Vraag & Antwoord

Beveiliging & privacy

Win32/fotomoto - ads_optimizer

22 antwoorden
  • Hallo, Mijn windows defender kwam onder het scannen het bestand win32/fotomoto tegen, ookwel ads_optimizer genoemd tegen. Ik probeerde dit te verwijderen met mcAfee en Wdefender, maar zonder enig resultaat. Hierna heb ik vundofix eroverheen gehaald. Deze vond niets. Daarna Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:20:18, on 10-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\GEARSec.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\WINDOWS\system32\rvnaqwuu.exe C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\MSN Messenger\msnmsgr.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe c:\program files\mcafee.com\vso\mcmnhdlr.exe c:\program files\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\shared\mghtml.exe C:\DOCUME~1\Tom\LOCALS~1\Temp\Rar$EX01.875\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://google.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [4c4e889c] rundll32.exe "C:\WINDOWS\system32\fcbgajax.dll",b O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\Tom\LOCALS~1\Temp\2007111014539_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\RunOnce: [MPFService] C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -i O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing) O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing) O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tom\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://urbanlone.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0095A64.dat O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DomainService - - C:\WINDOWS\system32\rvnaqwuu.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 13368 bytes Ik zou graag hulp krijgen om dit vervelende bestand te verwijderen.
  • [i:ac8ab5963b]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten. (kopieer de tekst naar bijv. Word en print dit uit)[/i:ac8ab5963b] Download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.exe][b:ac8ab5963b][color=red:ac8ab5963b]SmitfraudFix.exe[/color:ac8ab5963b][/b:ac8ab5963b][/url] (by [b:ac8ab5963b]S!Ri[/b:ac8ab5963b]), en plaats het op je bureaublad. Indien dit niet lukt, download dan vanaf [url=http://72.232.135.12/siri/SmitfraudFix.php]deze[/url] pagina. Start je PC op in VEILIGE mode. Kijk [url=http://users.pandora.be/marcvn/spyware/1378056.htm]hier[/url] hoe dat moet. Dubbelklik op [b:ac8ab5963b]smitfraudfix.exe[/b:ac8ab5963b] Kies optie #2 - [b:ac8ab5963b]Clean[/b:ac8ab5963b] door[b:ac8ab5963b]2[/b:ac8ab5963b] te typen, en druk op "[b:ac8ab5963b]Enter[/b:ac8ab5963b]" om de geïnfecteerde bestanden te verwijderen. Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?" Antwoord "yes" door [b:ac8ab5963b]y[/b:ac8ab5963b] te typen en druk op "Enter". Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus. Het tooltje zal nu onderzoeken of [b:ac8ab5963b]wininet.dll[/b:ac8ab5963b] geïnfecteerd is. Je kan dus de vraag krijgen of je het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door [b:ac8ab5963b]y[/b:ac8ab5963b] te typen en druk op "Enter". Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken. Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus. Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord. (Je kan het rapport ook vinden in c:\rapport.txt) Post dan ook een nieuw log van HijackThis
  • [quote:fd21e19268="juisterr"][i:fd21e19268]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten. (kopieer de tekst naar bijv. Word en print dit uit)[/i:fd21e19268] Download [url=http://siri.urz.free.fr/Fix/SmitfraudFix.exe][b:fd21e19268][color=red:fd21e19268]SmitfraudFix.exe[/color:fd21e19268][/b:fd21e19268][/url] (by [b:fd21e19268]S!Ri[/b:fd21e19268]), en plaats het op je bureaublad. Indien dit niet lukt, download dan vanaf [url=http://72.232.135.12/siri/SmitfraudFix.php]deze[/url] pagina. Start je PC op in VEILIGE mode. Kijk [url=http://users.pandora.be/marcvn/spyware/1378056.htm]hier[/url] hoe dat moet. Dubbelklik op [b:fd21e19268]smitfraudfix.exe[/b:fd21e19268] Kies optie #2 - [b:fd21e19268]Clean[/b:fd21e19268] door[b:fd21e19268]2[/b:fd21e19268] te typen, en druk op "[b:fd21e19268]Enter[/b:fd21e19268]" om de geïnfecteerde bestanden te verwijderen. Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?" Antwoord "yes" door [b:fd21e19268]y[/b:fd21e19268] te typen en druk op "Enter". Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus. Het tooltje zal nu onderzoeken of [b:fd21e19268]wininet.dll[/b:fd21e19268] geïnfecteerd is. Je kan dus de vraag krijgen of je het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door [b:fd21e19268]y[/b:fd21e19268] te typen en druk op "Enter". Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken. Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus. Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord. (Je kan het rapport ook vinden in c:\rapport.txt) Post dan ook een nieuw log van HijackThis[/quote:fd21e19268] Ik snap alleen 1 ding niet, er staat in je uitleg na het registery cleaning dat hij in normale modus opgestart moet worden. Hierna staat echter dat de pc opnieuw in normale modus opgestart moet worden? Anyway, ik heb hem dus in veilige modus opgestart het programma laten runnen. en toen een enorm rapport gekregen, met allerlei sites erin. Hij ging niet het bestand winnet.dll vervangen of iets dergelijks doen.. het rapport is echt enorm dus ik weet niet of ik die hier moet posten, maar doe het toch maar + hijackthis.
