Mededeling

Collapse
No announcement yet.

Anti Virus Programma

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Anti Virus Programma

    Ik heb laatst blijkbaar via internet een anti virus programma gedownload. (of een anti-spyware, kan zelfs beide zijn.) Alleen dat programma wil ik eraf..
    Het laat internet soms flippen en ik kan mijn home page niet meer veranderen. (Staat automatisch op de startsite van da anti virus programma.)
    Het geeft ook mogelijke virussen aan terwijl McAfee hier niks van zegt.

    Hier volgt het logje:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:34:56, on 14-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\PixArt\PAC7311\Monitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-21-3888614320-2397303572-2193093053-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Lex')
    O4 - HKUS\S-1-5-21-3888614320-2397303572-2193093053-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Lex')
    O4 - HKUS\S-1-5-21-3888614320-2397303572-2193093053-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Lex')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
    O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

  • #2
    Download SmitfraudFix (by S!Ri) en plaats het op je bureaublad.
    Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
    Sluit alle open vensters.
    Start Hijackthis en vink de volgende items aan:
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll
    O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
    O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
    O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll

    Klik daarna op "Fix checked" en sluit HijackThis.


    Dubbelklik op smitfraudfix.exe.
    Kies optie #2 - Clean door 2 te typen en druk dan op "Enter".

    Wanneer de volgende vraag gesteld: "Registry cleaning - Do you want to clean the registry ?"; antwoord je "Yes/ja" door Y te typen en daarna op "Enter" te klikken. Dit zal je bureaublad terug herstellen en registersleutels die deze infectie heeft aangemaakt weer verwijderen.

    De tool zal daarna je computer opnieuw laten opstarten om de restanten te verwijderen.
    Indien de computer niet automatisch start, start je de pc zelf opnieuw in normale windowsmodus.
    Wanneer de computer opnieuw gestart is zal er een logfile open: C:\rapport.txt.
    Post de inhoud van dat logje samen met een nieuwe hijackthislog.

    Comment


    • #3
      Ik heb alles gedaan wat u zei maar het logje dat zou moeten zijn geopend (C:\rapport.txt.) Kwam toen ik nog in de veilige modus zat en toen ik eenmaal terug was bij de normale modus was het weg. Dus dat heb ik niet meer.

      Hier is wel het hijackthis logje:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:16:23, on 14-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Dell Network Assistant\hnm_svc.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
      c:\program files\mcafee.com\vso\mcvsshld.exe
      c:\progra~1\mcafee.com\vso\mcvsescn.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
      C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\PixArt\PAC7311\Monitor.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
      C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      C:\Program Files\WiFiConnector\NintendoWFCReg.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
      R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
      O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll
      O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
      O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
      O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
      O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Dell Network Assistant.lnk = ?
      O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
      O4 - Global Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
      O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
      O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
      O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
      O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
      O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
      O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
      O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

      --
      End of file - 12136 bytes

      Comment


      • #4
        Post de inhoud van dit bestand: C:\rapport.txt

        Comment


        • #5
          Zoals ik zei dat bestand opende zich in de veilige modus en dat ben ik nu dus kwijt...

          Comment


          • #6
            In principe wordt dat bestand niet zomaar verwijderd.
            Ga naar start - uitvoeren en tik in: C:\rapport.txt

            Heb je de instructies correct uitgevoerd want je hijackthislog is nauwelijks gewijzigd en na het uitvoeren van de instructies zou er toch wel wat gewijzigd moeten zijn hoor.

            Comment


            • #7
              Oke ik heb het nou:

              SmitFraudFix v2.320

              Scan done at 20:02:15,59, wo 14-05-2008
              Run from C:\Documents and Settings\Jelle van Hees\Bureaublad\SmitfraudFix
              OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
              The filesystem type is NTFS
              Fix run in safe mode

