Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Win32/fotomoto - ads_optimizer

None
22 antwoorden
  • Hallo,

    Mijn windows defender kwam onder het scannen het bestand win32/fotomoto tegen, ookwel ads_optimizer genoemd tegen.

    Ik probeerde dit te verwijderen met mcAfee en Wdefender, maar zonder enig resultaat.

    Hierna heb ik vundofix eroverheen gehaald. Deze vond niets.

    Daarna Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:20:18, on 10-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\WINDOWS\system32\rvnaqwuu.exe
    C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    c:\program files\mcafee.com\vso\mcmnhdlr.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\DOCUME~1\Tom\LOCALS~1\Temp\Rar$EX01.875\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://google.daemonsearch.com/intl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=nl&l=nl&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [4c4e889c] rundll32.exe "C:\WINDOWS\system32\fcbgajax.dll",b
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\Tom\LOCALS~1\Temp\2007111014539_mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKLM\..\RunOnce: [MPFService] C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -i
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tom\Menu Start\Programma's\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://urbanlone.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0095A64.dat
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\rvnaqwuu.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 13368 bytes

    Ik zou graag hulp krijgen om dit vervelende bestand te verwijderen.

  • [i:ac8ab5963b]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
    (kopieer de tekst naar bijv. Word en print dit uit)[/i:ac8ab5963b]

    Download [b:ac8ab5963b] (by [b:ac8ab5963b]S!Ri[/b:ac8ab5963b]), en plaats het op je bureaublad.
    Indien dit niet lukt, download dan vanaf deze pagina.

    Start je PC op in VEILIGE mode.
    Kijk hier hoe dat moet.


    Dubbelklik op [b:ac8ab5963b]smitfraudfix.exe[/b:ac8ab5963b]
    Kies optie #2 - [b:ac8ab5963b]Clean[/b:ac8ab5963b] door[b:ac8ab5963b]2[/b:ac8ab5963b] te typen, en druk op "[b:ac8ab5963b]Enter[/b:ac8ab5963b]" om de
    geïnfecteerde bestanden te verwijderen.

    Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"
    Antwoord "yes" door [b:ac8ab5963b]y[/b:ac8ab5963b] te typen en druk op "Enter".

    Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus.

    Het tooltje zal nu onderzoeken of [b:ac8ab5963b]wininet.dll[/b:ac8ab5963b] geïnfecteerd is. Je kan dus de vraag krijgen of je
    het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door [b:ac8ab5963b]y[/b:ac8ab5963b] te typen en druk op "Enter".

    Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
    Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
    Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord.
    (Je kan het rapport ook vinden in c:\rapport.txt)
    Post dan ook een nieuw log van HijackThis
  • [quote:fd21e19268="juisterr"][i:fd21e19268]Print de onderstaande instructies uit omdat je de computer tijdens het fixen moet herstarten.
    (kopieer de tekst naar bijv. Word en print dit uit)[/i:fd21e19268]

    Download [b:fd21e19268] (by [b:fd21e19268]S!Ri[/b:fd21e19268]), en plaats het op je bureaublad.
    Indien dit niet lukt, download dan vanaf deze pagina.

    Start je PC op in VEILIGE mode.
    Kijk hier hoe dat moet.


    Dubbelklik op [b:fd21e19268]smitfraudfix.exe[/b:fd21e19268]
    Kies optie #2 - [b:fd21e19268]Clean[/b:fd21e19268] door[b:fd21e19268]2[/b:fd21e19268] te typen, en druk op "[b:fd21e19268]Enter[/b:fd21e19268]" om de
    geïnfecteerde bestanden te verwijderen.

    Je zal een vraag krijgen: ""Registry cleaning - Do you want to clean the registry ?"
    Antwoord "yes" door [b:fd21e19268]y[/b:fd21e19268] te typen en druk op "Enter".

    Als je pc daarna niet heropstart, start hem dan handmatig terug op in normale modus.

    Het tooltje zal nu onderzoeken of [b:fd21e19268]wininet.dll[/b:fd21e19268] geïnfecteerd is. Je kan dus de vraag krijgen of je
    het geïnfecteerde bestandje wil vervangen. Antwoord dan "yes" door [b:fd21e19268]y[/b:fd21e19268] te typen en druk op "Enter".

    Het kan zijn dat het tooltje je pc opnieuw laat opstarten om zijn werk te kunnen afmaken.
    Als dat niet zo is, start je pc dan handmatig opnieuw op in normale modus.
    Er zal een tekstbestandje openen met de resultaten van de fix. Post de inhoud van dit bestandje in je volgende antwoord.
    (Je kan het rapport ook vinden in c:\rapport.txt)
    Post dan ook een nieuw log van HijackThis[/quote:fd21e19268]

    Ik snap alleen 1 ding niet, er staat in je uitleg na het registery cleaning dat hij in normale modus opgestart moet worden. Hierna staat echter dat de pc opnieuw in normale modus opgestart moet worden?

    Anyway, ik heb hem dus in veilige modus opgestart het programma laten runnen. en toen een enorm rapport gekregen, met allerlei sites erin.
    Hij ging niet het bestand winnet.dll vervangen of iets dergelijks doen..

    het rapport is echt enorm dus ik weet niet of ik die hier moet posten, maar doe het toch maar + hijackthis.
  • SmitFraudFix v2.252