  • SmitFraudFix v2.252 Scan done at 19:37:39,93, za 10-11-2007 Run from C:\Documents and Settings\Tom\Bureaublad\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 127.0.0.1 1001-search.info 127.0.0.1 www.1001-search.info 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 136136.net 127.0.0.1 www.136136.net 127.0.0.1 139mm.com 127.0.0.1 www.139mm.com 127.0.0.1 163ns.com 127.0.0.1 www.163ns.com 127.0.0.1 171203.com 127.0.0.1 17-plus.com 127.0.0.1 1800searchonline.com 127.0.0.1 www.1800searchonline.com 127.0.0.1 180searchassistant.com 127.0.0.1 www.180searchassistant.com 127.0.0.1 180solutions.com 127.0.0.1 www.180solutions.com 127.0.0.1 181.365soft.info 127.0.0.1 www.181.365soft.info 127.0.0.1 1987324.com 127.0.0.1 www.1987324.com 127.0.0.1 1-domains-registrations.com 127.0.0.1 www.1-domains-registrations.com 127.0.0.1 1-extreme.biz 127.0.0.1 www.1-extreme.biz 127.0.0.1 1sexparty.com 127.0.0.1 www.1sexparty.com 127.0.0.1 1stantivirus.com 127.0.0.1 www.1stantivirus.com 127.0.0.1 1stpagehere.com 127.0.0.1 www.1stpagehere.com 127.0.0.1 1stsearchportal.com 127.0.0.1 www.1stsearchportal.com 127.0.0.1 2.82211.net 127.0.0.1 www.2006ooo.com 127.0.0.1 2007-download.com 127.0.0.1 www.2007-download.com 127.0.0.1 2020search.com 127.0.0.1 www.2020search.com 127.0.0.1 20x2p.com 127.0.0.1 24.365soft.info 127.0.0.1 www.24.365soft.info 127.0.0.1 24-7pharmacy.info 127.0.0.1 www.24-7pharmacy.info 127.0.0.1 24-7searching-and-more.com 127.0.0.1 www.24-7searching-and-more.com 127.0.0.1 24teen.com 127.0.0.1 www.24teen.com 127.0.0.1 2every.net 127.0.0.1 www.2every.net 127.0.0.1 2ndpower.com 127.0.0.1 2search.com 127.0.0.1 www.2search.com 127.0.0.1 2search.org 127.0.0.1 www.2search.org 127.0.0.1 2squared.com 127.0.0.1 www.2squared.com 127.0.0.1 3322.org 127.0.0.1 www.3322.org 127.0.0.1 365soft.info 127.0.0.1 36site.com 127.0.0.1 www.36site.com 127.0.0.1 3721.com 127.0.0.1 39-93.com 127.0.0.1 3abetterinternet.com 127.0.0.1 www.3abetterinternet.com 127.0.0.1 3bay.it 127.0.0.1 www.3bay.it 127.0.0.1 3ebay.it 127.0.0.1 www.3ebay.it 127.0.0.1 404dns.com 127.0.0.1 www.404dns.com 127.0.0.1 4199.com 127.0.0.1 www.4199.com 127.0.0.1 4corn.net 127.0.0.1 www.4corn.net 127.0.0.1 4ebay.it 127.0.0.1 www.4ebay.it 127.0.0.1 4klm.com 127.0.0.1 4repubblica.it 127.0.0.1 www.4repubblica.it 127.0.0.1 4softget.com 127.0.0.1 www.4softget.com 127.0.0.1 5iscali.it 127.0.0.1 www.5iscali.it 127.0.0.1 5repubblica.it 127.0.0.1 www.5repubblica.it 127.0.0.1 5starvideos.com 127.0.0.1 www.5starvideos.com 127.0.0.1 5tiscali.it 127.0.0.1 www.5tiscali.it 127.0.0.1 5zgmu7o20kt5d8yq.com 127.0.0.1 www.5zgmu7o20kt5d8yq.com 127.0.0.1 6iscali.it 127.0.0.1 www.6iscali.it 127.0.0.1 6sek.com 127.0.0.1 www.6sek.com 127.0.0.1 6tiscali.it 127.0.0.1 www.6tiscali.it 127.0.0.1 7322.com 127.0.0.1 www.7322.com 127.0.0.1 75tz.com 127.0.0.1 777search.com 127.0.0.1 www.777search.com 127.0.0.1 777top.com 127.0.0.1 www.777top.com 127.0.0.1 7939.com 127.0.0.1 www.7939.com 127.0.0.1 7search.com 127.0.0.1 www.7search.com 127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com 127.0.0.1 82211.net 127.0.0.1 8866.org 127.0.0.1 888.com 127.0.0.1 www.888.com 127.0.0.1 8ad.com 127.0.0.1 www.8ad.com 127.0.0.1 9505.com 127.0.0.1 www.9505.com 127.0.0.1 971searchbox.com 127.0.0.1 www.971searchbox.com 127.0.0.1 a.bestmanage.org 127.0.0.1 aaasexypics.com 127.0.0.1 aaawebfinder.com 127.0.0.1 www.aaawebfinder.com 127.0.0.1 aavc.com 127.0.0.1 abc-find.info 127.0.0.1 www.abc-find.info 127.0.0.1 abetterinternet.com 127.0.0.1 www.abetterinternet.com 127.0.0.1 abnetsoft.info 127.0.0.1 www.abnetsoft.info 127.0.0.1 aboutclicker.com 127.0.0.1 www.aboutclicker.com 127.0.0.1 abrp.net 127.0.0.1 www.abrp.net 127.0.0.1 absolutee.com 127.0.0.1 www.absolutee.com 127.0.0.1 abyssmedia.com 127.0.0.1 www.abyssmedia.com 127.0.0.1 ac66.cn 127.0.0.1 www.ac66.cn 127.0.0.1 access.Navinetwork.com 127.0.0.1 access.rapid-pass.net 127.0.0.1 accessactivexvideo.com 127.0.0.1 www.accessactivexvideo.com 127.0.0.1 accessclips.com 127.0.0.1 www.accessclips.com 127.0.0.1 access-dvd.com 127.0.0.1 www.access-dvd.com 127.0.0.1 accesskeygenerator.com 127.0.0.1 www.accesskeygenerator.com 127.0.0.1 accessorygeeks.com 127.0.0.1 www.accessorygeeks.com 127.0.0.1 accessthefuture.net 127.0.0.1 www.accessthefuture.net 127.0.0.1 accessvid.net 127.0.0.1 www.accessvid.net 127.0.0.1 acemedic.com 127.0.0.1 www.acemedic.com 127.0.0.1 ace-webmaster.com 127.0.0.1 www.ace-webmaster.com 127.0.0.1 acjp.com 127.0.0.1 acrobat-2007.com 127.0.0.1 www.acrobat-2007.com 127.0.0.1 acrobat-8.com 127.0.0.1 www.acrobat-8.com 127.0.0.1 acrobat-center.com 127.0.0.1 www.acrobat-center.com 127.0.0.1 acrobat-hq.com 127.0.0.1 www.acrobat-hq.com 127.0.0.1 acrobatreader-8.com 127.0.0.1 www.acrobatreader-8.com 127.0.0.1 acrobat-reader-8.de 127.0.0.1 www.acrobat-reader-8.de 127.0.0.1 acrobat-stop.com 127.0.0.1 www.acrobat-stop.com 127.0.0.1 actionbreastcancer.org 127.0.0.1 www.actionbreastcancer.org 127.0.0.1 activesearcher.info 127.0.0.1 www.activesearcher.info 127.0.0.1 activexaccessobject.com 127.0.0.1 www.activexaccessobject.com 127.0.0.1 activexaccessvideo.com 127.0.0.1 www.activexaccessvideo.com 127.0.0.1 activexemedia.com 127.0.0.1 www.activexemedia.com 127.0.0.1 activexmediaobject.com 