Mededeling

**smeenk** · 28-04-08, 23:36

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Download Deckard's System Scanner naar je Bureaublad.

Sluit alle toepassingen en vensters.
Dubbelklik op dss.exe om het te activeren, en volg de aanwijzingen.
Wanneer de scan volledig is, zal een tekstbestand - main.txt - openen.
Kopiëer (Ctrl+A gevolgd door Ctrl+C) en plak (Ctrl+V) de inhoud van main.txt in je volgende antwoord.

Opmerking: Sommige firewalls kunnen waarschuwen dat sigcheck.exe probeert verbinding te maken met het internet
- zorg dat sigcheck.exe toestemming krijgt om dit te doen !
Tevens kan het gebeuren dat je Antivirus DSS als verdacht aangeeft, of zelfs probeert te verwijderen.
Laat je Antivirus dit niet verwijderen ! (In dit geval is het misschien beter om tijdens de scan van DSS je Antivirus even uit te schakelen)

**rockebaj** · 29-04-08, 13:09

logs

Vbg log

[04/29/2008, 12:33:29] - VirtumundoBeGone v1.5 ( "E:\Downloads\VirtumundoBeGone.exe" )
[04/29/2008, 12:33:38] - Detected System Information:
[04/29/2008, 12:33:38] - Windows Version: 5.1.2600, Service Pack 2
[04/29/2008, 12:33:38] - Current Username: Michiel (Admin)
[04/29/2008, 12:33:38] - Windows is in NORMAL mode.
[04/29/2008, 12:33:38] - Searching for Browser Helper Objects:
[04/29/2008, 12:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 12:33:38] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - No filename found. Continuing.
[04/29/2008, 12:33:38] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 12:33:38] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - No filename found. Continuing.
[04/29/2008, 12:33:38] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 12:33:38] - BHO 6: {AB69DE02-6E9C-4D8A-BF5B-5CBA896B0460} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 12:33:38] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 12:33:38] - BHO 7: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - Checking for HKLM\...\Winlogon\Notify\byXOeCro
[04/29/2008, 12:33:38] - Found: HKLM\...\Winlogon\Notify\byXOeCro - This is probably Virtumundo.
[04/29/2008, 12:33:38] - Assigning {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} MSEvents Object
[04/29/2008, 12:33:38] - BHO list has been changed! Starting over...
[04/29/2008, 12:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 12:33:39] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 12:33:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:39] - No filename found. Continuing.
[04/29/2008, 12:33:39] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 12:33:39] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2008, 12:33:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:39] - No filename found. Continuing.
[04/29/2008, 12:33:39] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 12:33:39] - BHO 6: {AB69DE02-6E9C-4D8A-BF5B-5CBA896B0460} ()
[04/29/2008, 12:33:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:39] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 12:33:39] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 12:33:39] - BHO 7: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} (MSEvents Object)
[04/29/2008, 12:33:39] - ALERT: Found MSEvents Object!
[04/29/2008, 12:33:39] - Finished Searching Browser Helper Objects
[04/29/2008, 12:33:39] - *** Detected MSEvents Object
[04/29/2008, 12:33:39] - Trying to remove MSEvents Object...
[04/29/2008, 12:33:40] - Terminating Process: IEXPLORE.EXE
[04/29/2008, 12:33:45] - Terminating Process: RUNDLL32.EXE
[04/29/2008, 12:33:46] - Disabling Automatic Shell Restart
[04/29/2008, 12:33:46] - Terminating Process: EXPLORER.EXE
[04/29/2008, 12:33:47] - Suspending the NT Session Manager System Service
[04/29/2008, 12:33:48] - Terminating Windows NT Logon/Logoff Manager
[04/29/2008, 12:33:49] - Re-enabling Automatic Shell Restart
[04/29/2008, 12:33:49] - File to disable: C:\WINDOWS\system32\byXOeCro.dll
[04/29/2008, 12:33:49] - Renaming C:\WINDOWS\system32\byXOeCro.dll -> C:\WINDOWS\system32\byXOeCro.dll.vir
[04/29/2008, 12:33:49] - File successfully renamed!
[04/29/2008, 12:33:49] - Removing HKLM\...\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}
[04/29/2008, 12:33:50] - Removing HKCR\CLSID\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}
[04/29/2008, 12:33:50] - Adding Kill Bit for ActiveX for GUID: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}
[04/29/2008, 12:33:50] - Deleting ATLEvents/MSEvents Registry entries
[04/29/2008, 12:33:50] - Removing HKLM\...\Winlogon\Notify\byXOeCro
[04/29/2008, 12:33:50] - Searching for Browser Helper Objects:
[04/29/2008, 12:33:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 12:33:50] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:50] - No filename found. Continuing.
[04/29/2008, 12:33:50] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 12:33:50] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2008, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:50] - No filename found. Continuing.
[04/29/2008, 12:33:50] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 12:33:50] - BHO 6: {AB69DE02-6E9C-4D8A-BF5B-5CBA896B0460} ()
[04/29/2008, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:50] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 12:33:50] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 12:33:51] - Finished Searching Browser Helper Objects
[04/29/2008, 12:33:51] - Finishing up...
[04/29/2008, 12:33:51] - A restart is needed.
[04/29/2008, 12:34:34] - Attempting to Restart via STOP error (Blue Screen!)