    Scan done at 19:37:39,93, za 10-11-2007
    Run from C:\Documents and Settings\Tom\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost
    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com
    127.0.0.1 1001-search.info
    127.0.0.1 www.1001-search.info
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 132.com
    127.0.0.1 www.132.com
    127.0.0.1 136136.net
    127.0.0.1 www.136136.net
    127.0.0.1 139mm.com
    127.0.0.1 www.139mm.com
    127.0.0.1 163ns.com
    127.0.0.1 www.163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com
    127.0.0.1 1800searchonline.com
    127.0.0.1 www.1800searchonline.com
    127.0.0.1 180searchassistant.com
    127.0.0.1 www.180searchassistant.com
    127.0.0.1 180solutions.com
    127.0.0.1 www.180solutions.com
    127.0.0.1 181.365soft.info
    127.0.0.1 www.181.365soft.info
    127.0.0.1 1987324.com
    127.0.0.1 www.1987324.com
    127.0.0.1 1-domains-registrations.com
    127.0.0.1 www.1-domains-registrations.com
    127.0.0.1 1-extreme.biz
    127.0.0.1 www.1-extreme.biz
    127.0.0.1 1sexparty.com
    127.0.0.1 www.1sexparty.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 2.82211.net
    127.0.0.1 www.2006ooo.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2020search.com
    127.0.0.1 www.2020search.com
    127.0.0.1 20x2p.com
    127.0.0.1 24.365soft.info
    127.0.0.1 www.24.365soft.info
    127.0.0.1 24-7pharmacy.info
    127.0.0.1 www.24-7pharmacy.info
    127.0.0.1 24-7searching-and-more.com
    127.0.0.1 www.24-7searching-and-more.com
    127.0.0.1 24teen.com
    127.0.0.1 www.24teen.com
    127.0.0.1 2every.net
    127.0.0.1 www.2every.net
    127.0.0.1 2ndpower.com
    127.0.0.1 2search.com
    127.0.0.1 www.2search.com
    127.0.0.1 2search.org
    127.0.0.1 www.2search.org
    127.0.0.1 2squared.com
    127.0.0.1 www.2squared.com
    127.0.0.1 3322.org
    127.0.0.1 www.3322.org
    127.0.0.1 365soft.info
    127.0.0.1 36site.com
    127.0.0.1 www.36site.com
    127.0.0.1 3721.com
    127.0.0.1 39-93.com
    127.0.0.1 3abetterinternet.com
    127.0.0.1 www.3abetterinternet.com
    127.0.0.1 3bay.it
    127.0.0.1 www.3bay.it
    127.0.0.1 3ebay.it
    127.0.0.1 www.3ebay.it
    127.0.0.1 404dns.com
    127.0.0.1 www.404dns.com
    127.0.0.1 4199.com
    127.0.0.1 www.4199.com
    127.0.0.1 4corn.net
    127.0.0.1 www.4corn.net
    127.0.0.1 4ebay.it
    127.0.0.1 www.4ebay.it
    127.0.0.1 4klm.com
    127.0.0.1 4repubblica.it
    127.0.0.1 www.4repubblica.it
    127.0.0.1 4softget.com
    127.0.0.1 www.4softget.com
    127.0.0.1 5iscali.it
    127.0.0.1 www.5iscali.it
    127.0.0.1 5repubblica.it
    127.0.0.1 www.5repubblica.it
    127.0.0.1 5starvideos.com
    127.0.0.1 www.5starvideos.com
    127.0.0.1 5tiscali.it
    127.0.0.1 www.5tiscali.it
    127.0.0.1 5zgmu7o20kt5d8yq.com
    127.0.0.1 www.5zgmu7o20kt5d8yq.com
    127.0.0.1 6iscali.it
    127.0.0.1 www.6iscali.it
    127.0.0.1 6sek.com
    127.0.0.1 www.6sek.com
    127.0.0.1 6tiscali.it
    127.0.0.1 www.6tiscali.it
    127.0.0.1 7322.com
    127.0.0.1 www.7322.com
    127.0.0.1 75tz.com
    127.0.0.1 777search.com
    127.0.0.1 www.777search.com
    127.0.0.1 777top.com
    127.0.0.1 www.777top.com
    127.0.0.1 7939.com
    127.0.0.1 www.7939.com
    127.0.0.1 7search.com
    127.0.0.1 www.7search.com
    127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
    127.0.0.1 82211.net
    127.0.0.1 8866.org
    127.0.0.1 888.com
    127.0.0.1 www.888.com
    127.0.0.1 8ad.com
    127.0.0.1 www.8ad.com
    127.0.0.1 9505.com
    127.0.0.1 www.9505.com
    127.0.0.1 971searchbox.com
    127.0.0.1 www.971searchbox.com
    127.0.0.1 a.bestmanage.org
    127.0.0.1 aaasexypics.com
    127.0.0.1 aaawebfinder.com
    127.0.0.1 www.aaawebfinder.com
    127.0.0.1 aavc.com
    127.0.0.1 abc-find.info
    127.0.0.1 www.abc-find.info
    127.0.0.1 abetterinternet.com
    127.0.0.1 www.abetterinternet.com
    127.0.0.1 abnetsoft.info
    127.0.0.1 www.abnetsoft.info
    127.0.0.1 aboutclicker.com
    127.0.0.1 www.aboutclicker.com
    127.0.0.1 abrp.net
    127.0.0.1 www.abrp.net
    127.0.0.1 absolutee.com
    127.0.0.1 www.absolutee.com
    127.0.0.1 abyssmedia.com
    127.0.0.1 www.abyssmedia.com
    127.0.0.1 ac66.cn
    127.0.0.1 www.ac66.cn
    127.0.0.1 access.Navinetwork.com
    127.0.0.1 access.rapid-pass.net
    127.0.0.1 accessactivexvideo.com
    127.0.0.1 www.accessactivexvideo.com
    127.0.0.1 accessclips.com
    127.0.0.1 www.accessclips.com
    127.0.0.1 access-dvd.com
    127.0.0.1 www.access-dvd.com
    127.0.0.1 accesskeygenerator.com
    127.0.0.1 www.accesskeygenerator.com
    127.0.0.1 accessorygeeks.com
    127.0.0.1 www.accessorygeeks.com
    127.0.0.1 accessthefuture.net
    127.0.0.1 www.accessthefuture.net
    127.0.0.1 accessvid.net
    127.0.0.1 www.accessvid.net
    127.0.0.1 acemedic.com
    127.0.0.1 www.acemedic.com
    127.0.0.1 ace-webmaster.com
    127.0.0.1 www.ace-webmaster.com
    127.0.0.1 acjp.com
    127.0.0.1 acrobat-2007.com
    127.0.0.1 www.acrobat-2007.com
    127.0.0.1 acrobat-8.com
    127.0.0.1 www.acrobat-8.com
    127.0.0.1 acrobat-center.com
    127.0.0.1 www.acrobat-center.com
    127.0.0.1 acrobat-hq.com
    127.0.0.1 www.acrobat-hq.com
    127.0.0.1 acrobatreader-8.com
    127.0.0.1 www.acrobatreader-8.com
    127.0.0.1 acrobat-reader-8.de
    127.0.0.1 www.acrobat-reader-8.de
    127.0.0.1 acrobat-stop.com
    127.0.0.1 www.acrobat-stop.com
    127.0.0.1 actionbreastcancer.org
    127.0.0.1 www.actionbreastcancer.org
    127.0.0.1 activesearcher.info
    127.0.0.1 www.activesearcher.info
    127.0.0.1 activexaccessobject.com
    127.0.0.1 www.activexaccessobject.com