127.0.0.1 www.activexmediaobject.com 127.0.0.1 activexmediapro.com 127.0.0.1 www.activexmediapro.com 127.0.0.1 activexmediasite.com 127.0.0.1 www.activexmediasite.com 127.0.0.1 activexmediasoftware.com 127.0.0.1 www.activexmediasoftware.com 127.0.0.1 activexmediasource.com 127.0.0.1 www.activexmediasource.com 127.0.0.1 activexmediatool.com 127.0.0.1 www.activexmediatool.com 127.0.0.1 activexmediatour.com 127.0.0.1 www.activexmediatour.com 127.0.0.1 activexsoftwares.com 127.0.0.1 www.activexsoftwares.com 127.0.0.1 activexsource.com 127.0.0.1 www.activexsource.com 127.0.0.1 activexupdate.com 127.0.0.1 www.activexupdate.com 127.0.0.1 activexvideo.com 127.0.0.1 www.activexvideo.com 127.0.0.1 activexvideotool.com 127.0.0.1 www.activexvideotool.com 127.0.0.1 ad.marketingsector.com 127.0.0.1 www.ad.marketingsector.com 127.0.0.1 ad.mokead.com 127.0.0.1 www.ad.mokead.com 127.0.0.1 ad.yieldmanager.com 127.0.0.1 www.ad.yieldmanager.com 127.0.0.1 ad25.com 127.0.0.1 ad45.com 127.0.0.1 ad77.com 127.0.0.1 ad86.com 127.0.0.1 adamsupportgroup.org 127.0.0.1 www.adamsupportgroup.org 127.0.0.1 adarmor.com 127.0.0.1 www.adarmor.com 127.0.0.1 adasearch.com 127.0.0.1 www.adasearch.com 127.0.0.1 adaware.cc 127.0.0.1 adawarenow.com 127.0.0.1 www.adawarenow.com 127.0.0.1 addictivetechnologies.com 127.0.0.1 www.addictivetechnologies.com 127.0.0.1 addictivetechnologies.net 127.0.0.1 www.addictivetechnologies.net 127.0.0.1 add-manager.com 127.0.0.1 www.add-manager.com 127.0.0.1 adgate.info 127.0.0.1 www.adgate.info 127.0.0.1 adipics.com 127.0.0.1 www.adipics.com 127.0.0.1 admin2cash.biz 127.0.0.1 www.admin2cash.biz 127.0.0.1 adnet-plus.com 127.0.0.1 adobe-download-now.com 127.0.0.1 adobe-downloads.com 127.0.0.1 www.adobe-downloads.com 127.0.0.1 adobe-reader-8.fr 127.0.0.1 www.adobe-reader-8.fr 127.0.0.1 adprotect.com 127.0.0.1 www.adprotect.com 127.0.0.1 ads.centralmedia.ws 127.0.0.1 ads.k8l.info 127.0.0.1 ads.kmpads.com 127.0.0.1 ads.marketingsector.com 127.0.0.1 ads.searchingbooth.com 127.0.0.1 ads.z-quest.com 127.0.0.1 ads183.com 127.0.0.1 www.ads183.com 127.0.0.1 adscontex.com 127.0.0.1 www.adscontex.com 127.0.0.1 adservices1.enhance.com 127.0.0.1 www.adservices1.enhance.com 127.0.0.1 adservs.com 127.0.0.1 adsextend.net 127.0.0.1 www.adsextend.net 127.0.0.1 adshttp.com 127.0.0.1 www.adshttp.com 127.0.0.1 adsonwww.com 127.0.0.1 www.adsonwww.com 127.0.0.1 adspics.com 127.0.0.1 www.adspics.com 127.0.0.1 adtrak.net 127.0.0.1 www.adtrak.net 127.0.0.1 adtrgt.com 127.0.0.1 adult777search.info 127.0.0.1 www.adult777search.info 127.0.0.1 adultan.com 127.0.0.1 www.adultan.com 127.0.0.1 adult-engine-search.com 127.0.0.1 www.adult-engine-search.com 127.0.0.1 adult-erotic-guide.net 127.0.0.1 www.adult-erotic-guide.net 127.0.0.1 adultfilmsite.com 127.0.0.1 www.adultfilmsite.com 127.0.0.1 adult-friends-finder.net 127.0.0.1 www.adult-friends-finder.net 127.0.0.1 adultgambling.org 127.0.0.1 adult-host.org 127.0.0.1 adulthyperlinks.com 127.0.0.1 www.adulthyperlinks.com 127.0.0.1 adultmovieplus.com 127.0.0.1 www.adultmovieplus.com 127.0.0.1 adult-personal.us 127.0.0.1 adultsgames.net 127.0.0.1 adultsper.com 127.0.0.1 www.adultsper.com 127.0.0.1 adulttds.com 127.0.0.1 www.adulttds.com 127.0.0.1 adultzoneworld.com 127.0.0.1 www.adultzoneworld.com 127.0.0.1 advcash.biz 127.0.0.1 www.advcash.biz 127.0.0.1 advert.exaccess.ru 127.0.0.1 advertisemoney.info 127.0.0.1 www.advertisemoney.info 127.0.0.1 advertising.paltalk.com 127.0.0.1 advertising-money.info 127.0.0.1 www.advertising-money.info 127.0.0.1 ad-ware.cc 127.0.0.1 ad-w-a-r-e.com 127.0.0.1 www.ad-w-a-r-e.com 127.0.0.1 a-d-w-a-r-e.com 127.0.0.1 www.a-d-w-a-r-e.com 127.0.0.1 adwarebazooka.com 127.0.0.1 www.adwarebazooka.com 127.0.0.1 adwarefinder.com 127.0.0.1 www.adwarefinder.com 127.0.0.1 adwareprotectionsite.com 127.0.0.1 www.adwareprotectionsite.com 127.0.0.1 adwarepunisher.com 127.0.0.1 www.adwarepunisher.com 127.0.0.1 aflgate.com 127.0.0.1 www.aflgate.com 127.0.0.1 africaspromise.org 127.0.0.1 agava.com 127.0.0.1 agava.ru 127.0.0.1 agentstudio.com 127.0.0.1 aginegialle.it 127.0.0.1 www.aginegialle.it 127.0.0.1 www.aifind.info 127.0.0.1 aifind.info 127.0.0.1 airtleworld.com 127.0.0.1 www.airtleworld.com 127.0.0.1 aitalia.it 127.0.0.1 www.aitalia.it 127.0.0.1 akamai.downloadv3.com 127.0.0.1 aklitalia.it 127.0.0.1 www.aklitalia.it 127.0.0.1 akril.com 127.0.0.1 alcatel.ws 127.0.0.1 alfacleaner.com 127.0.0.1 www.alfacleaner.com 127.0.0.1 alfa-search.com 127.0.0.1 alialia.it 127.0.0.1 www.alialia.it 127.0.0.1 aliotalia.it 127.0.0.1 www.aliotalia.it 127.0.0.1 alirtalia.it 127.0.0.1 www.alirtalia.it 127.0.0.1 alitaia.it 127.0.0.1 www.alitaia.it 127.0.0.1 alitaklia.it 127.0.0.1 www.alitaklia.it 127.0.0.1 alitala.it 127.0.0.1 www.alitala.it 127.0.0.1 alitali.it 127.0.0.1 www.alitali.it 127.0.0.1 alitaliaq.it 127.0.0.1 www.alitaliaq.it 127.0.0.1 alitalias.it 127.0.0.1 www.alitalias.it 127.0.0.1 alitaliaz.it 127.0.0.1 www.alitaliaz.it 127.0.0.1 alitalioa.it 127.0.0.1 www.alitalioa.it 127.0.0.1 alitalisa.it 127.0.0.1 www.alitalisa.it 127.0.0.1 alitaliua.it 127.0.0.1 www.alitaliua.it 127.0.0.1 alitalkia.it 127.0.0.1 www.alitalkia.it 127.0.0.1 alitaloia.it 127.0.0.1 www.alitaloia.it 127.0.0.1 alitaluia.it 127.0.0.1 