Mededeling

Collapse
No announcement yet.

advertenies in advertenties

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • advertenies in advertenties

    hello

    Logfile of HijackThis v1.99.1
    Scan saved at 18:55:55, on 18/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Gerd\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis1991.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hanglos.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    ik heb de laatste tijd enorm veel last van advertenties maar op een heel speciale manier in advertenties van site op foto en zelf bij filmpjes komen steeds dezelfde popups in die vensters voor en als je juist te laat op een foto of filmpje klikt en dit springt erop dan wordt je door verwezen naar die irritante sites waar je virus scans kunt doen je kent ze wel de spammers die spam gaan verwijderen ik heb mezelf al suf gezocht achter het bestandje die dit veroorzaakt maar vind niks en aan de hand van een hijackje log kan ik niet vinden omdat ik hier simpel weg niks van versta ook staan er 3 bestande exe op het bureau blad die ik nie weg krijg

    grtz michael

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RVAXO.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.


    Download Combofix naar je Bureaublad.
    Dubbelklik op Combofix.exe
    Kies voor "Continue" door 1 te typen gevolgd door ENTER.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post.

    NOTA: Indien je virusscanner reageert met een melding van een scriptuitvoering, mag je dit negeren.

    Comment


    • #3
      vgb


      [12/18/2007, 19:35:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Gerd\Local Settings\Temporary Internet Files\Content.IE5\2UO0NYIS\VirtumundoBeGone[1].exe" )
      [12/18/2007, 19:35:11] - Detected System Information:
      [12/18/2007, 19:35:11] - Windows Version: 5.1.2600, Service Pack 2
      [12/18/2007, 19:35:11] - Current Username: Gerd (Admin)
      [12/18/2007, 19:35:11] - Windows is in NORMAL mode.
      [12/18/2007, 19:35:11] - Searching for Browser Helper Objects:
      [12/18/2007, 19:35:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [12/18/2007, 19:35:11] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [12/18/2007, 19:35:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/18/2007, 19:35:11] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [12/18/2007, 19:35:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:11] - No filename found. Continuing.
      [12/18/2007, 19:35:11] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [12/18/2007, 19:35:11] - BHO 6: {EEFBDA0D-A3C7-419F-9F28-927C1FEB1D1D} ()
      [12/18/2007, 19:35:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:12] - Checking for HKLM\...\Winlogon\Notify\awvvw
      [12/18/2007, 19:35:12] - Key not found: HKLM\...\Winlogon\Notify\awvvw, continuing.
      [12/18/2007, 19:35:12] - BHO 7: {FED51DF2-9644-4C58-9104-90244EDD6EEC} ()
      [12/18/2007, 19:35:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:12] - Checking for HKLM\...\Winlogon\Notify\qomjgfc
      [12/18/2007, 19:35:12] - Found: HKLM\...\Winlogon\Notify\qomjgfc - This is probably Virtumundo.
      [12/18/2007, 19:35:12] - Assigning {FED51DF2-9644-4C58-9104-90244EDD6EEC} MSEvents Object
      [12/18/2007, 19:35:12] - BHO list has been changed! Starting over...
      [12/18/2007, 19:35:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [12/18/2007, 19:35:12] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [12/18/2007, 19:35:12] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/18/2007, 19:35:12] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [12/18/2007, 19:35:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:12] - No filename found. Continuing.
      [12/18/2007, 19:35:12] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [12/18/2007, 19:35:12] - BHO 6: {EEFBDA0D-A3C7-419F-9F28-927C1FEB1D1D} ()
      [12/18/2007, 19:35:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:12] - Checking for HKLM\...\Winlogon\Notify\awvvw
      [12/18/2007, 19:35:13] - Key not found: HKLM\...\Winlogon\Notify\awvvw, continuing.
      [12/18/2007, 19:35:13] - BHO 7: {FED51DF2-9644-4C58-9104-90244EDD6EEC} (MSEvents Object)
      [12/18/2007, 19:35:13] - ALERT: Found MSEvents Object!
      [12/18/2007, 19:35:13] - Finished Searching Browser Helper Objects
      [12/18/2007, 19:35:13] - *** Detected MSEvents Object
      [12/18/2007, 19:35:13] - Trying to remove MSEvents Object...
      [12/18/2007, 19:35:14] - Terminating Process: IEXPLORE.EXE
      [12/18/2007, 19:35:14] - Terminating Process: RUNDLL32.EXE
      [12/18/2007, 19:35:14] - Disabling Automatic Shell Restart
      [12/18/2007, 19:35:15] - Terminating Process: EXPLORER.EXE
      [12/18/2007, 19:35:15] - Suspending the NT Session Manager System Service
      [12/18/2007, 19:35:15] - Terminating Windows NT Logon/Logoff Manager
      [12/18/2007, 19:35:15] - Re-enabling Automatic Shell Restart
      [12/18/2007, 19:35:15] - File to disable: C:\WINDOWS\system32\qomjgfc.dll
      [12/18/2007, 19:35:15] - Renaming C:\WINDOWS\system32\qomjgfc.dll -> C:\WINDOWS\system32\qomjgfc.dll.vir
      [12/18/2007, 19:35:15] - ! File rename was unsucessful.
      [12/18/2007, 19:35:15] - Attempting to Deny Access to C:\WINDOWS\system32\qomjgfc.dll
      [12/18/2007, 19:35:15] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
      [12/18/2007, 19:35:15] - ERROR: Er is geen toewijzing uitgevoerd tussen accountnamen en beveiligings-ID's.