    127.0.0.1 activexaccessvideo.com
    127.0.0.1 www.activexaccessvideo.com
    127.0.0.1 activexemedia.com
    127.0.0.1 www.activexemedia.com
    127.0.0.1 activexmediaobject.com
    127.0.0.1 www.activexmediaobject.com
    127.0.0.1 activexmediapro.com
    127.0.0.1 www.activexmediapro.com
    127.0.0.1 activexmediasite.com
    127.0.0.1 www.activexmediasite.com
    127.0.0.1 activexmediasoftware.com
    127.0.0.1 www.activexmediasoftware.com
    127.0.0.1 activexmediasource.com
    127.0.0.1 www.activexmediasource.com
    127.0.0.1 activexmediatool.com
    127.0.0.1 www.activexmediatool.com
    127.0.0.1 activexmediatour.com
    127.0.0.1 www.activexmediatour.com
    127.0.0.1 activexsoftwares.com
    127.0.0.1 www.activexsoftwares.com
    127.0.0.1 activexsource.com
    127.0.0.1 www.activexsource.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexvideo.com
    127.0.0.1 www.activexvideo.com
    127.0.0.1 activexvideotool.com
    127.0.0.1 www.activexvideotool.com
    127.0.0.1 ad.marketingsector.com
    127.0.0.1 www.ad.marketingsector.com
    127.0.0.1 ad.mokead.com
    127.0.0.1 www.ad.mokead.com
    127.0.0.1 ad.yieldmanager.com
    127.0.0.1 www.ad.yieldmanager.com
    127.0.0.1 ad25.com
    127.0.0.1 ad45.com
    127.0.0.1 ad77.com
    127.0.0.1 ad86.com
    127.0.0.1 adamsupportgroup.org
    127.0.0.1 www.adamsupportgroup.org
    127.0.0.1 adarmor.com
    127.0.0.1 www.adarmor.com
    127.0.0.1 adasearch.com
    127.0.0.1 www.adasearch.com
    127.0.0.1 adaware.cc
    127.0.0.1 adawarenow.com
    127.0.0.1 www.adawarenow.com
    127.0.0.1 addictivetechnologies.com
    127.0.0.1 www.addictivetechnologies.com
    127.0.0.1 addictivetechnologies.net
    127.0.0.1 www.addictivetechnologies.net
    127.0.0.1 add-manager.com
    127.0.0.1 www.add-manager.com
    127.0.0.1 adgate.info
    127.0.0.1 www.adgate.info
    127.0.0.1 adipics.com
    127.0.0.1 www.adipics.com
    127.0.0.1 admin2cash.biz
    127.0.0.1 www.admin2cash.biz
    127.0.0.1 adnet-plus.com
    127.0.0.1 adobe-download-now.com
    127.0.0.1 adobe-downloads.com
    127.0.0.1 www.adobe-downloads.com
    127.0.0.1 adobe-reader-8.fr
    127.0.0.1 www.adobe-reader-8.fr
    127.0.0.1 adprotect.com
    127.0.0.1 www.adprotect.com
    127.0.0.1 ads.centralmedia.ws
    127.0.0.1 ads.k8l.info
    127.0.0.1 ads.kmpads.com
    127.0.0.1 ads.marketingsector.com
    127.0.0.1 ads.searchingbooth.com
    127.0.0.1 ads.z-quest.com
    127.0.0.1 ads183.com
    127.0.0.1 www.ads183.com
    127.0.0.1 adscontex.com
    127.0.0.1 www.adscontex.com
    127.0.0.1 adservices1.enhance.com
    127.0.0.1 www.adservices1.enhance.com
    127.0.0.1 adservs.com
    127.0.0.1 adsextend.net
    127.0.0.1 www.adsextend.net
    127.0.0.1 adshttp.com
    127.0.0.1 www.adshttp.com
    127.0.0.1 adsonwww.com
    127.0.0.1 www.adsonwww.com
    127.0.0.1 adspics.com
    127.0.0.1 www.adspics.com
    127.0.0.1 adtrak.net
    127.0.0.1 www.adtrak.net
    127.0.0.1 adtrgt.com
    127.0.0.1 adult777search.info
    127.0.0.1 www.adult777search.info
    127.0.0.1 adultan.com
    127.0.0.1 www.adultan.com
    127.0.0.1 adult-engine-search.com
    127.0.0.1 www.adult-engine-search.com
    127.0.0.1 adult-erotic-guide.net
    127.0.0.1 www.adult-erotic-guide.net
    127.0.0.1 adultfilmsite.com
    127.0.0.1 www.adultfilmsite.com
    127.0.0.1 adult-friends-finder.net
    127.0.0.1 www.adult-friends-finder.net
    127.0.0.1 adultgambling.org
    127.0.0.1 adult-host.org
    127.0.0.1 adulthyperlinks.com
    127.0.0.1 www.adulthyperlinks.com
    127.0.0.1 adultmovieplus.com
    127.0.0.1 www.adultmovieplus.com
    127.0.0.1 adult-personal.us
    127.0.0.1 adultsgames.net
    127.0.0.1 adultsper.com
    127.0.0.1 www.adultsper.com
    127.0.0.1 adulttds.com
    127.0.0.1 www.adulttds.com
    127.0.0.1 adultzoneworld.com
    127.0.0.1 www.adultzoneworld.com
    127.0.0.1 advcash.biz
    127.0.0.1 www.advcash.biz
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 advertisemoney.info
    127.0.0.1 www.advertisemoney.info
    127.0.0.1 advertising.paltalk.com
    127.0.0.1 advertising-money.info
    127.0.0.1 www.advertising-money.info
    127.0.0.1 ad-ware.cc
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 www.ad-w-a-r-e.com
    127.0.0.1 a-d-w-a-r-e.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 adwarebazooka.com
    127.0.0.1 www.adwarebazooka.com
    127.0.0.1 adwarefinder.com
    127.0.0.1 www.adwarefinder.com
    127.0.0.1 adwareprotectionsite.com
    127.0.0.1 www.adwareprotectionsite.com
    127.0.0.1 adwarepunisher.com
    127.0.0.1 www.adwarepunisher.com
    127.0.0.1 aflgate.com
    127.0.0.1 www.aflgate.com
    127.0.0.1 africaspromise.org
    127.0.0.1 agava.com
    127.0.0.1 agava.ru
    127.0.0.1 agentstudio.com
    127.0.0.1 aginegialle.it
    127.0.0.1 www.aginegialle.it
    127.0.0.1 www.aifind.info
    127.0.0.1 aifind.info
    127.0.0.1 airtleworld.com
    127.0.0.1 www.airtleworld.com
    127.0.0.1 aitalia.it
    127.0.0.1 www.aitalia.it
    127.0.0.1 akamai.downloadv3.com
    127.0.0.1 aklitalia.it
    127.0.0.1 www.aklitalia.it
    127.0.0.1 akril.com
    127.0.0.1 alcatel.ws
    127.0.0.1 alfacleaner.com
    127.0.0.1 www.alfacleaner.com
    127.0.0.1 alfa-search.com
    127.0.0.1 alialia.it
    127.0.0.1 www.alialia.it
    127.0.0.1 aliotalia.it
    127.0.0.1 www.aliotalia.it
    127.0.0.1 alirtalia.it
    127.0.0.1 www.alirtalia.it
    127.0.0.1 alitaia.it
    127.0.0.1 www.alitaia.it
    127.0.0.1 alitaklia.it
    127.0.0.1 www.alitaklia.it
    127.0.0.1 alitala.it
    127.0.0.1 www.alitala.it
    127.0.0.1 alitali.it
    127.0.0.1 www.alitali.it
    127.0.0.1 alitaliaq.it