              »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll

              »»»»»»»»»»»»»»»»»»»»»»»» Killing process


              »»»»»»»»»»»»»»»»»»»»»»»» hosts


              127.0.0.1 localhost
              127.0.0.1 bin.errorprotector.com ## added by CiD
              127.0.0.1 br.errorsafe.com ## added by CiD
              127.0.0.1 br.winantivirus.com ## added by CiD
              127.0.0.1 br.winfixer.com ## added by CiD
              127.0.0.1 cdn.drivecleaner.com ## added by CiD
              127.0.0.1 cdn.errorsafe.com ## added by CiD
              127.0.0.1 cdn.winsoftware.com ## added by CiD
              127.0.0.1 de.errorsafe.com ## added by CiD
              127.0.0.1 de.winantivirus.com ## added by CiD
              127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
              127.0.0.1 download.cdn.errorsafe.com ## added by CiD
              127.0.0.1 download.cdn.winsoftware.com ## added by CiD
              127.0.0.1 download.errorsafe.com ## added by CiD
              127.0.0.1 download.systemdoctor.com ## added by CiD
              127.0.0.1 download.winantispyware.com ## added by CiD
              127.0.0.1 download.windrivecleaner.com ## added by CiD
              127.0.0.1 download.winfixer.com ## added by CiD
              127.0.0.1 drivecleaner.com ## added by CiD
              127.0.0.1 dynamique.drivecleaner.com ## added by CiD
              127.0.0.1 errorprotector.com ## added by CiD
              127.0.0.1 errorsafe.com ## added by CiD
              127.0.0.1 es.winantivirus.com ## added by CiD
              127.0.0.1 fr.winantivirus.com ## added by CiD
              127.0.0.1 fr.winfixer.com ## added by CiD
              127.0.0.1 go.drivecleaner.com ## added by CiD
              127.0.0.1 go.errorsafe.com ## added by CiD
              127.0.0.1 go.winantispyware.com ## added by CiD
              127.0.0.1 go.winantivirus.com ## added by CiD
              127.0.0.1 hk.winantivirus.com ## added by CiD
              127.0.0.1 instlog.errorsafe.com ## added by CiD
              127.0.0.1 instlog.winantivirus.com ## added by CiD
              127.0.0.1 instlog.winfixer.com ## added by CiD
              127.0.0.1 jsp.drivecleaner.com ## added by CiD
              127.0.0.1 kb.errorsafe.com ## added by CiD
              127.0.0.1 kb.winantivirus.com ## added by CiD
              127.0.0.1 nl.errorsafe.com ## added by CiD
              127.0.0.1 se.errorsafe.com ## added by CiD
              127.0.0.1 secure.drivecleaner.com ## added by CiD
              127.0.0.1 secure.errorsafe.com ## added by CiD
              127.0.0.1 secure.winantispam.com ## added by CiD
              127.0.0.1 secure.winantispy.com ## added by CiD
              127.0.0.1 secure.winantivirus.com ## added by CiD
              127.0.0.1 support.winantivirus.com ## added by CiD
              127.0.0.1 trial.updates.winsoftware.com ## added by CiD
              127.0.0.1 ulog.winantivirus.com ## added by CiD
              127.0.0.1 utils.errorsafe.com ## added by CiD
              127.0.0.1 utils.winantivirus.com ## added by CiD
              127.0.0.1 utils.winfixer.com ## added by CiD
              127.0.0.1 winantispyware.com ## added by CiD
              127.0.0.1 winantivirus.com ## added by CiD
              127.0.0.1 winfixer.com ## added by CiD
              127.0.0.1 winfixer2006.com ## added by CiD
              127.0.0.1 winsoftware.com ## added by CiD
              127.0.0.1 www.drivecleaner.com ## added by CiD
              127.0.0.1 www.errorprotector.com ## added by CiD
              127.0.0.1 www.errorsafe.com ## added by CiD
              127.0.0.1 www.systemdoctor.com ## added by CiD
              127.0.0.1 www.utils.winfixer.com ## added by CiD
              127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
              127.0.0.1 www.win-virus-pro.com ## added by CiD
              127.0.0.1 www.winantispam.com ## added by CiD
              127.0.0.1 www.winantispy.com ## added by CiD
              127.0.0.1 www.winantispyware.com ## added by CiD
              127.0.0.1 www.winantivirus.com ## added by CiD
              127.0.0.1 www.winantiviruspro.com ## added by CiD
              127.0.0.1 www.windrivecleaner.com ## added by CiD
              127.0.0.1 www.windrivesafe.com ## added by CiD
              127.0.0.1 www.winfixer.com ## added by CiD
              127.0.0.1 www.winfixer2006.com ## added by CiD
              127.0.0.1 www.winsoftware.com ## added by CiD

              »»»»»»»»»»»»»»»»»»»»»»»» VACFix

              VACFix
              Credits: Malware Analysis & Diagnostic
              Code: S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

              S!Ri's WS2Fix: LSP not Found.