      [12/18/2007, 19:35:15] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
      [12/18/2007, 19:35:15] - Removing HKLM\...\Browser Helper Objects\{FED51DF2-9644-4C58-9104-90244EDD6EEC}
      [12/18/2007, 19:35:15] - Removing HKCR\CLSID\{FED51DF2-9644-4C58-9104-90244EDD6EEC}
      [12/18/2007, 19:35:15] - Adding Kill Bit for ActiveX for GUID: {FED51DF2-9644-4C58-9104-90244EDD6EEC}
      [12/18/2007, 19:35:15] - Deleting ATLEvents/MSEvents Registry entries
      [12/18/2007, 19:35:15] - Removing HKLM\...\Winlogon\Notify\qomjgfc
      [12/18/2007, 19:35:15] - Searching for Browser Helper Objects:
      [12/18/2007, 19:35:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
      [12/18/2007, 19:35:15] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
      [12/18/2007, 19:35:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [12/18/2007, 19:35:15] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
      [12/18/2007, 19:35:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:15] - No filename found. Continuing.
      [12/18/2007, 19:35:15] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [12/18/2007, 19:35:15] - BHO 6: {EEFBDA0D-A3C7-419F-9F28-927C1FEB1D1D} ()
      [12/18/2007, 19:35:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [12/18/2007, 19:35:15] - Checking for HKLM\...\Winlogon\Notify\awvvw
      [12/18/2007, 19:35:15] - Key not found: HKLM\...\Winlogon\Notify\awvvw, continuing.
      [12/18/2007, 19:35:15] - Finished Searching Browser Helper Objects
      [12/18/2007, 19:35:15] - Finishing up...
      [12/18/2007, 19:35:15] - A restart is needed.
      [12/18/2007, 19:35:22] - Attempting to Restart via STOP error (Blue Screen!)



      rvaxo

      ----------------RVAXO.exe first run-------------

      Files found:

      C:\WINDOWS\system32\qomjgfc.dll.vir
      C:\WINDOWS\system32\wvvwa.bak1
      C:\WINDOWS\system32\wvvwa.bak2
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\actskn45.ocx
      C:\Documents and Settings\Gerd\FAVORI~1\Online Security Test.url

      Uninstallers Rogue scanners:


      Folders Found:

      C:\Program Files\advantage

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------

      Files found:

      Folders Found:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        het laatste programma wekt niet juist achter het blauw sherm sluit het gewoon af en komt er geen log

        Comment


        • #5
          Download Deckard's System Scanner naar je Bureaublad.
          • Sluit alle toepassingen en vensters.
          • Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
          • Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
          • Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.
          Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
          - zorg dat sigcheck.exe toestemming krijgt om dit te doen !
          Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
          Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

          Comment


          • #6
            Deckard's System Scanner v20071014.68
            Run by Gerd on 2007-12-18 20:46:59
            Computer is in Normal Mode.
            --------------------------------------------------------------------------------

            -- System Restore --------------------------------------------------------------

            Successfully created a Deckard's System Scanner Restore Point.


            -- Last 5 Restore Point(s) --
            20: 2007-12-18 19:47:02 UTC - RP112 - Deckard's System Scanner Restore Point
            19: 2007-12-18 18:49:57 UTC - RP111 - ComboFix created restore point
            18: 2007-12-18 15:40:04 UTC - RP110 - Controlepunt van systeem
            17: 2007-12-17 11:12:39 UTC - RP109 - Software Distribution Service 3.0
            16: 2007-12-16 13:02:38 UTC - RP108 - inorde (virus killed)


            -- First Restore Point --
            1: 2007-12-16 12:58:13 UTC - RP93 - Controlepunt van systeem


            Backed up registry hives.
            Performed disk cleanup.