    127.0.0.1 www.alitaliaq.it
    127.0.0.1 alitalias.it
    127.0.0.1 www.alitalias.it
    127.0.0.1 alitaliaz.it
    127.0.0.1 www.alitaliaz.it
    127.0.0.1 alitalioa.it
    127.0.0.1 www.alitalioa.it
    127.0.0.1 alitalisa.it
    127.0.0.1 www.alitalisa.it
    127.0.0.1 alitaliua.it
    127.0.0.1 www.alitaliua.it
    127.0.0.1 alitalkia.it
    127.0.0.1 www.alitalkia.it
    127.0.0.1 alitaloia.it
    127.0.0.1 www.alitaloia.it
    127.0.0.1 alitaluia.it
    127.0.0.1 www.alitaluia.it
    127.0.0.1 alitaslia.it
    127.0.0.1 www.alitaslia.it
    127.0.0.1 alitlia.it
    127.0.0.1 www.alitlia.it
    127.0.0.1 alitralia.it
    127.0.0.1 www.alitralia.it
    127.0.0.1 alitsalia.it
    127.0.0.1 www.alitsalia.it
    127.0.0.1 aliutalia.it
    127.0.0.1 www.aliutalia.it
    127.0.0.1 ALL1COUNT.NET
    127.0.0.1 www.ALL1COUNT.NET
    127.0.0.1 all4internet.com
    127.0.0.1 www.all4internet.com
    127.0.0.1 allabtcars.com
    127.0.0.1 allabtjeeps.com
    127.0.0.1 all-bittorrent.com
    127.0.0.1 www.all-bittorrent.com
    127.0.0.1 www.allcybersearch.com
    127.0.0.1 allcybersearch.com
    127.0.0.1 alldnserrors.com
    127.0.0.1 www.alldnserrors.com
    127.0.0.1 all-downloads-now.com
    127.0.0.1 www.all-downloads-now.com
    127.0.0.1 all-edonkey.com
    127.0.0.1 www.all-edonkey.com
    127.0.0.1 allforadult.com
    127.0.0.1 allhyperlinks.com
    127.0.0.1 alliesecurity.com
    127.0.0.1 www.alliesecurity.com
    127.0.0.1 all-inet.com
    127.0.0.1 allinternetbusiness.com
    127.0.0.1 all-limewire.com
    127.0.0.1 www.all-limewire.com
    127.0.0.1 allmegabucks.com
    127.0.0.1 www.allmegabucks.com
    127.0.0.1 allprotections.com
    127.0.0.1 www.allprotections.com
    127.0.0.1 allresultz.net
    127.0.0.1 www.allresultz.net
    127.0.0.1 allsecuritynotes.com
    127.0.0.1 www.allsecuritynotes.com
    127.0.0.1 allsecuritysite.com
    127.0.0.1 www.allsecuritysite.com
    127.0.0.1 allstarsvideos.net
    127.0.0.1 www.allstarsvideos.net
    127.0.0.1 alltruesoftware.com
    127.0.0.1 www.alltruesoftware.com
    127.0.0.1 allvideoactivex.com
    127.0.0.1 www.allvideoactivex.com
    127.0.0.1 almanah.biz
    127.0.0.1 www.almanah.biz
    127.0.0.1 almarvideos.com
    127.0.0.1 aloitalia.it
    127.0.0.1 www.aloitalia.it
    127.0.0.1 aluitalia.it
    127.0.0.1 www.aluitalia.it
    127.0.0.1 amaena.com
    127.0.0.1 www.amaena.com
    127.0.0.1 amandamountains.com
    127.0.0.1 amateurliveshow.com
    127.0.0.1 www.amateurliveshow.com
    127.0.0.1 amediasoftware.com
    127.0.0.1 www.amediasoftware.com
    127.0.0.1 amediasource.com
    127.0.0.1 www.amediasource.com
    127.0.0.1 americancarbargains.com
    127.0.0.1 www.americancarbargains.com
    127.0.0.1 american-teens.net
    127.0.0.1 amigeek.com
    127.0.0.1 amisbusiness.com
    127.0.0.1 ampmsearch.com
    127.0.0.1 www.ampmsearch.com
    127.0.0.1 analcord.com
    127.0.0.1 www.analcord.com
    127.0.0.1 analmovi.com
    127.0.0.1 anarchylolita.com
    127.0.0.1 www.anarchylolita.com
    127.0.0.1 anarchyporn.com
    127.0.0.1 andromedical.com
    127.0.0.1 www.andromedical.com
    127.0.0.1 animepornmag.com
    127.0.0.1 www.animepornmag.com
    127.0.0.1 anin.org
    127.0.0.1 anjpn-avxiz.biz
    127.0.0.1 www.anjpn-avxiz.biz
    127.0.0.1 anjpnzqav.biz
    127.0.0.1 www.anjpnzqav.biz
    127.0.0.1 anjpn-zqav.biz
    127.0.0.1 www.anjpn-zqav.biz
    127.0.0.1 annaromeo.com
    127.0.0.1 antiddos.us
    127.0.0.1 www.antiddos.us
    127.0.0.1 Antiespiadorado.com
    127.0.0.1 www.Antiespiadorado.com
    127.0.0.1 Antiespionspack.com
    127.0.0.1 www.Antiespionspack.com
    127.0.0.1 Antigusanos2008.com
    127.0.0.1 www.Antigusanos2008.com
    127.0.0.1 Antispionage.com
    127.0.0.1 www.Antispionage.com
    127.0.0.1 Antispionagepro.com
    127.0.0.1 www.Antispionagepro.com
    127.0.0.1 antispydns.biz
    127.0.0.1 www.antispydns.biz
    127.0.0.1 antispylab.com
    127.0.0.1 www.antispylab.com
    127.0.0.1 antispysolutions.com
    127.0.0.1 www.antispysolutions.com
    127.0.0.1 antispyware.com
    127.0.0.1 www.antispyware.com
    127.0.0.1 antispywarebot.com
    127.0.0.1 www.antispywarebot.com
    127.0.0.1 antispywarebox.com
    127.0.0.1 www.antispywarebox.com
    127.0.0.1 antispywaredownloads.com
    127.0.0.1 www.antispywaredownloads.com
    127.0.0.1 Antispywaresuite.com
    127.0.0.1 www.Antispywaresuite.com
    127.0.0.1 Antispyweb.net
    127.0.0.1 www.Antispyweb.net
    127.0.0.1 Antiver2008.com
    127.0.0.1 www.Antiver2008.com
    127.0.0.1 antivermins.com
    127.0.0.1 www.antivermins.com
    127.0.0.1 anti-vermins.com
    127.0.0.1 www.anti-vermins.com
    127.0.0.1 antivir2007.com
    127.0.0.1 www.antivir2007.com
    127.0.0.1 antivirgear.com
    127.0.0.1 www.antivirgear.com
    127.0.0.1 antivirus.fastfreedownload.com
    127.0.0.1 www.antivirus.fastfreedownload.com
    127.0.0.1 antivirusgolden.com
    127.0.0.1 www.antivirusgolden.com
    127.0.0.1 antivirus-hq.net
    127.0.0.1 www.antivirus-hq.net
    127.0.0.1 anti-virus-pro.com
    127.0.0.1 www.anti-virus-pro.com
    127.0.0.1 antivirusprotector.com
    127.0.0.1 www.antivirusprotector.com
    127.0.0.1 antivirussecuritypro.com
    127.0.0.1 www.antivirussecuritypro.com
    127.0.0.1 antivirus-stop.com
    127.0.0.1 www.antivirus-stop.com
    127.0.0.1 Antiworm2008.com
    127.0.0.1 www.Antiworm2008.com
    127.0.0.1 Antiwurm2008.com
    127.0.0.1 www.Antiwurm2008.com
    127.0.0.1 antrocity.com
    127.0.0.1 anyofus.com
    127.0.0.1 www.anyofus.com
    127.0.0.1 anysn.seproger.com
    127.0.0.1 www.anysn.seproger.com
    127.0.0.1 anything4health.com
    127.0.0.1 apicpreview.com
    127.0.0.1 www.apicpreview.com