              »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

              GenericRenosFix by S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

              C:\Program Files\NetProject\ Deleted

              »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

              IEDFix
              Credits: Malware Analysis & Diagnostic
              Code: S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

              404Fix
              Credits: Malware Analysis & Diagnostic
              Code: S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» DNS

              HKLM\SYSTEM\CCS\Services\Tcpip\..\{D3ED42FD-1E64-4263-9251-69F91EE26798}: DhcpNameServer=192.168.2.1
              HKLM\SYSTEM\CS1\Services\Tcpip\..\{D3ED42FD-1E64-4263-9251-69F91EE26798}: DhcpNameServer=192.168.2.1
              HKLM\SYSTEM\CS3\Services\Tcpip\..\{D3ED42FD-1E64-4263-9251-69F91EE26798}: DhcpNameServer=192.168.2.1
              HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
              HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
              HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


              »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


              »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
              !!!Attention, following keys are not inevitably infected!!!

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
              "System"=""


              »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

              Registry Cleaning done.

              »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll


              »»»»»»»»»»»»»»»»»»»»»»»» End

              Comment


              • #8
                Heb je de instructies met hijackthis ook uitgevoerd in veilige modus?

                Comment


                • #9
                  Ik geloof dat ik alles heb gedaan zoals u het zei.

                  Comment


                  • #10
                    "Ik geloof" klinkt niet echt overtuigend.

                    Herhaal alle stappen.

                    Comment


                    • #11
                      Hijackthis:

                      Logfile of Trend Micro HijackThis v2.0.2
                      Scan saved at 20:27:13, on 15-5-2008
                      Platform: Windows XP SP2 (WinNT 5.01.2600)
                      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                      Boot mode: Normal

                      Running processes:
                      C:\WINDOWS\System32\smss.exe
                      C:\WINDOWS\system32\winlogon.exe
                      C:\WINDOWS\system32\services.exe
                      C:\WINDOWS\system32\lsass.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\System32\svchost.exe
                      C:\WINDOWS\system32\spoolsv.exe
                      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      C:\Program Files\Dell Network Assistant\hnm_svc.exe
                      c:\program files\mcafee.com\agent\mcdetect.exe
                      C:\WINDOWS\Explorer.EXE
                      c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                      c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
                      C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
                      C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                      c:\program files\mcafee.com\vso\mcvsshld.exe
                      c:\progra~1\mcafee.com\vso\mcvsescn.exe
                      C:\WINDOWS\system32\svchost.exe
                      C:\WINDOWS\system32\hkcmd.exe
                      C:\WINDOWS\system32\igfxpers.exe
                      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
                      C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                      C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                      C:\Program Files\QuickTime\qttask.exe
                      C:\Program Files\iTunes\iTunesHelper.exe
                      C:\WINDOWS\PixArt\PAC7311\Monitor.exe
                      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
                      C:\WINDOWS\system32\ctfmon.exe
                      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
                      C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
                      C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                      C:\Program Files\Messenger\msmsgs.exe
                      C:\Program Files\Microsoft Office\Office\OSA.EXE
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\Program Files\iPod\bin\iPodService.exe
                      C:\WINDOWS\system32\wuauclt.exe
                      C:\WINDOWS\system32\NOTEPAD.EXE
                      C:\WINDOWS\SoftwareDistribution\Download\d4e4c7d59d6a155079f9e35776c9d483\update\update.exe
                      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
                      R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
                      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
                      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
                      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                      O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
                      O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll
                      O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll
                      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
                      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
                      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                      O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
                      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
                      O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll
                      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
                      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                      O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                      O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
                      O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                      O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                      O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
                      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                      O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                      O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
                      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                      O4 - Global Startup: Dell Network Assistant.lnk = ?
                      O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                      O4 - Global Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
                      O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                      O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                      O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
                      O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
                      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                      O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                      O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                      O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
                      O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
                      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
                      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                      O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
                      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                      O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
                      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                      O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
                      O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