            System Drive C: has 1.85 GiB (less than 15%) free.


            -- HijackThis Clone ------------------------------------------------------------


            Emulating logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 2007-12-18 20:48:29
            Platform: Windows XP Service Pack 2 (5.01.2600)
            MSIE: Internet Explorer (7.00.6000.16574)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\system32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\explorer.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
            C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\iPod\bin\iPodService.exe
            C:\Program Files\MSN Messenger\usnsvc.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Documents and Settings\Gerd\Local Settings\Temporary Internet Files\Content.IE5\KKQYQOTJ\dss[1].exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hanglos.nl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
            O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
            O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
            O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
            O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O15 - Trusted Zone: http://www.msi.com.tw (HKCU)
            O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} () - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
            O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
            O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
            O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
            O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
            O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
            O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
            O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
            O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
            O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
            O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


            --
            End of file - 7493 bytes

            -- File Associations -----------------------------------------------------------

            All associations okay.


            -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

            R1 VFILT (BullGuard Firewall Kernel Driver) - c:\program files\bullguard software\bullguard\fwengine\filtnt.sys <Not Verified; Agnitum Ltd.; Virtual Firewall>

            S3 ADBLOCK.DLL (BullGuard Firewall Adware Plugin) - c:\program files\bullguard software\bullguard\fwengine\adblock.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
            S3 catchme - c:\docume~1\gerd\locals~1\temp\catchme.sys (file missing)
            S3 HTMLFILT.DLL (BullGuard Firewall HTML Plugin) - c:\program files\bullguard software\bullguard\fwengine\htmlfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
            S3 HTTPFILT.DLL (BullGuard Firewall HTTP Plugin) - c:\program files\bullguard software\bullguard\fwengine\httpfilt.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>
            S3 PROTECT.DLL (BullGuard Firewall Protection Plugin) - c:\program files\bullguard software\bullguard\fwengine\protect.dll <Not Verified; Agnitum Ltd.; Outpost Firewall>


            -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

            R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


            -- Device Manager: Disabled ----------------------------------------------------

            No disabled devices found.


            -- Scheduled Tasks -------------------------------------------------------------

            2007-12-14 17:46:11 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


            -- Files created between 2007-11-18 and 2007-12-18 -----------------------------

            2007-12-18 19:42:53 0 d-------- C:\RVAXO
            2007-12-18 19:42:50 546609 --a------ C:\WINDOWS\system32\RVAXO.bat
            2007-12-18 19:42:50 69632 --a------ C:\WINDOWS\system32\remove.exe
            2007-12-09 22:08:30 0 d-------- C:\Documents and Settings\Gerd\Application Data\BSplayer
            2007-12-09 22:08:30 0 d-------- C:\Documents and Settings\Gerd\Application Data\BSplayer Pro
            2007-12-09 21:11:31 0 d-------- C:\Program Files\ImTOO(2)
            2007-12-09 21:11:24 0 d-------- C:\Program Files\Common Files\Download Manager
            2007-12-09 20:51:59 0 d-------- C:\Program Files\AviSynth 2.5
            2007-12-09 20:51:41 0 d-------- C:\Program Files\The FilmMachine
            2007-12-04 18:38:26 0 dr------- C:\Documents and Settings\LocalService\Mijn documenten
            2007-12-02 20:57:10 0 d-------- C:\!KillBox
            2007-12-02 20:08:07 37888 --a------ C:\WINDOWS\system32\qomjgfc.dll
            2007-12-02 20:06:57 0 d-------- C:\Program Files\DomPlayer
            2007-11-20 22:38:16 0 d-------- C:\Program Files\Lavasoft
            2007-11-20 22:38:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
            2007-11-20 22:37:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
            2007-11-20 19:18:13 0 d-------- C:\Program Files\MSN Messenger
            2007-11-20 19:13:05 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
            2007-11-20 19:12:36 0 d-------- C:\Program Files\Windows Live
            2007-11-20 19:12:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller


            -- Find3M Report ---------------------------------------------------------------

            2007-12-16 13:52:50 0 d-------- C:\Documents and Settings\Gerd\Application Data\Azureus
            2007-12-10 22:58:17 0 d-------- C:\Program Files\Azureus
            2007-12-09 21:11:24 0 d-------- C:\Program Files\Common Files
            2007-12-05 22:21:04 0 d-------- C:\Documents and Settings\Gerd\Application Data\Skype
            2007-12-02 20:22:53 507046 --a------ C:\WINDOWS\system32\perfh013.dat
            2007-12-02 20:22:53 90292 --a------ C:\WINDOWS\system32\perfc013.dat
            2007-12-01 11:38:55 0 d-------- C:\Program Files\eMule
            2007-11-25 17:25:05 0 d-------- C:\Program Files\iTunes
            2007-11-20 11:42:33 0 d-------- C:\Program Files\SlySoft
            2007-11-10 10:17:37 0 d-------- C:\Program Files\iPod
            2007-11-10 10:16:05 0 d-------- C:\Program Files\QuickTime
            2007-11-07 19:42:27 0 d-------- C:\Program Files\Picasa2
            2007-11-07 19:24:33 0 d-------- C:\Program Files\Common Files\Skype
            2007-11-07 19:24:28 0 d-------- C:\Program Files\DivX
            2007-11-01 12:01:15 0 d-------- C:\Documents and Settings\Gerd\Application Data\Google
            2007-10-31 20:39:16 0 d-------- C:\Program Files\Google
            2007-10-31 20:38:58 0 d-------- C:\Program Files\Skype
            2007-10-20 14:37:48 0 d-------- C:\Documents and Settings\Gerd\Application Data\Ahead
            2007-09-24 21:41:26 103511 --a------ C:\WINDOWS\hpoins04.dat


            -- Registry Dump ---------------------------------------------------------------

            *Note* empty entries & legit default entries are not shown


            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\soundman.exe]
            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
            "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-10-19 13:42]
            "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
            "NWEReboot"=""
            "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
            "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01]
            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-10-19 13:42]
            "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 12:32]
            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-27 20:10]
            "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
            Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-27 20:10:20]

            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
            @="Service"

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
            BullGuard BgMainSvc BsFileScan BsMailProxy
            BullGuardFw BsFwall




            -- End of Deckard's System Scanner: finished at 2007-12-18 20:49:08 ------------

            Comment


            • #7
              Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd

              Download OTMoveIt.exe en plaats het op je bureaublad: OTMoveIt.exe
              Open OTMoveIt.exe.
              In het linkerpaneel, waar staat: "Paste List of Files/Folders to be Moved" ,kopieer en plak je onderstaand vetgedrukt tekst:

              C:\!KillBox
              C:\WINDOWS\system32\qomjgfc.dll


              Daarna klik je op de MoveIt knop onderaan.
              Wanneer het programma voltooid is zal het een log aanmaken (********_******.log -- de * staat voor datum en tijd) in volgende map: C:\_OTMoveIt\MovedFiles\
              Kopieer en plak de inhoud van die log in je volgende post.

              Vertel ook of er nog problemen zijn

              Comment


              • #8
                C:\!KillBox\Logs moved successfully.
                C:\!KillBox moved successfully.
                LoadLibrary failed for C:\WINDOWS\system32\qomjgfc.dll
                C:\WINDOWS\system32\qomjgfc.dll NOT unregistered.
                File move failed. C:\WINDOWS\system32\qomjgfc.dll scheduled to be moved on reboot.

                Created on 12-18-2007 22:46:07

                ik heb geen last meer van die verveelende ads
                zeer erg bedankt voor de hulp smeenk slotje mag erop

                Comment


                • #9
                  Graag gedaan hoor

                  Volg nog even de volgende stappen:
                  Verwijder de volgende mappen:
                  C:\_OTMoveIt\MovedFiles\
                  C:\Qoobox\

                  Maak dan je prullenbak leeg.

                  Download ATF cleaner (mirror)(gemaakt door Atribune)

                  Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                  Dubbelklik op ATF cleaner om het programma te starten.
                  Op het tabblad "Main", plaats je een vinkje bij Select All.
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook FireFox als browser hebt:
                  Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                  Klik op de knop Empty Selected.

                  Het volgende doen als je ook Opera als browser hebt:
                  Klik op tabblad "Opera", plaats een vinkje bij Select All.
                  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                  Klik op de knop Empty Selected.
                  Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                  Ga naar Start - Uitvoeren en geef hier het volgende in:
                  Combofix /U
                  Druk daarna op OK.
                  Let op: Er moet een spatie tussen Combofix en /U zitten.

                  Dit zal Combofix deïnstalleren.

                  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                  Kijk hier hoe je je systeemherstel moet uitschakelen.
                  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                  Dan is, denk ik, alles weer OK

                  Comment

                  Sorry, you are not authorized to view this page
                  Working...
                  X