www.alitaluia.it 127.0.0.1 alitaslia.it 127.0.0.1 www.alitaslia.it 127.0.0.1 alitlia.it 127.0.0.1 www.alitlia.it 127.0.0.1 alitralia.it 127.0.0.1 www.alitralia.it 127.0.0.1 alitsalia.it 127.0.0.1 www.alitsalia.it 127.0.0.1 aliutalia.it 127.0.0.1 www.aliutalia.it 127.0.0.1 ALL1COUNT.NET 127.0.0.1 www.ALL1COUNT.NET 127.0.0.1 all4internet.com 127.0.0.1 www.all4internet.com 127.0.0.1 allabtcars.com 127.0.0.1 allabtjeeps.com 127.0.0.1 all-bittorrent.com 127.0.0.1 www.all-bittorrent.com 127.0.0.1 www.allcybersearch.com 127.0.0.1 allcybersearch.com 127.0.0.1 alldnserrors.com 127.0.0.1 www.alldnserrors.com 127.0.0.1 all-downloads-now.com 127.0.0.1 www.all-downloads-now.com 127.0.0.1 all-edonkey.com 127.0.0.1 www.all-edonkey.com 127.0.0.1 allforadult.com 127.0.0.1 allhyperlinks.com 127.0.0.1 alliesecurity.com 127.0.0.1 www.alliesecurity.com 127.0.0.1 all-inet.com 127.0.0.1 allinternetbusiness.com 127.0.0.1 all-limewire.com 127.0.0.1 www.all-limewire.com 127.0.0.1 allmegabucks.com 127.0.0.1 www.allmegabucks.com 127.0.0.1 allprotections.com 127.0.0.1 www.allprotections.com 127.0.0.1 allresultz.net 127.0.0.1 www.allresultz.net 127.0.0.1 allsecuritynotes.com 127.0.0.1 www.allsecuritynotes.com 127.0.0.1 allsecuritysite.com 127.0.0.1 www.allsecuritysite.com 127.0.0.1 allstarsvideos.net 127.0.0.1 www.allstarsvideos.net 127.0.0.1 alltruesoftware.com 127.0.0.1 www.alltruesoftware.com 127.0.0.1 allvideoactivex.com 127.0.0.1 www.allvideoactivex.com 127.0.0.1 almanah.biz 127.0.0.1 www.almanah.biz 127.0.0.1 almarvideos.com 127.0.0.1 aloitalia.it 127.0.0.1 www.aloitalia.it 127.0.0.1 aluitalia.it 127.0.0.1 www.aluitalia.it 127.0.0.1 amaena.com 127.0.0.1 www.amaena.com 127.0.0.1 amandamountains.com 127.0.0.1 amateurliveshow.com 127.0.0.1 www.amateurliveshow.com 127.0.0.1 amediasoftware.com 127.0.0.1 www.amediasoftware.com 127.0.0.1 amediasource.com 127.0.0.1 www.amediasource.com 127.0.0.1 americancarbargains.com 127.0.0.1 www.americancarbargains.com 127.0.0.1 american-teens.net 127.0.0.1 amigeek.com 127.0.0.1 amisbusiness.com 127.0.0.1 ampmsearch.com 127.0.0.1 www.ampmsearch.com 127.0.0.1 analcord.com 127.0.0.1 www.analcord.com 127.0.0.1 analmovi.com 127.0.0.1 anarchylolita.com 127.0.0.1 www.anarchylolita.com 127.0.0.1 anarchyporn.com 127.0.0.1 andromedical.com 127.0.0.1 www.andromedical.com 127.0.0.1 animepornmag.com 127.0.0.1 www.animepornmag.com 127.0.0.1 anin.org 127.0.0.1 anjpn-avxiz.biz 127.0.0.1 www.anjpn-avxiz.biz 127.0.0.1 anjpnzqav.biz 127.0.0.1 www.anjpnzqav.biz 127.0.0.1 anjpn-zqav.biz 127.0.0.1 www.anjpn-zqav.biz 127.0.0.1 annaromeo.com 127.0.0.1 antiddos.us 127.0.0.1 www.antiddos.us 127.0.0.1 Antiespiadorado.com 127.0.0.1 www.Antiespiadorado.com 127.0.0.1 Antiespionspack.com 127.0.0.1 www.Antiespionspack.com 127.0.0.1 Antigusanos2008.com 127.0.0.1 www.Antigusanos2008.com 127.0.0.1 Antispionage.com 127.0.0.1 www.Antispionage.com 127.0.0.1 Antispionagepro.com 127.0.0.1 www.Antispionagepro.com 127.0.0.1 antispydns.biz 127.0.0.1 www.antispydns.biz 127.0.0.1 antispylab.com 127.0.0.1 www.antispylab.com 127.0.0.1 antispysolutions.com 127.0.0.1 www.antispysolutions.com 127.0.0.1 antispyware.com 127.0.0.1 www.antispyware.com 127.0.0.1 antispywarebot.com 127.0.0.1 www.antispywarebot.com 127.0.0.1 antispywarebox.com 127.0.0.1 www.antispywarebox.com 127.0.0.1 antispywaredownloads.com 127.0.0.1 www.antispywaredownloads.com 127.0.0.1 Antispywaresuite.com 127.0.0.1 www.Antispywaresuite.com 127.0.0.1 Antispyweb.net 127.0.0.1 www.Antispyweb.net 127.0.0.1 Antiver2008.com 127.0.0.1 www.Antiver2008.com 127.0.0.1 antivermins.com 127.0.0.1 www.antivermins.com 127.0.0.1 anti-vermins.com 127.0.0.1 www.anti-vermins.com 127.0.0.1 antivir2007.com 127.0.0.1 www.antivir2007.com 127.0.0.1 antivirgear.com 127.0.0.1 www.antivirgear.com 127.0.0.1 antivirus.fastfreedownload.com 127.0.0.1 www.antivirus.fastfreedownload.com 127.0.0.1 antivirusgolden.com 127.0.0.1 www.antivirusgolden.com 127.0.0.1 antivirus-hq.net 127.0.0.1 www.antivirus-hq.net 127.0.0.1 anti-virus-pro.com 127.0.0.1 www.anti-virus-pro.com 127.0.0.1 antivirusprotector.com 127.0.0.1 www.antivirusprotector.com 127.0.0.1 antivirussecuritypro.com 127.0.0.1 www.antivirussecuritypro.com 127.0.0.1 antivirus-stop.com 127.0.0.1 www.antivirus-stop.com 127.0.0.1 Antiworm2008.com 127.0.0.1 www.Antiworm2008.com 127.0.0.1 Antiwurm2008.com 127.0.0.1 www.Antiwurm2008.com 127.0.0.1 antrocity.com 127.0.0.1 anyofus.com 127.0.0.1 www.anyofus.com 127.0.0.1 anysn.seproger.com 127.0.0.1 www.anysn.seproger.com 127.0.0.1 anything4health.com 127.0.0.1 apicpreview.com 127.0.0.1 www.apicpreview.com 127.0.0.1 appealcircuit.com 127.0.0.1 www.appealcircuit.com 127.0.0.1 approvedlinks.com 127.0.0.1 www.approvedlinks.com 127.0.0.1 apps.deskwizz.com 127.0.0.1 apps.webservicehost.com 127.0.0.1 aprotectedpage.com 127.0.0.1 www.aprotectedpage.com 127.0.0.1 apsua.com 127.0.0.1 archiviosex.net 127.0.0.1 www.archiviosex.net 127.0.0.1 aregay.com 127.0.0.1 ares-freebie.com 127.0.0.1 www.ares-freebie.com 127.0.0.1 arespro2007.com 127.0.0.1 www.arespro2007.com 127.0.0.1 aresultra.com 127.0.0.1 www.aresultra.com 127.0.0.1 ares-usa.com 127.0.0.1 www.ares-usa.com 127.0.0.1 arheo.com 127.0.0.1 arizonaweb.org 127.0.0.1 armitageinn.com 127.0.0.1 arquivojpgs.smtp.ru 