                      --
                      End of file - 12168 bytes

                      SmitFraudFix:

                      SmitFraudFix v2.320

                      Scan done at 20:16:39,76, do 15-05-2008
                      Run from C:\Documents and Settings\Jelle van Hees\Bureaublad\SmitfraudFix
                      OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
                      The filesystem type is NTFS
                      Fix run in safe mode

                      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
                      !!!Attention, following keys are not inevitably infected!!!

                      SrchSTS.exe by S!Ri
                      Search SharedTaskScheduler's .dll

                      »»»»»»»»»»»»»»»»»»»»»»»» Killing process


                      »»»»»»»»»»»»»»»»»»»»»»»» hosts


                      127.0.0.1 localhost
                      127.0.0.1 bin.errorprotector.com ## added by CiD
                      127.0.0.1 br.errorsafe.com ## added by CiD
                      127.0.0.1 br.winantivirus.com ## added by CiD
                      127.0.0.1 br.winfixer.com ## added by CiD
                      127.0.0.1 cdn.drivecleaner.com ## added by CiD
                      127.0.0.1 cdn.errorsafe.com ## added by CiD
                      127.0.0.1 cdn.winsoftware.com ## added by CiD
                      127.0.0.1 de.errorsafe.com ## added by CiD
                      127.0.0.1 de.winantivirus.com ## added by CiD
                      127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
                      127.0.0.1 download.cdn.errorsafe.com ## added by CiD
                      127.0.0.1 download.cdn.winsoftware.com ## added by CiD
                      127.0.0.1 download.errorsafe.com ## added by CiD
                      127.0.0.1 download.systemdoctor.com ## added by CiD
                      127.0.0.1 download.winantispyware.com ## added by CiD
                      127.0.0.1 download.windrivecleaner.com ## added by CiD
                      127.0.0.1 download.winfixer.com ## added by CiD
                      127.0.0.1 drivecleaner.com ## added by CiD
                      127.0.0.1 dynamique.drivecleaner.com ## added by CiD
                      127.0.0.1 errorprotector.com ## added by CiD
                      127.0.0.1 errorsafe.com ## added by CiD
                      127.0.0.1 es.winantivirus.com ## added by CiD
                      127.0.0.1 fr.winantivirus.com ## added by CiD
                      127.0.0.1 fr.winfixer.com ## added by CiD
                      127.0.0.1 go.drivecleaner.com ## added by CiD
                      127.0.0.1 go.errorsafe.com ## added by CiD
                      127.0.0.1 go.winantispyware.com ## added by CiD
                      127.0.0.1 go.winantivirus.com ## added by CiD
                      127.0.0.1 hk.winantivirus.com ## added by CiD
                      127.0.0.1 instlog.errorsafe.com ## added by CiD
                      127.0.0.1 instlog.winantivirus.com ## added by CiD
                      127.0.0.1 instlog.winfixer.com ## added by CiD
                      127.0.0.1 jsp.drivecleaner.com ## added by CiD
                      127.0.0.1 kb.errorsafe.com ## added by CiD
                      127.0.0.1 kb.winantivirus.com ## added by CiD
                      127.0.0.1 nl.errorsafe.com ## added by CiD
                      127.0.0.1 se.errorsafe.com ## added by CiD
                      127.0.0.1 secure.drivecleaner.com ## added by CiD
                      127.0.0.1 secure.errorsafe.com ## added by CiD
                      127.0.0.1 secure.winantispam.com ## added by CiD
                      127.0.0.1 secure.winantispy.com ## added by CiD
                      127.0.0.1 secure.winantivirus.com ## added by CiD
                      127.0.0.1 support.winantivirus.com ## added by CiD
                      127.0.0.1 trial.updates.winsoftware.com ## added by CiD
                      127.0.0.1 ulog.winantivirus.com ## added by CiD
                      127.0.0.1 utils.errorsafe.com ## added by CiD
                      127.0.0.1 utils.winantivirus.com ## added by CiD
                      127.0.0.1 utils.winfixer.com ## added by CiD
                      127.0.0.1 winantispyware.com ## added by CiD
                      127.0.0.1 winantivirus.com ## added by CiD
                      127.0.0.1 winfixer.com ## added by CiD
                      127.0.0.1 winfixer2006.com ## added by CiD
                      127.0.0.1 winsoftware.com ## added by CiD
                      127.0.0.1 www.drivecleaner.com ## added by CiD
                      127.0.0.1 www.errorprotector.com ## added by CiD
                      127.0.0.1 www.errorsafe.com ## added by CiD
                      127.0.0.1 www.systemdoctor.com ## added by CiD
                      127.0.0.1 www.utils.winfixer.com ## added by CiD
                      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
                      127.0.0.1 www.win-virus-pro.com ## added by CiD
                      127.0.0.1 www.winantispam.com ## added by CiD
                      127.0.0.1 www.winantispy.com ## added by CiD
                      127.0.0.1 www.winantispyware.com ## added by CiD
                      127.0.0.1 www.winantivirus.com ## added by CiD
                      127.0.0.1 www.winantiviruspro.com ## added by CiD
                      127.0.0.1 www.windrivecleaner.com ## added by CiD
                      127.0.0.1 www.windrivesafe.com ## added by CiD
                      127.0.0.1 www.winfixer.com ## added by CiD
                      127.0.0.1 www.winfixer2006.com ## added by CiD
                      127.0.0.1 www.winsoftware.com ## added by CiD