    127.0.0.1 appealcircuit.com
    127.0.0.1 www.appealcircuit.com
    127.0.0.1 approvedlinks.com
    127.0.0.1 www.approvedlinks.com
    127.0.0.1 apps.deskwizz.com
    127.0.0.1 apps.webservicehost.com
    127.0.0.1 aprotectedpage.com
    127.0.0.1 www.aprotectedpage.com
    127.0.0.1 apsua.com
    127.0.0.1 archiviosex.net
    127.0.0.1 www.archiviosex.net
    127.0.0.1 aregay.com
    127.0.0.1 ares-freebie.com
    127.0.0.1 www.ares-freebie.com
    127.0.0.1 arespro2007.com
    127.0.0.1 www.arespro2007.com
    127.0.0.1 aresultra.com
    127.0.0.1 www.aresultra.com
    127.0.0.1 ares-usa.com
    127.0.0.1 www.ares-usa.com
    127.0.0.1 arheo.com
    127.0.0.1 arizonaweb.org
    127.0.0.1 armitageinn.com
    127.0.0.1 arquivojpgs.smtp.ru
    127.0.0.1 www.arquivojpgs.smtp.ru
    127.0.0.1 artachnid.com
    127.0.0.1 art-func.com
    127.0.0.1 art-xxx.com
    127.0.0.1 asafebrowser.com
    127.0.0.1 www.asafebrowser.com
    127.0.0.1 asafetynotice.com
    127.0.0.1 www.asafetynotice.com
    127.0.0.1 asafetypage.com
    127.0.0.1 www.asafetypage.com
    127.0.0.1 asdbiz.biz
    127.0.0.1 www.asdbiz.biz
    127.0.0.1 asdeykuddq.com
    127.0.0.1 www.asdeykuddq.com
    127.0.0.1 asecurebar.com
    127.0.0.1 www.asecurebar.com
    127.0.0.1 asecureboard.com
    127.0.0.1 www.asecureboard.com
    127.0.0.1 asecurevalue.com
    127.0.0.1 www.asecurevalue.com
    127.0.0.1 asecurityissue.com
    127.0.0.1 www.asecurityissue.com
    127.0.0.1 asecuritynotice.com
    127.0.0.1 www.asecuritynotice.com
    127.0.0.1 asecuritypaper.com
    127.0.0.1 www.asecuritypaper.com
    127.0.0.1 asecuritystuff.com
    127.0.0.1 www.asecuritystuff.com
    127.0.0.1 asiankingkong.com
    127.0.0.1 asianpornmag.com
    127.0.0.1 www.asianpornmag.com
    127.0.0.1 asiantoolbar.com
    127.0.0.1 www.asiantoolbar.com
    127.0.0.1 asidseiupc.com
    127.0.0.1 www.asidseiupc.com
    127.0.0.1 aslitalia.it
    127.0.0.1 www.aslitalia.it
    127.0.0.1 ass-gals.com
    127.0.0.1 assureprotection.com
    127.0.0.1 www.assureprotection.com
    127.0.0.1 asta-killer.com
    127.0.0.1 asupereva.it
    127.0.0.1 www.asupereva.it
    127.0.0.1 athenrye.com
    127.0.0.1 atotalsafety.com
    127.0.0.1 www.atotalsafety.com
    127.0.0.1 atrueprotection.com
    127.0.0.1 www.atrueprotection.com
    127.0.0.1 atruesecurity.com
    127.0.0.1 www.atruesecurity.com
    127.0.0.1 attackware.com
    127.0.0.1 www.attackware.com
    127.0.0.1 attrezzi.biz
    127.0.0.1 www.attrezzi.biz
    127.0.0.1 aulde.net
    127.0.0.1 www.aulde.net
    127.0.0.1 aupereva.it
    127.0.0.1 www.aupereva.it
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 www.autocontext.begun.ru
    127.0.0.1 autoescrowpay.com
    127.0.0.1 avast.free-software-center.com
    127.0.0.1 www.avast.free-software-center.com
    127.0.0.1 avast-2007.com
    127.0.0.1 www.avast-2007.com
    127.0.0.1 avast-downloads.com
    127.0.0.1 www.avast-downloads.com
    127.0.0.1 avast-hq.com
    127.0.0.1 www.avast-hq.com
    127.0.0.1 avforce.com
    127.0.0.1 www.avforce.com
    127.0.0.1 avg.grab-it-today.net
    127.0.0.1 www.avg.grab-it-today.net
    127.0.0.1 avg.softwarecenterz.com
    127.0.0.1 www.avg.softwarecenterz.com
    127.0.0.1 avg-secure.com
    127.0.0.1 www.avg-secure.com
    127.0.0.1 avian-ads.com
    127.0.0.1 avideoaxaccess.com
    127.0.0.1 www.avideoaxaccess.com
    127.0.0.1 avideosurfer.com
    127.0.0.1 www.avideosurfer.com
    127.0.0.1 aviewersoft.com
    127.0.0.1 www.aviewersoft.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avxizaaqada.biz
    127.0.0.1 www.avxizaaqada.biz
    127.0.0.1 avxiz-anjpn.biz
    127.0.0.1 www.avxiz-anjpn.biz
    127.0.0.1 avxizueorn.biz
    127.0.0.1 www.avxizueorn.biz
    127.0.0.1 avxiz-ueorn.biz
    127.0.0.1 www.avxiz-ueorn.biz
    127.0.0.1 avxiz-vtvcp.biz
    127.0.0.1 www.avxiz-vtvcp.biz
    127.0.0.1 avxiz-ygco.biz
    127.0.0.1 www.avxiz-ygco.biz
    127.0.0.1 avxiz-zqav.biz
    127.0.0.1 www.avxiz-zqav.biz
    127.0.0.1 awarninglist.com
    127.0.0.1 www.awarninglist.com
    127.0.0.1 awbeta.net-nucleus.com
    127.0.0.1 awesomehomepage.com
    127.0.0.1 www.awesomehomepage.com
    127.0.0.1 awmcash.biz
    127.0.0.1 awmdabest.com
    127.0.0.1 axemediasoftware.com
    127.0.0.1 www.axemediasoftware.com
    127.0.0.1 aximageobject.com
    127.0.0.1 www.aximageobject.com
    127.0.0.1 axmediaproject.com
    127.0.0.1 www.axmediaproject.com
    127.0.0.1 axmediasoftware.com
    127.0.0.1 www.axmediasoftware.com
    127.0.0.1 axmediasolutions.com
    127.0.0.1 www.axmediasolutions.com
    127.0.0.1 axobjectpage.com
    127.0.0.1 www.axobjectpage.com
    127.0.0.1 axobjectsource.com
    127.0.0.1 www.axobjectsource.com
    127.0.0.1 axsoftwaretool.com
    127.0.0.1 www.axsoftwaretool.com
    127.0.0.1 axvideoproject.com
    127.0.0.1 www.axvideoproject.com
    127.0.0.1 axvideosetup.com
    127.0.0.1 www.axvideosetup.com
    127.0.0.1 ayakawamura.com
    127.0.0.1 ayb.dns-look-up.com
    127.0.0.1 ayb.netbios-wait.com
    127.0.0.1 ayumitaniguchi.com
    127.0.0.1 azebar.com
    127.0.0.1 azureusclub.com
    127.0.0.1 www.azureusclub.com
    127.0.0.1 azureus-freebie.com
    127.0.0.1 www.azureus-freebie.com
    127.0.0.1 azzetta.it
    127.0.0.1 www.azzetta.it
    127.0.0.1 b.casalemedia.com
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babenet.com
    127.0.0.1 www.babenet.com
    127.0.0.1 babespornmag.com
    127.0.0.1 www.babespornmag.com
    127.0.0.1 babeweb.de
    127.0.0.1 www.babeweb.de
    127.0.0.1 baccarat-other.info
    127.0.0.1 www.baccarat-other.info
    127.0.0.1 Backstripgirls.com
    127.0.0.1 www.Backstripgirls.com