Rvaxo log

---RVAXO.exe Updated: 2008-04-28---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\byXOeCro.dll.vir
C:\WINDOWS\BM9f525b80.xml
C:\WINDOWS\BM9f525b80.txt
C:\WINDOWS\system32\oqYayccf.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\mcrh.tmp

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

Dds log

Deckard's System Scanner v20071014.68
Run by Michiel on 2008-04-29 13:00:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
57: 2008-04-29 11:00:38 UTC - RP190 - Deckard's System Scanner Restore Point
56: 2008-04-28 17:00:10 UTC - RP189 - Geïnstalleerd Norman Personal Firewall 1.42
55: 2008-04-28 16:38:11 UTC - RP188 - Verwijderd Norman Personal Firewall 1.42
54: 2008-04-28 16:18:47 UTC - RP187 - Geïnstalleerd NVC v5.82
53: 2008-04-27 15:13:15 UTC - RP186 - Removed Age of Empires III

-- First Restore Point --
1: 2008-04-23 21:54:48 UTC - RP134 - Controlepunt van systeem

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.21 GiB (less than 15%) free.

-- HijackThis (run as Michiel.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-29 13:03:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\npm\bin\elogsvc.exe
C:\Norman\npm\bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Telemeter 3.0\Telemeter3.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hercules\Audio\DJ Console Series\Mk2\HDJ2CPL.exe
C:\Norman\npm\bin\Zlh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Norman\NVC\bin\Nip.exe
C:\Program Files\Norman\NPF\npfmsg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Norman\NPF\npfsvice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\NVC\bin\Nvcsched.exe
C:\Norman\npm\bin\Njeeves.exe
C:\Norman\NVC\bin\Nvcoas.exe
C:\Norman\NVC\bin\CClaw.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Michiel\Bureaublad\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noxa.net/badboy4life
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF} - C:\WINDOWS\system32\fccyaYqo.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [9c61681c] rundll32.exe "C:\WINDOWS\system32\undssofm.dll",b
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BM9f525b80] Rundll32.exe "C:\WINDOWS\system32\bmdtwkls.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MoreNIU] "C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe" 45
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\NPFMSG.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://666darkmetal666.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160758506041
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\npm\bin\elogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\npm\bin\Njeeves.exe
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\npfsvice.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\npm\bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\NVC\bin\Nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\NVC\bin\Nvcsched.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9791 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NDIS_RD (Firewall Engine Type-R2) - c:\windows\system32\drivers\ndis_rd.sys
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 TDI_RD (Firewall Engine Type-R) - c:\windows\system32\drivers\tdi_rd.sys