                      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

                      VACFix
                      Credits: Malware Analysis & Diagnostic
                      Code: S!Ri


                      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

                      S!Ri's WS2Fix: LSP not Found.


                      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

                      GenericRenosFix by S!Ri


                      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

                      C:\Program Files\NetProject\ Deleted

                      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

                      IEDFix
                      Credits: Malware Analysis & Diagnostic
                      Code: S!Ri


                      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

                      404Fix
                      Credits: Malware Analysis & Diagnostic
                      Code: S!Ri


                      »»»»»»»»»»»»»»»»»»»»»»»» DNS

                      HKLM\SYSTEM\CCS\Services\Tcpip\..\{D3ED42FD-1E64-4263-9251-69F91EE26798}: DhcpNameServer=192.168.2.1
                      HKLM\SYSTEM\CS1\Services\Tcpip\..\{D3ED42FD-1E64-4263-9251-69F91EE26798}: DhcpNameServer=192.168.2.1
                      HKLM\SYSTEM\CS3\Services\Tcpip\..\{D3ED42FD-1E64-4263-9251-69F91EE26798}: DhcpNameServer=192.168.2.1
                      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
                      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
                      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


                      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


                      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
                      !!!Attention, following keys are not inevitably infected!!!

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
                      "System"=""


                      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

                      Registry Cleaning done.

                      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
                      !!!Attention, following keys are not inevitably infected!!!

                      SrchSTS.exe by S!Ri
                      Search SharedTaskScheduler's .dll


                      »»»»»»»»»»»»»»»»»»»»»»»» End



                      Mocht het weer fout zijn maakt het uit dat ik alles heb gedaan op mijn eigen accountsnaam? Je kon namelijk ook administrator kiezen.

                      Comment


                      • #12
                        Smitfraudfix krijgt deze blijkbaar niet weg.
                        Best alles onder je eigen account doen.
                        We proberen wat anders.

                        Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden
                        Volg de instructies die daar gegeven worden. Is er iets niet duidelijk, dan vraag je het.
                        Als het tooltje klaar is, opent er een logfile (combofix.txt).
                        Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

                        Comment


                        • #13
                          Ik voer de stappen straks uit.

                          Comment


                          • #14
                            ComboFix:
                            ComboFix 08-05-15.3 - Jelle van Hees 2008-05-17 13:05:04.1 - NTFSx86
                            Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.593 [GMT 2:00]
                            Gestart vanuit: C:\Documents and Settings\Jelle van Hees\Bureaublad\ComboFix.exe
                            .