    127.0.0.1 backup.mabou.org
    127.0.0.1 balotierra.com
    127.0.0.1 www.balotierra.com
    127.0.0.1 bannedhost.net
    127.0.0.1 barbudafarms.com
    127.0.0.1 bardownload.com
    127.0.0.1 www.bardownload.com
    127.0.0.1 barnandfence.com
    127.0.0.1 batsearch.com
    127.0.0.1 baygraphicsllc.com
    127.0.0.1 bbbsearch.com
    127.0.0.1 bb-search.com
    127.0.0.1 bdsmlibrary.net
    127.0.0.1 bdsmpornmag.com
    127.0.0.1 www.bdsmpornmag.com
    127.0.0.1 bearshare.download-me.info
    127.0.0.1 www.bearshare.download-me.info
    127.0.0.1 bearshare.mp3-muzic.com
    127.0.0.1 www.bearshare.mp3-muzic.com
    127.0.0.1 bearshare-download.org
    127.0.0.1 www.bearshare-download.org
    127.0.0.1 bearshare-downloads.net
    127.0.0.1 www.bearshare-downloads.net
    127.0.0.1 bearsharelive.co.uk
    127.0.0.1 www.bearsharelive.co.uk
    127.0.0.1 bearshare-music-downloads.com
    127.0.0.1 www.bearshare-music-downloads.com
    127.0.0.1 bearsharepro2007.com
    127.0.0.1 www.bearsharepro2007.com
    127.0.0.1 bearshare-usa.com
    127.0.0.1 www.bearshare-usa.com
    127.0.0.1 bedhome.com
    127.0.0.1 bediadance.com
    127.0.0.1 beebappyy.biz
    127.0.0.1 www.beebappyy.biz
    127.0.0.1 begin2search.com
    127.0.0.1 www.begin2search.com
    127.0.0.1 bellabasketsfl.com
    127.0.0.1 bernaolatwin.com
    127.0.0.1 best-counter.com
    127.0.0.1 bestcrawler.com
    127.0.0.1 bestfor.ru
    127.0.0.1 best-hardpics.com
    127.0.0.1 bestmanage.org
    127.0.0.1 www.bestmanage.org
    127.0.0.1 bestmanage0.org
    127.0.0.1 www.bestmanage0.org
    127.0.0.1 bestmanage1.org
    127.0.0.1 www.bestmanage1.org
    127.0.0.1 bestmanage2.org
    127.0.0.1 www.bestmanage2.org
    127.0.0.1 bestmanage3.org
    127.0.0.1 www.bestmanage3.org
    127.0.0.1 bestmanage4.org
    127.0.0.1 www.bestmanage4.org
    127.0.0.1 bestmanage5.org
    127.0.0.1 www.bestmanage5.org
    127.0.0.1 bestmanage6.org
    127.0.0.1 www.bestmanage6.org
    127.0.0.1 bestmanage7.org
    127.0.0.1 www.bestmanage7.org
    127.0.0.1 bestmanage8.org
    127.0.0.1 www.bestmanage8.org
    127.0.0.1 bestmanage9.org
    127.0.0.1 www.bestmanage9.org
    127.0.0.1 bestporngate.com
    127.0.0.1 bestsafetyguide.net
    127.0.0.1 www.bestsafetyguide.net
    127.0.0.1 best-spyware.info
    127.0.0.1 www.best-spyware.info
    127.0.0.1 best-targeted-traffic.com
    127.0.0.1 www.best-targeted-traffic.com
    127.0.0.1 best-voyeur.info
    127.0.0.1 www.best-voyeur.info
    127.0.0.1 bestweblinks.com
    127.0.0.1 best-winning-casino.com
    127.0.0.1 bestworldgirls-for-u.net
    127.0.0.1 www.bestworldgirls-for-u.net
    127.0.0.1 bestxporno.com
    127.0.0.1 bettersearch.biz
    127.0.0.1 www.bettersearch.biz
    127.0.0.1 bgazzetta.it
    127.0.0.1 www.bgazzetta.it
    127.0.0.1 bgoogle.it
    127.0.0.1 www.bgoogle.it
    127.0.0.1 bigtrafficnetwork.com
    127.0.0.1 www.bigtrafficnetwork.com
    127.0.0.1 bigwww.com
    127.0.0.1 www.bigwww.com
    127.0.0.1 bin.errorprotector.com
    127.0.0.1 bins.media-motor.net
    127.0.0.1 bins2.media-motor.net
    127.0.0.1 bis.180solutions.com
    127.0.0.1 bitchesonline.net
    127.0.0.1 bitcomet-freebie.com
    127.0.0.1 www.bitcomet-freebie.com
    127.0.0.1 biz.biz
    127.0.0.1 blackblues00.com
    127.0.0.1 www.blackblues00.com
    127.0.0.1 blackhats.tc
    127.0.0.1 www.blackhats.tc
    127.0.0.1 blackhawksoftware.com
    127.0.0.1 www.blackhawksoftware.com
    127.0.0.1 blackjack-free.net
    127.0.0.1 blazefind.com
    127.0.0.1 blender.xu.pl
    127.0.0.1 blondetgp.com
    127.0.0.1 blue-elefant.com
    127.0.0.1 www.blue-elefant.com
    127.0.0.1 bm.theaimonline.com
    127.0.0.1 www.bm.theaimonline.com
    127.0.0.1 bnmgate.com
    127.0.0.1 www.bnmgate.com
    127.0.0.1 bodaciousbabette.com
    127.0.0.1 bonzi.com
    127.0.0.1 www.bonzi.com
    127.0.0.1 boobdoll.com
    127.0.0.1 boobsandtits.com
    127.0.0.1 boobsclub.com
    127.0.0.1 bookedspace.com
    127.0.0.1 www.bookedspace.com
    127.0.0.1 boom.com.vn
    127.0.0.1 www.boom.com.vn
    127.0.0.1 boredlife.com
    127.0.0.1 bowlofogumbo.com
    127.0.0.1 bpfq02.com
    127.0.0.1 www.bpfq02.com
    127.0.0.1 bqgate.com
    127.0.0.1 www.bqgate.com
    127.0.0.1 br.errorsafe.com
    127.0.0.1 br.winantivirus.com
    127.0.0.1 br.winfixer.com
    127.0.0.1 bradcoem.org
    127.0.0.1 braincodec.com
    127.0.0.1 www.braincodec.com
    127.0.0.1 brandiyoung.com
    127.0.0.1 bravesentry.com
    127.0.0.1 www.bravesentry.com
    127.0.0.1 breenten.biz
    127.0.0.1 www.breenten.biz
    127.0.0.1 brodbfm.net
    127.0.0.1 www.brodbfm.net
    127.0.0.1 brookeburn.com
    127.0.0.1 browserwise.com
    127.0.0.1 www.browserwise.com
    127.0.0.1 bucps.com
    127.0.0.1 buhartes.info
    127.0.0.1 buldog-stats.com
    127.0.0.1 bullseye-network.com
    127.0.0.1 www.bullseye-network.com
    127.0.0.1 burgerkingbigscreen.com
    127.0.0.1 burnsrecyclinginc.com
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 buscards.net
    127.0.0.1 bustyrussell.com
    127.0.0.1 busysearch.net
    127.0.0.1 www.busysearch.net
    127.0.0.1 buttejazz.org
    127.0.0.1 buy-find.info
    127.0.0.1 www.buy-find.info
    127.0.0.1 buyselldomain.net
    127.0.0.1 buytraff.biz
    127.0.0.1 www.buytraff.biz
    127.0.0.1 buz.ru
    127.0.0.1 bvirgilio.it
    127.0.0.1 www.bvirgilio.it
    127.0.0.1 c.centralmedia.ws
    127.0.0.1 c.enhance.com
    127.0.0.1 www.c.enhance.com
    127.0.0.1 c.goclick.com
    127.0.0.1 c4tdownload.com
    127.0.0.1 www.c4tdownload.com
    127.0.0.1 c5.www4free.info
    127.0.0.1 www.c5.www4free.info
    127.0.0.1 cache.surfaccuracy.com
    127.0.0.1 www.cache.surfaccuracy.com