127.0.0.1 www.arquivojpgs.smtp.ru 127.0.0.1 artachnid.com 127.0.0.1 art-func.com 127.0.0.1 art-xxx.com 127.0.0.1 asafebrowser.com 127.0.0.1 www.asafebrowser.com 127.0.0.1 asafetynotice.com 127.0.0.1 www.asafetynotice.com 127.0.0.1 asafetypage.com 127.0.0.1 www.asafetypage.com 127.0.0.1 asdbiz.biz 127.0.0.1 www.asdbiz.biz 127.0.0.1 asdeykuddq.com 127.0.0.1 www.asdeykuddq.com 127.0.0.1 asecurebar.com 127.0.0.1 www.asecurebar.com 127.0.0.1 asecureboard.com 127.0.0.1 www.asecureboard.com 127.0.0.1 asecurevalue.com 127.0.0.1 www.asecurevalue.com 127.0.0.1 asecurityissue.com 127.0.0.1 www.asecurityissue.com 127.0.0.1 asecuritynotice.com 127.0.0.1 www.asecuritynotice.com 127.0.0.1 asecuritypaper.com 127.0.0.1 www.asecuritypaper.com 127.0.0.1 asecuritystuff.com 127.0.0.1 www.asecuritystuff.com 127.0.0.1 asiankingkong.com 127.0.0.1 asianpornmag.com 127.0.0.1 www.asianpornmag.com 127.0.0.1 asiantoolbar.com 127.0.0.1 www.asiantoolbar.com 127.0.0.1 asidseiupc.com 127.0.0.1 www.asidseiupc.com 127.0.0.1 aslitalia.it 127.0.0.1 www.aslitalia.it 127.0.0.1 ass-gals.com 127.0.0.1 assureprotection.com 127.0.0.1 www.assureprotection.com 127.0.0.1 asta-killer.com 127.0.0.1 asupereva.it 127.0.0.1 www.asupereva.it 127.0.0.1 athenrye.com 127.0.0.1 atotalsafety.com 127.0.0.1 www.atotalsafety.com 127.0.0.1 atrueprotection.com 127.0.0.1 www.atrueprotection.com 127.0.0.1 atruesecurity.com 127.0.0.1 www.atruesecurity.com 127.0.0.1 attackware.com 127.0.0.1 www.attackware.com 127.0.0.1 attrezzi.biz 127.0.0.1 www.attrezzi.biz 127.0.0.1 aulde.net 127.0.0.1 www.aulde.net 127.0.0.1 aupereva.it 127.0.0.1 www.aupereva.it 127.0.0.1 autocontext.begun.ru 127.0.0.1 www.autocontext.begun.ru 127.0.0.1 autoescrowpay.com 127.0.0.1 avast.free-software-center.com 127.0.0.1 www.avast.free-software-center.com 127.0.0.1 avast-2007.com 127.0.0.1 www.avast-2007.com 127.0.0.1 avast-downloads.com 127.0.0.1 www.avast-downloads.com 127.0.0.1 avast-hq.com 127.0.0.1 www.avast-hq.com 127.0.0.1 avforce.com 127.0.0.1 www.avforce.com 127.0.0.1 avg.grab-it-today.net 127.0.0.1 www.avg.grab-it-today.net 127.0.0.1 avg.softwarecenterz.com 127.0.0.1 www.avg.softwarecenterz.com 127.0.0.1 avg-secure.com 127.0.0.1 www.avg-secure.com 127.0.0.1 avian-ads.com 127.0.0.1 avideoaxaccess.com 127.0.0.1 www.avideoaxaccess.com 127.0.0.1 avideosurfer.com 127.0.0.1 www.avideosurfer.com 127.0.0.1 aviewersoft.com 127.0.0.1 www.aviewersoft.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avxizaaqada.biz 127.0.0.1 www.avxizaaqada.biz 127.0.0.1 avxiz-anjpn.biz 127.0.0.1 www.avxiz-anjpn.biz 127.0.0.1 avxizueorn.biz 127.0.0.1 www.avxizueorn.biz 127.0.0.1 avxiz-ueorn.biz 127.0.0.1 www.avxiz-ueorn.biz 127.0.0.1 avxiz-vtvcp.biz 127.0.0.1 www.avxiz-vtvcp.biz 127.0.0.1 avxiz-ygco.biz 127.0.0.1 www.avxiz-ygco.biz 127.0.0.1 avxiz-zqav.biz 127.0.0.1 www.avxiz-zqav.biz 127.0.0.1 awarninglist.com 127.0.0.1 www.awarninglist.com 127.0.0.1 awbeta.net-nucleus.com 127.0.0.1 awesomehomepage.com 127.0.0.1 www.awesomehomepage.com 127.0.0.1 awmcash.biz 127.0.0.1 awmdabest.com 127.0.0.1 axemediasoftware.com 127.0.0.1 www.axemediasoftware.com 127.0.0.1 aximageobject.com 127.0.0.1 www.aximageobject.com 127.0.0.1 axmediaproject.com 127.0.0.1 www.axmediaproject.com 127.0.0.1 axmediasoftware.com 127.0.0.1 www.axmediasoftware.com 127.0.0.1 axmediasolutions.com 127.0.0.1 www.axmediasolutions.com 127.0.0.1 axobjectpage.com 127.0.0.1 www.axobjectpage.com 127.0.0.1 axobjectsource.com 127.0.0.1 www.axobjectsource.com 127.0.0.1 axsoftwaretool.com 127.0.0.1 www.axsoftwaretool.com 127.0.0.1 axvideoproject.com 127.0.0.1 www.axvideoproject.com 127.0.0.1 axvideosetup.com 127.0.0.1 www.axvideosetup.com 127.0.0.1 ayakawamura.com 127.0.0.1 ayb.dns-look-up.com 127.0.0.1 ayb.netbios-wait.com 127.0.0.1 ayumitaniguchi.com 127.0.0.1 azebar.com 127.0.0.1 azureusclub.com 127.0.0.1 www.azureusclub.com 127.0.0.1 azureus-freebie.com 127.0.0.1 www.azureus-freebie.com 127.0.0.1 azzetta.it 127.0.0.1 www.azzetta.it 127.0.0.1 b.casalemedia.com 127.0.0.1 babe.k-lined.com 127.0.0.1 www.babe.k-lined.com 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 babenet.com 127.0.0.1 www.babenet.com 127.0.0.1 babespornmag.com 127.0.0.1 www.babespornmag.com 127.0.0.1 babeweb.de 127.0.0.1 www.babeweb.de 127.0.0.1 baccarat-other.info 127.0.0.1 www.baccarat-other.info 127.0.0.1 Backstripgirls.com 127.0.0.1 www.Backstripgirls.com 127.0.0.1 backup.mabou.org 127.0.0.1 balotierra.com 127.0.0.1 www.balotierra.com 127.0.0.1 bannedhost.net 127.0.0.1 barbudafarms.com 127.0.0.1 bardownload.com 127.0.0.1 www.bardownload.com 127.0.0.1 barnandfence.com 127.0.0.1 batsearch.com 127.0.0.1 baygraphicsllc.com 127.0.0.1 bbbsearch.com 127.0.0.1 bb-search.com 127.0.0.1 bdsmlibrary.net 127.0.0.1 bdsmpornmag.com 127.0.0.1 www.bdsmpornmag.com 127.0.0.1 bearshare.download-me.info 127.0.0.1 www.bearshare.download-me.info 127.0.0.1 bearshare.mp3-muzic.com 127.0.0.1 www.bearshare.mp3-muzic.com 127.0.0.1 bearshare-download.org 127.0.0.1 www.bearshare-download.org 127.0.0.1 bearshare-downloads.net 127.0.0.1 www.bearshare-downloads.net 127.0.0.1 bearsharelive.co.uk 127.0.0.1 www.bearsharelive.co.uk 127.0.0.1 bearshare-music-downloads.com 127.0.0.1 www.bearshare-music-downloads.com 127.0.0.1 