                            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                            .

                            C:\Program Files\NetProject
                            C:\Program Files\NetProject\myd.ico
                            C:\Program Files\NetProject\mym.ico
                            C:\Program Files\NetProject\myp.ico
                            C:\Program Files\NetProject\myv.ico
                            C:\Program Files\NetProject\ot.ico
                            C:\Program Files\NetProject\sbmdl.dll
                            C:\Program Files\NetProject\sbmntr.exe
                            C:\Program Files\NetProject\sbsm.exe
                            C:\Program Files\NetProject\sbun.exe
                            C:\Program Files\NetProject\scit.exe
                            C:\Program Files\NetProject\scm.exe
                            C:\Program Files\NetProject\scu.exe
                            C:\Program Files\NetProject\ts.ico
                            C:\Program Files\NetProject\wamdl.dll
                            C:\Program Files\NetProject\waun.exe
                            C:\WINDOWS\Downloaded Program Files\setup.inf
                            C:\WINDOWS\system32\834668\834668.dll

                            .
                            (((((((((((((((((((( Bestanden Gemaakt van 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))
                            .

                            2008-05-14 19:40 . 2008-05-14 20:08 <DIR> d-------- C:\Documents and Settings\Administrator.JELLE\Sjablonen
                            2008-05-14 19:40 . 2008-05-14 20:08 <DIR> d-------- C:\Documents and Settings\Administrator.JELLE\Mijn documenten
                            2008-05-14 19:40 . 2008-05-14 20:08 <DIR> d-------- C:\Documents and Settings\Administrator.JELLE\Favorieten
                            2008-05-14 19:40 . 2006-07-13 20:19 <DIR> d-------- C:\Documents and Settings\Administrator.JELLE\Application Data\Corel
                            2008-05-14 19:40 . 2008-05-14 20:08 <DIR> d---s---- C:\Documents and Settings\Administrator.JELLE
                            2008-05-14 19:40 . 2008-05-17 13:00 1,024 --ah----- C:\Documents and Settings\Administrator.JELLE\ntuser.dat.LOG
                            2008-05-14 19:11 . 2008-05-14 20:08 <DIR> d-------- C:\Documents and Settings\Administrator\Sjablonen
                            2008-05-14 19:11 . 2008-05-14 20:08 <DIR> d-------- C:\Documents and Settings\Administrator\Mijn documenten
                            2008-05-14 19:11 . 2008-05-14 20:08 <DIR> d-------- C:\Documents and Settings\Administrator\Favorieten
                            2008-05-14 19:11 . 2006-07-13 20:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
                            2008-05-14 19:11 . 2008-05-14 20:08 <DIR> d---s---- C:\Documents and Settings\Administrator
                            2008-05-14 19:11 . 2008-05-17 13:00 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
                            2008-05-14 16:34 . 2008-05-14 16:34 <DIR> d-------- C:\Program Files\Trend Micro
                            2008-05-13 22:09 . 2008-05-17 13:06 <DIR> d-------- C:\WINDOWS\system32\834668
                            2008-05-10 23:59 . 2008-05-14 17:35 <DIR> d-------- C:\Program Files\Voyage Century Online
                            2008-05-10 14:51 . 2008-05-10 14:52 <DIR> d-------- C:\Program Files\FlashGet
                            2008-05-10 14:45 . 2008-05-10 14:45 <DIR> d-------- C:\Program Files\uTorrent
                            2008-05-01 19:34 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2008-05-17 09:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
                            2008-05-16 16:00 --------- d-----w C:\Program Files\Norton Security Scan
                            2008-05-15 14:33 --------- d-----w C:\Documents and Settings\Jelle van Hees\Application Data\Apple Computer
                            2008-05-14 16:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
                            2008-05-13 16:39 13,312 --s-a-w C:\WINDOWS\system32\rtmipr.dll
                            2008-05-10 22:39 --------- d-----w C:\Documents and Settings\Jelle van Hees\Application Data\uTorrent
                            2008-05-07 18:10 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
                            2008-05-07 18:01 --------- d-----w C:\Program Files\LimeWire
                            2008-04-12 12:22 --------- d-----w C:\Program Files\Common Files\ArcSoft
                            2008-04-12 12:22 --------- d-----w C:\Documents and Settings\Lex\Application Data\ArcSoft
                            2008-04-12 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
                            2008-04-12 12:21 --------- d-----w C:\Program Files\ArcSoft
                            2008-04-09 15:00 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
                            2008-04-09 14:33 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
                            2008-04-09 14:27 --------- d-----w C:\Program Files\Ubisoft
                            2008-04-09 12:32 230,432 ----a-w C:\PA7311.DAT
                            2008-04-04 13:37 --------- d-----w C:\Program Files\Apple Software Update
                            2008-04-02 13:04 --------- d-----w C:\Program Files\Everest Poker
                            2008-03-30 11:03 --------- d-----w C:\Program Files\Windows Live
                            2008-03-30 11:02 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
                            2008-03-30 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
                            2008-03-29 13:56 716,264 ----a-w C:\WINDOWS\unins000.exe
                            2008-03-29 13:56 --------- d-----w C:\Program Files\Atari
                            2008-03-27 19:34 --------- d-----w C:\Program Files\Java
                            2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
                            2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
                            2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
                            2008-03-25 04:51 183,072 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
                            2008-03-24 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
                            2008-03-20 10:43 --------- d--h--r C:\Documents and Settings\Lex\Application Data\SecuROM
                            2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
                            2008-03-20 08:10 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
                            2008-03-01 16:35 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
                            2008-02-29 08:58 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
                            2008-02-29 08:58 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
                            2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
                            2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
                            2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
                            2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
                            2008-02-20 05:39 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
                            2008-02-20 05:39 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
                            .