    Heel veel andere sites waarvan ik nog nooit gehoord heb.


    127.0.0.1 www.zsvcompany.com
    127.0.0.1 bcnproduction.com
    127.0.0.1 www.bcnproduction.com

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ===============================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:06:40, on 10-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Tom\Bureaublad\HijackThis.exe
    C:\Program Files\MSN Messenger\usnsvc.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\Tom\LOCALS~1\Temp\20071110145544_mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0095A64.dat
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 8928 bytes

  • Download en unzip HostsXpert naar een eigen map,
    bijvoorbeeld C:\HostsXpert.

    Start [b:4b9496b882]HostsXpert.exe [/b:4b9496b882]

    klik [b:4b9496b882]"restore microsoft's hosts files"[/b:4b9496b882]

    Sluit daarna het programma af.
  • Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:27989c8bde]RVAXO.cmd[/b:27989c8bde]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:27989c8bde]Mogelijk[/b:27989c8bde] start er ook een uninstaller van een rogue scanner op, [b:27989c8bde]sluit deze niet af[/b:27989c8bde] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:27989c8bde]RVAXO-results.log[/b:27989c8bde]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstarte je PC niet?

    Laat [b:27989c8bde]RVAXO[/b:27989c8bde] nog een keer lopen en post dan het nieuwe logje: [b:27989c8bde]C:\rvaxo-results.log [/b:27989c8bde]
  • —————-RVAXO.exe first run————-

    Files found:

    C:\WINDOWS\system32\__c0077ED0.dat
    C:\WINDOWS\system32\__c0095A64.dat
    C:\WINDOWS\system32\ststv.bak1
    C:\WINDOWS\system32\ststv.bak2

    Uninstallers Rogue scanners:


    Folders Found:


    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————

    Files found:

    C:\WINDOWS\system32\__c0095A64.dat
    Folders Found:

    ————–RVAXO.exe finished—————-

    ===============================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:55:10, on 10-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\vsnpstd2.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32
    otepad.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Tom\Bureaublad\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0095A64.dat
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 8872 bytes


  • Download [b:9ffe3673a7].
    [list:9ffe3673a7][*:9ffe3673a7]Scroll omlaag naar : "[i:9ffe3673a7]Java Runtime Environment (JRE) 6u3[/i:9ffe3673a7]".
    [*:9ffe3673a7]Klik op de "[b:9ffe3673a7]Download[/b:9ffe3673a7]" knop aan de rechterkant.
    [*:9ffe3673a7]Vink aan: "[b:9ffe3673a7][i:9ffe3673a7]Accept[/b:9ffe3673a7] License Agreement[/i:9ffe3673a7]".
    [*:9ffe3673a7]De pagina zal herladen.
    [*:9ffe3673a7]Klik op de link om [i:9ffe3673a7]Windows [b:9ffe3673a7]Offline[/b:9ffe3673a7] Installation[/i:9ffe3673a7] te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
    [*:9ffe3673a7]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    [*:9ffe3673a7]Ga dan naar [b:9ffe3673a7]Start[/b:9ffe3673a7] > [b:9ffe3673a7]Configuratiescherm[/b:9ffe3673a7] > [b:9ffe3673a7]Software[/b:9ffe3673a7] en verwijder alle oudere versies van Java uit de Softwarelijst.
    [*:9ffe3673a7]Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    [*:9ffe3673a7]Klik dan op [b:9ffe3673a7]Verwijderen[/b:9ffe3673a7] of op de [b:9ffe3673a7]Wijzig/Verwijder[/b:9ffe3673a7] knop.
    [*:9ffe3673a7]Herhaal dit tot alle oudere versies verdwenen zijn.
    [*:9ffe3673a7]Na het verwijderen van alle oudere versies, [b:9ffe3673a7]herstart[/b:9ffe3673a7] je pc.
    [*:9ffe3673a7]Dubbelklik vervolgens op [b:9ffe3673a7]jre-6u3-windows-i586-p.exe[/b:9ffe3673a7] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:9ffe3673a7]


    run nogmaals de smitfraud fix aub.
  • SmitFraudFix v2.252

    Scan done at 16:25:45,73, zo 11-11-2007
    Run from C:\Documents and Settings\Tom\Bureaublad\SmitfraudFix
    OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{17826AAD-4D3D-4783-B016-123D90C086A6}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ===============================================

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:38:54, on 11-11-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\acwsquff.exe
    C:\WINDOWS\System32\GEARSec.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Tom\Bureaublad\Anti; Spywar-bot-virus-hijack\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [4c4e889c] rundll32.exe "C:\WINDOWS\system32\plmafjch.dll",b
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0088374.dat
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\acwsquff.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 9107 bytes

    Ik moet toegeven dat het nu een beetje begint te duizelen ;d

  • Tja,

    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:8b42361e50]
    O4 - HKLM\..\Run: [4c4e889c] rundll32.exe "C:\WINDOWS\system32\plmafjch.dll",b
    O23 - Service: DomainService - - C:\WINDOWS\system32\acwsquff.exe
    [/b:8b42361e50]
    Klik op 'Fix checked' om de items te verwijderen.

    Download [b:8b42361e50] naar je Bureaublad.[list:8b42361e50]
    Dubbelklik op [b:8b42361e50]Combofix.exe[/b:8b42361e50]
    Volg de instructies, aanvaard de disclaimer door [b:8b42361e50]1[/b:8b42361e50] (continue) te typen gevolgd door [b:8b42361e50]ENTER[/b:8b42361e50].
    Tijdens het runnen van de fix, [b:8b42361e50]NIET[/b:8b42361e50] in het venster klikken, want dit zal je pc doen vasthangen.[/list:u:8b42361e50]
    Wanneer de fix voltooid is en na herstart, zal de log [b:8b42361e50]combofix.txt[/b:8b42361e50] openen.
    [i:8b42361e50]Plaats deze log in je volgende post samen met een nieuw HijackThis log.[/i:8b42361e50]

    OPMERKING: Indien je virusscanner reageert tijdens het downloaden of gebruik van Combofix, mag je dit negeren.
  • Ik heb de 2 hijack files verwijderd
    toen combifix laten runnen.
    Dit stuite op een fout en nu doet mijn hele pc het niet meer goed.

    Firefox is getransformeerd in internet explorer. en ik krijg constant deze melding.