bearsharepro2007.com 127.0.0.1 www.bearsharepro2007.com 127.0.0.1 bearshare-usa.com 127.0.0.1 www.bearshare-usa.com 127.0.0.1 bedhome.com 127.0.0.1 bediadance.com 127.0.0.1 beebappyy.biz 127.0.0.1 www.beebappyy.biz 127.0.0.1 begin2search.com 127.0.0.1 www.begin2search.com 127.0.0.1 bellabasketsfl.com 127.0.0.1 bernaolatwin.com 127.0.0.1 best-counter.com 127.0.0.1 bestcrawler.com 127.0.0.1 bestfor.ru 127.0.0.1 best-hardpics.com 127.0.0.1 bestmanage.org 127.0.0.1 www.bestmanage.org 127.0.0.1 bestmanage0.org 127.0.0.1 www.bestmanage0.org 127.0.0.1 bestmanage1.org 127.0.0.1 www.bestmanage1.org 127.0.0.1 bestmanage2.org 127.0.0.1 www.bestmanage2.org 127.0.0.1 bestmanage3.org 127.0.0.1 www.bestmanage3.org 127.0.0.1 bestmanage4.org 127.0.0.1 www.bestmanage4.org 127.0.0.1 bestmanage5.org 127.0.0.1 www.bestmanage5.org 127.0.0.1 bestmanage6.org 127.0.0.1 www.bestmanage6.org 127.0.0.1 bestmanage7.org 127.0.0.1 www.bestmanage7.org 127.0.0.1 bestmanage8.org 127.0.0.1 www.bestmanage8.org 127.0.0.1 bestmanage9.org 127.0.0.1 www.bestmanage9.org 127.0.0.1 bestporngate.com 127.0.0.1 bestsafetyguide.net 127.0.0.1 www.bestsafetyguide.net 127.0.0.1 best-spyware.info 127.0.0.1 www.best-spyware.info 127.0.0.1 best-targeted-traffic.com 127.0.0.1 www.best-targeted-traffic.com 127.0.0.1 best-voyeur.info 127.0.0.1 www.best-voyeur.info 127.0.0.1 bestweblinks.com 127.0.0.1 best-winning-casino.com 127.0.0.1 bestworldgirls-for-u.net 127.0.0.1 www.bestworldgirls-for-u.net 127.0.0.1 bestxporno.com 127.0.0.1 bettersearch.biz 127.0.0.1 www.bettersearch.biz 127.0.0.1 bgazzetta.it 127.0.0.1 www.bgazzetta.it 127.0.0.1 bgoogle.it 127.0.0.1 www.bgoogle.it 127.0.0.1 bigtrafficnetwork.com 127.0.0.1 www.bigtrafficnetwork.com 127.0.0.1 bigwww.com 127.0.0.1 www.bigwww.com 127.0.0.1 bin.errorprotector.com 127.0.0.1 bins.media-motor.net 127.0.0.1 bins2.media-motor.net 127.0.0.1 bis.180solutions.com 127.0.0.1 bitchesonline.net 127.0.0.1 bitcomet-freebie.com 127.0.0.1 www.bitcomet-freebie.com 127.0.0.1 biz.biz 127.0.0.1 blackblues00.com 127.0.0.1 www.blackblues00.com 127.0.0.1 blackhats.tc 127.0.0.1 www.blackhats.tc 127.0.0.1 blackhawksoftware.com 127.0.0.1 www.blackhawksoftware.com 127.0.0.1 blackjack-free.net 127.0.0.1 blazefind.com 127.0.0.1 blender.xu.pl 127.0.0.1 blondetgp.com 127.0.0.1 blue-elefant.com 127.0.0.1 www.blue-elefant.com 127.0.0.1 bm.theaimonline.com 127.0.0.1 www.bm.theaimonline.com 127.0.0.1 bnmgate.com 127.0.0.1 www.bnmgate.com 127.0.0.1 bodaciousbabette.com 127.0.0.1 bonzi.com 127.0.0.1 www.bonzi.com 127.0.0.1 boobdoll.com 127.0.0.1 boobsandtits.com 127.0.0.1 boobsclub.com 127.0.0.1 bookedspace.com 127.0.0.1 www.bookedspace.com 127.0.0.1 boom.com.vn 127.0.0.1 www.boom.com.vn 127.0.0.1 boredlife.com 127.0.0.1 bowlofogumbo.com 127.0.0.1 bpfq02.com 127.0.0.1 www.bpfq02.com 127.0.0.1 bqgate.com 127.0.0.1 www.bqgate.com 127.0.0.1 br.errorsafe.com 127.0.0.1 br.winantivirus.com 127.0.0.1 br.winfixer.com 127.0.0.1 bradcoem.org 127.0.0.1 braincodec.com 127.0.0.1 www.braincodec.com 127.0.0.1 brandiyoung.com 127.0.0.1 bravesentry.com 127.0.0.1 www.bravesentry.com 127.0.0.1 breenten.biz 127.0.0.1 www.breenten.biz 127.0.0.1 brodbfm.net 127.0.0.1 www.brodbfm.net 127.0.0.1 brookeburn.com 127.0.0.1 browserwise.com 127.0.0.1 www.browserwise.com 127.0.0.1 bucps.com 127.0.0.1 buhartes.info 127.0.0.1 buldog-stats.com 127.0.0.1 bullseye-network.com 127.0.0.1 www.bullseye-network.com 127.0.0.1 burgerkingbigscreen.com 127.0.0.1 burnsrecyclinginc.com 127.0.0.1 www.burnsrecyclinginc.com 127.0.0.1 buscards.net 127.0.0.1 bustyrussell.com 127.0.0.1 busysearch.net 127.0.0.1 www.busysearch.net 127.0.0.1 buttejazz.org 127.0.0.1 buy-find.info 127.0.0.1 www.buy-find.info 127.0.0.1 buyselldomain.net 127.0.0.1 buytraff.biz 127.0.0.1 www.buytraff.biz 127.0.0.1 buz.ru 127.0.0.1 bvirgilio.it 127.0.0.1 www.bvirgilio.it 127.0.0.1 c.centralmedia.ws 127.0.0.1 c.enhance.com 127.0.0.1 www.c.enhance.com 127.0.0.1 c.goclick.com 127.0.0.1 c4tdownload.com 127.0.0.1 www.c4tdownload.com 127.0.0.1 c5.www4free.info 127.0.0.1 www.c5.www4free.info 127.0.0.1 cache.surfaccuracy.com 127.0.0.1 www.cache.surfaccuracy.com Heel veel andere sites waarvan ik nog nooit gehoord heb. 127.0.0.1 www.zsvcompany.com 127.0.0.1 bcnproduction.com 127.0.0.1 www.bcnproduction.com »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End =============================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:40, on 10-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\GEARSec.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Last.fm\LastFMHelper.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tom\Bureaublad\HijackThis.exe C:\Program Files\MSN Messenger\usnsvc.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\Tom\LOCALS~1\Temp\20071110145544_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0095A64.dat O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 8928 bytes
  • Download [url=http://www.funkytoad.com/download/HostsXpert.zip][color=Blue:4b9496b882]HostsXpert[/color:4b9496b882][/url] en unzip HostsXpert naar een eigen map, bijvoorbeeld C:\HostsXpert. Start [b:4b9496b882]HostsXpert.exe [/b:4b9496b882] klik [b:4b9496b882]"restore microsoft's hosts files"[/b:4b9496b882] Sluit daarna het programma af.
  • Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:27989c8bde][b:27989c8bde]RVAXO.exe[/b:27989c8bde][/color:27989c8bde][/url] Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken. Je kunt het programma laten uitpakken naar je bureaublad. Open nu de map RVAXO op je bureaublad en dubbelklik [b:27989c8bde]RVAXO.cmd[/b:27989c8bde] Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [b:27989c8bde]Mogelijk[/b:27989c8bde] start er ook een uninstaller van een rogue scanner op, [b:27989c8bde]sluit deze niet af[/b:27989c8bde] maar volg eventuele aanwijzingen en laat deze zijn werk doen. Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent. Deze is eventueel ook hier te vinden: C:\[b:27989c8bde]RVAXO-results.log[/b:27989c8bde] Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis. Herstarte je PC niet? Laat [b:27989c8bde]RVAXO[/b:27989c8bde] nog een keer lopen en post dan het nieuwe logje: [b:27989c8bde]C:\rvaxo-results.log [/b:27989c8bde]
  • ----------------RVAXO.exe first run------------- Files found: C:\WINDOWS\system32\__c0077ED0.dat C:\WINDOWS\system32\__c0095A64.dat C:\WINDOWS\system32\ststv.bak1 C:\WINDOWS\system32\ststv.bak2 Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: C:\WINDOWS\system32\__c0095A64.dat Folders Found: --------------RVAXO.exe finished---------------- =============================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:55:10, on 10-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\GEARSec.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\vsnpstd2.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\iPod\bin\iPodService.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Tom\Bureaublad\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0095A64.dat O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 8872 bytes
  • Download [url=http://java.sun.com/javase/downloads/index.jsp][b:9ffe3673a7][color=blue:9ffe3673a7]Java Runtime Environment (JRE) 6u3[/color:9ffe3673a7][/b:9ffe3673a7][/url]. [list:9ffe3673a7][*:9ffe3673a7]Scroll omlaag naar : "[i:9ffe3673a7]Java Runtime Environment (JRE) 6u3[/i:9ffe3673a7]". [*:9ffe3673a7]Klik op de "[b:9ffe3673a7]Download[/b:9ffe3673a7]" knop aan de rechterkant. [*:9ffe3673a7]Vink aan: "[b:9ffe3673a7][i:9ffe3673a7]Accept[/b:9ffe3673a7] License Agreement[/i:9ffe3673a7]". [*:9ffe3673a7]De pagina zal herladen. [*:9ffe3673a7]Klik op de link om [i:9ffe3673a7]Windows [b:9ffe3673a7]Offline[/b:9ffe3673a7] Installation[/i:9ffe3673a7] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad. [*:9ffe3673a7]Sluit alle programma's die eventueel open zijn - Zeker je web browser! [*:9ffe3673a7]Ga dan naar [b:9ffe3673a7]Start[/b:9ffe3673a7] > [b:9ffe3673a7]Configuratiescherm[/b:9ffe3673a7] > [b:9ffe3673a7]Software[/b:9ffe3673a7] en verwijder alle oudere versies van Java uit de Softwarelijst. [*:9ffe3673a7]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam. [*:9ffe3673a7]Klik dan op [b:9ffe3673a7]Verwijderen[/b:9ffe3673a7] of op de [b:9ffe3673a7]Wijzig/Verwijder[/b:9ffe3673a7] knop. [*:9ffe3673a7]Herhaal dit tot alle oudere versies verdwenen zijn. [*:9ffe3673a7]Na het verwijderen van alle oudere versies, [b:9ffe3673a7]herstart[/b:9ffe3673a7] je pc. [*:9ffe3673a7]Dubbelklik vervolgens op [b:9ffe3673a7]jre-6u3-windows-i586-p.exe[/b:9ffe3673a7] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:9ffe3673a7] run nogmaals de smitfraud fix aub.
  • SmitFraudFix v2.252 Scan done at 16:25:45,73, zo 11-11-2007 Run from C:\Documents and Settings\Tom\Bureaublad\SmitfraudFix OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End =============================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:38:54, on 11-11-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\acwsquff.exe C:\WINDOWS\System32\GEARSec.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Last.fm\LastFMHelper.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Tom\Bureaublad\Anti; Spywar-bot-virus-hijack\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [4c4e889c] rundll32.exe "C:\WINDOWS\system32\plmafjch.dll",b O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0088374.dat O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: DomainService - - C:\WINDOWS\system32\acwsquff.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 9107 bytes Ik moet toegeven dat het nu een beetje begint te duizelen ;d
  • Tja, Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:8b42361e50] O4 - HKLM\..\Run: [4c4e889c] rundll32.exe "C:\WINDOWS\system32\plmafjch.dll",b O23 - Service: DomainService - - C:\WINDOWS\system32\acwsquff.exe [/b:8b42361e50] Klik op 'Fix checked' om de items te verwijderen. Download [url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:8b42361e50][color=green:8b42361e50]Combofix[/color:8b42361e50][/b:8b42361e50][/url] naar je Bureaublad.[list:8b42361e50] Dubbelklik op [b:8b42361e50]Combofix.exe[/b:8b42361e50] Volg de instructies, aanvaard de disclaimer door [b:8b42361e50]1[/b:8b42361e50] (continue) te typen gevolgd door [b:8b42361e50]ENTER[/b:8b42361e50]. Tijdens het runnen van de fix, [b:8b42361e50]NIET[/b:8b42361e50] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:8b42361e50] Wanneer de fix voltooid is en na herstart, zal de log [b:8b42361e50]combofix.txt[/b:8b42361e50] openen. [i:8b42361e50]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:8b42361e50] OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • Ik heb de 2 hijack files verwijderd toen combifix laten runnen. Dit stuite op een fout en nu doet mijn hele pc het niet meer goed. Firefox is getransformeerd in internet explorer. en ik krijg constant deze melding. Ook is er een zipfile in mijn desktop ontstaat, als je deze opent zit het file dat in het schermpje staat erin. Verder heb ik de pc meerdere malen herstart als mede combifix maar deze runt niet meer door dat het scherm zich blijft herhalen. [img:c197496145]http://img252.imageshack.us/img252/2338/ehoket7.jpg[/img:c197496145]
  • Ga naar Start > Uitvoeren en typ of kopieer de vetgedrukte tekst [b:31f2632933]sfc /scannow[/b:31f2632933] in het opdrachtschermpje (Let op de spatie) Je computer wordt nu gescant op fouten. Als hij vraagt naar de CD van XP Professional en je hebt XP Home; gewoon de CD erin stoppen. Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:31f2632933]Combofix /U[/b:31f2632933], kies optie [b:31f2632933]2[/b:31f2632933] en Enter. plaats een nieuw HJT logje aub.