                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            REGEDIT4
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                            "{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

                            [HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

                            [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                            "{51D81DD5-55B7-497F-95DB-D356429BB54E}"= C:\Program Files\NetProject\wamdl.dll [ ]

                            [HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]

                            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
                            "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
                            "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 15:18 68856]

                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 21:49 94208]
                            "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 21:46 77824]
                            "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 21:50 114688]
                            "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
                            "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
                            "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
                            "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
                            "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
                            "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
                            "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02 53248]
                            "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
                            "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
                            "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 20:05 1117184]
                            "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 19:06 110592]
                            "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 13:49 163840]
                            "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 18:17 999424]
                            "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-10 00:34 106496]
                            "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
                            "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]
                            "PAC7311_Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [2006-11-03 12:01 319488]

                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

                            C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
                            Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
                            Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-07-13 20:23:53 7168]
                            Microsoft Office Snelzoeken.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-09-22 111376]
                            Microsoft Office Werkbalk.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-09-22 338432]
                            Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-10-07 12:53:09 1073152]
                            Office Opstarten.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-22 51984]

                            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
                            "{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"= C:\WINDOWS\system32\rtmipr.dll [2008-05-13 18:39 13312]

                            [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                            "AntiVirusDisableNotify"=dword:00000001

                            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
                            "DisableMonitoring"=dword:00000001

                            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
                            "DisableMonitoring"=dword:00000001

                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                            "EnableFirewall"= 0 (0x0)

                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                            "%windir%\\system32\\sessmgr.exe"=
                            "C:\\Program Files\\LimeWire\\LimeWire.exe"=
                            "C:\\Program Files\\iTunes\\iTunes.exe"=
                            "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
                            "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                            "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
                            "C:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
                            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                            "C:\\Program Files\\uTorrent\\utorrent.exe"=
                            "C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                            "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
                            "10426:UDP"= 10426:UDP:SingleClick ICC

                            S3 PAC7311;Trust WB-3400T Webcam;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2007-03-14 11:57]

                            *Newly Created Service* - CATCHME
                            .
                            Inhoud van de 'Gedeelde Taken' map
                            "2008-05-10 11:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
                            - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
                            "2008-05-16 16:00:05 C:\WINDOWS\Tasks\Norton Security Scan.job"
                            - C:\Program Files\Norton Security Scan\Nss.exe
                            "2008-05-17 09:41:53 C:\WINDOWS\Tasks\Scannen op virussen via McAfee.com - Mijn computer (JELLE-Jelle van Hees).job"
                            - c:\program files\mcafee.com\vso\mcmnhdlr.exe
                            .
                            **************************************************************************

                            catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2008-05-17 13:08:32
                            Windows 5.1.2600 Service Pack 2 NTFS

                            scannen van verborgen processen ...

