe moved successfully.
    C:\WINDOWS\g6137578.exe moved successfully.
    C:\WINDOWS\g4817390.exe moved successfully.
    C:\WINDOWS\g2693906.exe moved successfully.
    C:\WINDOWS\g1491328.exe moved successfully.
    C:\WINDOWS\g408890.exe moved successfully.

    Created on 05-18-2007 22:58:20






    Logfile of HijackThis v1.99.0
    Scan saved at 20:44:53, on 19-5-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\DOCUME~1\UMUT~1.UMU\LOCALS~1\Temp\Rar$EX00.766\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [Arovax AntiSpyware] C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe /s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175890710046
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: iPod-service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Spyware Doctor Auxiliary Service - Unknown - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: StarWind iSCSI Service - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • [b:c2ecd4ff21]Je Java software is verouderd.[/color:c2ecd4ff21][/b:c2ecd4ff21] oudere versies hebben lekken die malware de kans geeft om zich te installeren op je systeem.
    Doe eerst deze stappen om Java te de-installeren en de nieuwere versie te installeren:[list:c2ecd4ff21][*:c2ecd4ff21]Download [b:c2ecd4ff21]Java Runtime Environment (JRE) 6.1[/color:c2ecd4ff21][/b:c2ecd4ff21].
    [*:c2ecd4ff21]Scroll omlaag naar : "[i:c2ecd4ff21]Java Runtime Environment (JRE) 6u1[/i:c2ecd4ff21]".
    [*:c2ecd4ff21]Klik op de "[b:c2ecd4ff21]Download[/b:c2ecd4ff21]" knop aan de rechterkant.
    [*:c2ecd4ff21]Vink aan: "[b:c2ecd4ff21][i:c2ecd4ff21]Accept[/b:c2ecd4ff21] License Agreement[/i:c2ecd4ff21]".
    [*:c2ecd4ff21]De pagina zal herladen.
    [*:c2ecd4ff21]Klik op de link om [i:c2ecd4ff21]Windows [b:c2ecd4ff21]Offline[/b:c2ecd4ff21] Installation[/i:c2ecd4ff21] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
    [*:c2ecd4ff21]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:c2ecd4ff21]Ga dan naar [b:c2ecd4ff21]Start[/b:c2ecd4ff21] > [b:c2ecd4ff21]Configuratiescherm[/b:c2ecd4ff21] > [b:c2ecd4ff21]Software[/b:c2ecd4ff21] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:c2ecd4ff21]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:c2ecd4ff21]Klik dan op [b:c2ecd4ff21]Verwijderen[/b:c2ecd4ff21] of op de [b:c2ecd4ff21]Wijzig/Verwijder[/b:c2ecd4ff21] knop.
    [*:c2ecd4ff21]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:c2ecd4ff21]Na het verwijderen van alle oudere versies, [b:c2ecd4ff21]herstart[/b:c2ecd4ff21] je pc.
    [*:c2ecd4ff21]Dubbelklik vervolgens op [b:c2ecd4ff21]jre-6u1-windows-i586-p.exe[/b:c2ecd4ff21] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:c2ecd4ff21]

    Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
    Kijk hier hoe je je systeemherstel moet uitschakelen.
    Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

    Ondervindt je nog problemen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.