  • Het sfc /scannow doet het prima totdat de windows schijf word gevraagd, wanneer ik deze erin doe, zegt scannow dat het de verkeerde windows schijf is. Dit snap ik niet omdat het de bijgeleverde schijf is. edit: ik heb hierna de schijf zelf geopend en er word gezegd dat de schijf een verouderde versie van windows xp is. en die op mijn systeem een nieuwere. maargoed dat lost het probleem dus nogsteeds niet op.
  • Download [b:836743f7a1][url=http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe]VirtumundoBegone[/url][/b:836743f7a1], sla dit op op je bureaublad. Dubbelklik op [b:836743f7a1]VirtumundoBeGone.exe[/b:836743f7a1] en volg de aanwijzingen. Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal. Als de fix klaar is, start je de pc opnieuw op. Plaats de inhoud van het logbestand [b:836743f7a1]VBG.TXT[/b:836743f7a1], dat nu op je bureaublad staat, hier in je volgende bericht.
  • [11/13/2007, 20:32:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Tom\Bureaublad\VirtumundoBeGone.exe" ) [11/13/2007, 20:32:43] - Detected System Information: [11/13/2007, 20:32:43] - Windows Version: 5.1.2600, Service Pack 2 [11/13/2007, 20:32:43] - Current Username: Tom (Admin) [11/13/2007, 20:32:43] - Windows is in NORMAL mode. [11/13/2007, 20:32:43] - Searching for Browser Helper Objects: [11/13/2007, 20:32:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen) [11/13/2007, 20:32:43] - BHO 2: {21B1F061-06DD-4CAF-8240-CAF56A107FFB} () [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/13/2007, 20:32:43] - Checking for HKLM\...\Winlogon\Notify\vtsts [11/13/2007, 20:32:43] - Key not found: HKLM\...\Winlogon\Notify\vtsts, continuing. [11/13/2007, 20:32:43] - BHO 3: {2699569F-6E24-4A7E-BBD6-EC9E86AFC955} () [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/13/2007, 20:32:43] - No filename found. Continuing. [11/13/2007, 20:32:43] - BHO 4: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper) [11/13/2007, 20:32:43] - BHO 5: {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} (McAfee AntiPhishing Filter) [11/13/2007, 20:32:43] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess) [11/13/2007, 20:32:43] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/13/2007, 20:32:43] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/13/2007, 20:32:43] - No filename found. Continuing. [11/13/2007, 20:32:43] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/13/2007, 20:32:43] - BHO 10: {98763111-C2B9-4DAA-8D51-E389DF0E1BF7} () [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/13/2007, 20:32:43] - No filename found. Continuing. [11/13/2007, 20:32:43] - BHO 11: {B98D1B49-7809-4137-A192-47868A42EBEF} () [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/13/2007, 20:32:43] - No filename found. Continuing. [11/13/2007, 20:32:43] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [11/13/2007, 20:32:43] - BHO 13: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) [11/13/2007, 20:32:43] - BHO 14: {fde32fe6-4082-449a-af91-eaac02c17531} () [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/13/2007, 20:32:43] - Checking for HKLM\...\Winlogon\Notify\vlabkcwd [11/13/2007, 20:32:43] - Key not found: HKLM\...\Winlogon\Notify\vlabkcwd, continuing. [11/13/2007, 20:32:43] - Finished Searching Browser Helper Objects [11/13/2007, 20:32:43] - Finishing up... [11/13/2007, 20:32:43] - Nothing found! Exiting...
  • Dit lost het probleem dus nogsteeds niet op. Ik vind het heel goed dat er aandacht aan word besteed, maar het probleem is eigenlijk alleen nog maar erger geworden. met vriendelijk groet,
  • Ja en dat is niet gewoon want dat kunnen de tools niet veroorzaken. Download: [url=http://home.hetnet.nl/~stefsmeenk/RVAXO.exe][color=blue:001c61b130][b:001c61b130]RVAXO.exe[/b:001c61b130][/color:001c61b130][/url] Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken. Je kunt het programma laten uitpakken naar je bureaublad. Open nu de map RVAXO op je bureaublad en dubbelklik [b:001c61b130]RVAXO.cmd[/b:001c61b130] Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal. [b:001c61b130]Mogelijk[/b:001c61b130] start er ook een uninstaller van een rogue scanner op, [b:001c61b130]sluit deze niet af[/b:001c61b130] maar volg eventuele aanwijzingen en laat deze zijn werk doen. Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw. Laat deze lopen en wacht tot er een logfile opent. Deze is eventueel ook hier te vinden: C:\[b:001c61b130]RVAXO-results.log[/b:001c61b130] Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis. Herstarte je PC niet? Laat [b:001c61b130]RVAXO[/b:001c61b130] nog een keer lopen en post dan het nieuwe logje: [b:001c61b130]C:\rvaxo-results.log [/b:001c61b130]
  • Ha! het 'ongeldig beeld' scherm is er niet meer! Hartstikke bedankt! ----------------RVAXO.exe first run------------- Files found: C:\WINDOWS\system32\__c0077ED0.dat C:\WINDOWS\system32\__c0095A64.dat C:\WINDOWS\system32\ststv.bak1 C:\WINDOWS\system32\ststv.bak2 Uninstallers Rogue scanners: Folders Found: Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Files found: Folders Found: --------------RVAXO.exe finished----------------
  • Nieuw HJT logje aub .
  • Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:24, on 2007-11-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\GEARSec.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\a-TimeSync\TimeSync.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Last.fm\LastFMHelper.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tom\Bureaublad\Anti; Spywar-bot-virus-hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2699569F-6E24-4A7E-BBD6-EC9E86AFC955} - (no file) O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {98763111-C2B9-4DAA-8D51-E389DF0E1BF7} - (no file) O2 - BHO: (no name) - {B98D1B49-7809-4137-A192-47868A42EBEF} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing) O2 - BHO: {13571c20-caae-19fa-a944-28046ef23edf} - {fde32fe6-4082-449a-af91-eaac02c17531} - C:\WINDOWS\system32\vlabkcwd.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\TimeSync.exe" /auto O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: byxxwxx - byxxwxx.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 10980 bytes Merci

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.