                            scannen van verborgen autostart items ...

                            scannen van verborgen bestanden ...

                            Scan succesvol afgerond
                            verborgen bestanden: 0

                            **************************************************************************
                            .
                            Voltooingstijd: 2008-05-17 13:09:52
                            ComboFix-quarantined-files.txt 2008-05-17 11:09:29

                            Pre-Run: 25,303,773,184 bytes beschikbaar
                            Post-Run: 26,426,634,240 bytes beschikbaar

                            185 --- E O F --- 2008-05-15 20:46:38


                            Hijackthis:
                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 13:14:42, on 17-5-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                            C:\Program Files\Dell Network Assistant\hnm_svc.exe
                            c:\program files\mcafee.com\agent\mcdetect.exe
                            c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                            c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                            C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
                            C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                            C:\WINDOWS\system32\hkcmd.exe
                            C:\WINDOWS\system32\igfxpers.exe
                            C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
                            C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                            C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                            C:\Program Files\McAfee.com\VSO\oasclnt.exe
                            C:\PROGRA~1\mcafee.com\agent\mcagent.exe
                            C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                            C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
                            C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                            C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                            C:\Program Files\QuickTime\qttask.exe
                            C:\Program Files\iTunes\iTunesHelper.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\PixArt\PAC7311\Monitor.exe
                            c:\progra~1\mcafee.com\vso\mcvsescn.exe
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
                            C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
                            C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
                            C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                            C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                            C:\Program Files\Microsoft Office\Office\OSA.EXE
                            c:\progra~1\mcafee.com\vso\mcvsftsn.exe
                            C:\Program Files\Messenger\msmsgs.exe
                            C:\Program Files\iPod\bin\iPodService.exe
                            c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
                            C:\WINDOWS\explorer.exe
                            C:\Program Files\internet explorer\iexplore.exe
                            C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
                            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
                            R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                            O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
                            O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                            O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
                            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
                            O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
                            O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
                            O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
                            O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
                            O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                            O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                            O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
                            O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                            O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
                            O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                            O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                            O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
                            O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
                            O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
                            O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
                            O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
                            O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
                            O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
                            O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
                            O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                            O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
                            O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                            O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                            O4 - Global Startup: Dell Network Assistant.lnk = ?
                            O4 - Global Startup: Microsoft Office Snelzoeken.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
                            O4 - Global Startup: Microsoft Office Werkbalk.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
                            O4 - Global Startup: Nintendo Wi-Fi USB Connector registratiesoftware uitvoeren.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
                            O4 - Global Startup: Office Opstarten.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
                            O8 - Extra context menu item: Ontvang alles met FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
                            O8 - Extra context menu item: Ontvang met FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                            O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
                            O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                            O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
                            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                            O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game06.zylom.com/activex/zylomgamesplayer.cab
                            O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
                            O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
                            O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                            O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                            O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
                            O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                            O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
                            O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
                            O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
                            O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
                            O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
                            O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
                            O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

                            --
                            End of file - 11319 bytes

                            Comment


                            • #15
                              Hallo,

                              Open een kladblokbestand.
                              Kopieer de ondestaande code, en plak deze in het kladblokbestand.
                              Sla het kladblokbestand op als CFScript.txt
                              Code:
                              File::
                              C:\WINDOWS\system32\rtmipr.dll
                              
                              Folder::
                              C:\WINDOWS\system32\834668
                              
                              Registry::
                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
                              "{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-
                              [-HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
                              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
                              "{51D81DD5-55B7-497F-95DB-D356429BB54E}"=-
                              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
                              "{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"=-
                              Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

                              ComboFix zal opnieuw starten.
                              Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile.
                              Post de inhoud van de logfile.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X