    Ook is er een zipfile in mijn desktop ontstaat, als je deze opent zit het file dat in het schermpje staat erin.
    Verder heb ik de pc meerdere malen herstart als mede combifix maar deze runt niet meer door dat het scherm zich blijft herhalen.

    [img:c197496145]http://img252.imageshack.us/img252/2338/ehoket7.jpg[/img:c197496145]
  • Ga naar Start > Uitvoeren en typ of kopieer de vetgedrukte tekst [b:31f2632933]sfc /scannow[/b:31f2632933] in het opdrachtschermpje (Let op de spatie)

    Je computer wordt nu gescant op fouten.

    Als hij vraagt naar de CD van XP Professional en je hebt XP Home; gewoon de CD erin stoppen.


    Verwijder ComboFix via Start > Uitvoeren, kopiëer en plak [b:31f2632933]Combofix /U[/b:31f2632933], kies optie [b:31f2632933]2[/b:31f2632933] en Enter.

    plaats een nieuw HJT logje aub.
  • Het sfc /scannow doet het prima totdat de windows schijf word gevraagd, wanneer ik deze erin doe, zegt scannow dat het de verkeerde windows schijf is.
    Dit snap ik niet omdat het de bijgeleverde schijf is.

    edit: ik heb hierna de schijf zelf geopend en er word gezegd dat de schijf een verouderde versie van windows xp is. en die op mijn systeem een nieuwere.

    maargoed dat lost het probleem dus nogsteeds niet op.
  • Download [b:836743f7a1]VirtumundoBegone[/b:836743f7a1], sla dit op op je bureaublad.
    Dubbelklik op [b:836743f7a1]VirtumundoBeGone.exe[/b:836743f7a1] en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.

    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand [b:836743f7a1]VBG.TXT[/b:836743f7a1], dat nu op je bureaublad staat, hier in je volgende bericht.
  • [11/13/2007, 20:32:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Tom\Bureaublad\VirtumundoBeGone.exe" )
    [11/13/2007, 20:32:43] - Detected System Information:
    [11/13/2007, 20:32:43] - Windows Version: 5.1.2600, Service Pack 2
    [11/13/2007, 20:32:43] - Current Username: Tom (Admin)
    [11/13/2007, 20:32:43] - Windows is in NORMAL mode.
    [11/13/2007, 20:32:43] - Searching for Browser Helper Objects:
    [11/13/2007, 20:32:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
    [11/13/2007, 20:32:43] - BHO 2: {21B1F061-06DD-4CAF-8240-CAF56A107FFB} ()
    [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 20:32:43] - Checking for HKLM\…\Winlogon\Notify\vtsts
    [11/13/2007, 20:32:43] - Key not found: HKLM\…\Winlogon\Notify\vtsts, continuing.
    [11/13/2007, 20:32:43] - BHO 3: {2699569F-6E24-4A7E-BBD6-EC9E86AFC955} ()
    [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 20:32:43] - No filename found. Continuing.
    [11/13/2007, 20:32:43] - BHO 4: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
    [11/13/2007, 20:32:43] - BHO 5: {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} (McAfee AntiPhishing Filter)
    [11/13/2007, 20:32:43] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
    [11/13/2007, 20:32:43] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/13/2007, 20:32:43] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 20:32:43] - No filename found. Continuing.
    [11/13/2007, 20:32:43] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [11/13/2007, 20:32:43] - BHO 10: {98763111-C2B9-4DAA-8D51-E389DF0E1BF7} ()
    [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 20:32:43] - No filename found. Continuing.
    [11/13/2007, 20:32:43] - BHO 11: {B98D1B49-7809-4137-A192-47868A42EBEF} ()
    [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 20:32:43] - No filename found. Continuing.
    [11/13/2007, 20:32:43] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [11/13/2007, 20:32:43] - BHO 13: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
    [11/13/2007, 20:32:43] - BHO 14: {fde32fe6-4082-449a-af91-eaac02c17531} ()
    [11/13/2007, 20:32:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/13/2007, 20:32:43] - Checking for HKLM\…\Winlogon\Notify\vlabkcwd
    [11/13/2007, 20:32:43] - Key not found: HKLM\…\Winlogon\Notify\vlabkcwd, continuing.
    [11/13/2007, 20:32:43] - Finished Searching Browser Helper Objects
    [11/13/2007, 20:32:43] - Finishing up…
    [11/13/2007, 20:32:43] - Nothing found! Exiting…
  • Dit lost het probleem dus nogsteeds niet op.
    Ik vind het heel goed dat er aandacht aan word besteed, maar het probleem is eigenlijk alleen nog maar erger geworden.

    met vriendelijk groet,
  • Ja en dat is niet gewoon want dat kunnen de tools niet veroorzaken.



    Download:
    Sla het bestand op je bureaublad op, daarna mag je het dubbelklikken.
    Je kunt het programma laten uitpakken naar je bureaublad.
    Open nu de map RVAXO op je bureaublad en dubbelklik [b:001c61b130]RVAXO.cmd[/b:001c61b130]
    Er zal een schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    [b:001c61b130]Mogelijk[/b:001c61b130] start er ook een uninstaller van een rogue scanner op, [b:001c61b130]sluit deze niet af[/b:001c61b130] maar volg eventuele aanwijzingen en laat deze zijn werk doen.
    Daarna zal je PC herstarten, na de herstart opent het venster van RVAXO opnieuw.
    Laat deze lopen en wacht tot er een logfile opent.
    Deze is eventueel ook hier te vinden: C:\[b:001c61b130]RVAXO-results.log[/b:001c61b130]
    Post de inhoud in je volgende bericht tesamen met een nieuw logje van HijackThis.

    Herstarte je PC niet?

    Laat [b:001c61b130]RVAXO[/b:001c61b130] nog een keer lopen en post dan het nieuwe logje: [b:001c61b130]C:\rvaxo-results.log [/b:001c61b130]
  • Ha! het 'ongeldig beeld' scherm is er niet meer!
    Hartstikke bedankt!

    —————-RVAXO.exe first run————-

    Files found:

    C:\WINDOWS\system32\__c0077ED0.dat
    C:\WINDOWS\system32\__c0095A64.dat
    C:\WINDOWS\system32\ststv.bak1
    C:\WINDOWS\system32\ststv.bak2

    Uninstallers Rogue scanners:


    Folders Found:


    Hosts-file was reset, If you use a custom hosts file please replace it…

    ————–RVAXO.exe last run—————

    Files found:

    Folders Found:

    ————–RVAXO.exe finished—————-
  • Nieuw HJT logje aub .
  • Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:24, on 2007-11-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\a-TimeSync\TimeSync.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Tom\Bureaublad\Anti; Spywar-bot-virus-hijack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3061001
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2699569F-6E24-4A7E-BBD6-EC9E86AFC955} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {98763111-C2B9-4DAA-8D51-E389DF0E1BF7} - (no file)
    O2 - BHO: (no name) - {B98D1B49-7809-4137-A192-47868A42EBEF} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (file missing)
    O2 - BHO: {13571c20-caae-19fa-a944-28046ef23edf} - {fde32fe6-4082-449a-af91-eaac02c17531} - C:\WINDOWS\system32\vlabkcwd.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Atomic Time Synchronizer] "C:\Program Files\a-TimeSync\TimeSync.exe" /auto
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: byxxwxx - byxxwxx.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
    vsvc32.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe


    End of file - 10980 bytes

    Merci

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.