S3 Bulk (HDJBulk) - c:\windows\system32\drivers\hdjbulk.sys <Not Verified; Hercules Technologies; Hercules DJ Console>
S3 catchme - c:\docume~1\michiel\locals~1\temp\catchme.sys (file missing)
S3 HDJAsioK - c:\windows\system32\drivers\hdjasiok.sys <Not Verified; Hercules Technologies; Hercules DJ Console>
S3 HDJMidi (Hercules DJ Console MIDI) - c:\windows\system32\drivers\hdjmidi.sys <Not Verified; Hercules Technologies; Hercules DJ Series>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Norman Type-R - c:\program files\norman\npf\npfsvice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-26 22:43:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-29 12:52:23 190513 --ahs---- C:\WINDOWS\system32\oqYayccf.ini2
2008-04-29 12:49:23 0 d-------- C:\RVAXO
2008-04-29 12:45:56 809226 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-04-29 12:45:56 69632 --a------ C:\WINDOWS\system32\remove.exe
2008-04-28 19:00:49 32176 -----n--- C:\WINDOWS\system32\drivers\TDI_RD.SYS
2008-04-28 19:00:49 53320 -----n--- C:\WINDOWS\system32\drivers\NDIS_RD.SYS
2008-04-28 18:18:47 0 d-------- C:\Norman
2008-04-28 17:48:40 104000 --a------ C:\WINDOWS\system32\psgcfcox.dll
2008-04-26 18:19:07 0 --a------ C:\WINDOWS\system32\fqurjqmo.dll
2008-04-24 23:57:22 0 --a------ C:\WINDOWS\system32\qshtpwyf.dll
2008-04-23 23:55:39 0 --a------ C:\WINDOWS\system32\vhjugujp.dll
2008-04-23 23:54:36 272384 --a------ C:\WINDOWS\system32\fccyaYqo.dll
2008-04-23 22:59:03 86016 --a------ C:\WINDOWS\system32\HRFDongle.dll <Not Verified; Hercules(R); HRFDongle Dynamic Link Library>
2008-04-23 22:59:03 43008 --a------ C:\WINDOWS\system32\HDJAsiou.dll <Not Verified; Hercules®; Hercules® DJ Console>
2008-04-23 22:59:03 106496 --a------ C:\WINDOWS\system32\GUStrLib.dll <Not Verified; Guillemot Corporation; Guillemot Tools>
2008-04-23 22:59:03 39296 --a------ C:\WINDOWS\system32\drivers\HDJMidi.sys <Not Verified; Hercules Technologies; Hercules DJ Series>
2008-04-23 22:59:03 47104 --a------ C:\WINDOWS\system32\drivers\HDJBulk.sys <Not Verified; Hercules Technologies; Hercules DJ Console>
2008-04-23 22:59:03 130432 --a------ C:\WINDOWS\system32\drivers\HDJAsioK.sys <Not Verified; Hercules Technologies; Hercules DJ Console>
2008-04-23 22:59:03 0 d-------- C:\Program Files\Guillemot
2008-04-23 22:59:02 23040 --a------ C:\WINDOWS\system32\HDJSAPI.dll <Not Verified; Hercules(R); Hercules DJ Console Series Library (Backward Compatibility)>
2008-04-23 22:59:02 28672 --a------ C:\WINDOWS\system32\HDJAsioCpl.dll <Not Verified; Hercules®; Hercules® DJ Console>
2008-04-23 22:59:02 118784 --a------ C:\WINDOWS\system32\HDJAPI.dll <Not Verified; Hercules(R); Hercules DJ Console Series Library (v2)>
2008-04-23 22:59:02 0 d-------- C:\Program Files\Hercules
2008-04-23 22:58:48 0 d-------- C:\Documents and Settings\Michiel\Application Data\InstallShield
2008-04-04 00:57:25 6029312 --a------ C:\Documents and Settings\Michiel\ntuser.dat
2008-03-31 23:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 23:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

-- Find3M Report ---------------------------------------------------------------

2008-04-29 12:57:30 5 --a------ C:\NPF_USER.DAT
2008-04-29 12:56:20 0 d-------- C:\Program Files\Steam
2008-04-29 12:35:15 0 d---s---- C:\Program Files\Xfire
2008-04-29 12:27:13 0 d-------- C:\Documents and Settings\Michiel\Application Data\Xfire
2008-04-28 19:11:21 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-28 19:00:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-28 18:12:13 0 d-------- C:\Program Files\Norman
2008-04-23 23:05:20 0 d-------- C:\Program Files\VirtualDJ
2008-04-23 23:01:44 364330 --a----c- C:\WINDOWS\system32\perfh013.dat
2008-04-23 23:01:44 53418 --a----c- C:\WINDOWS\system32\perfc013.dat
2008-04-16 23:46:01 0 d-------- C:\Program Files\DivX
2008-04-15 19:57:50 0 d-------- C:\Documents and Settings\Michiel\Application Data\LimeWirePlus
2008-04-14 20:26:25 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-26 15:01:58 0 d-------- C:\Program Files\Soulseek
2008-03-23 22:03:39 0 d-------- C:\Program Files\Rapidown
2008-03-23 21:18:27 0 d-------- C:\Program Files\Microsoft Games
2008-03-23 21:17:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-21 22:30:08 3596288 --a----c- C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 22:28:54 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 22:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 22:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-14 20:27:50 0 d-------- C:\Program Files\Visual MP3 Splitter & Joiner
2008-03-05 15:45:59 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 15:45:38 0 d-------- C:\Program Files\Common Files
2008-03-05 15:45:26 0 d-------- C:\Program Files\Windows Live

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF}]
23/04/2008 23:54 272384 --a------ C:\WINDOWS\system32\fccyaYqo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [07/12/2001 17:24 C:\WINDOWS\Mixer.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 13:22]
"nwiz"="nwiz.exe" [22/10/2006 13:22 C:\WINDOWS\system32\nwiz.exe]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [16/04/2007 00:38]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [17/01/2007 23:04]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 15:21]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 13:22]
"DJ Console Mk2"="C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [19/03/2007 15:37]
"9c61681c"="C:\WINDOWS\system32\undssofm.dll"

"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [09/08/2007 14:40]
"BM9f525b80"="C:\WINDOWS\system32\bmdtwkls.dll"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:03]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"Steam"="c:\program files\steam\steam.exe" [29/03/2008 22:26]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 20:10]
"MoreNIU"="C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe" [18/04/2008 18:45]

C:\Documents and Settings\Michiel\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [23/04/2008 00:29:52]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 20:16:50]
Adobe Reader Snelle start.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 23:05:26]
NPF Messenger.lnk - C:\Program Files\Norman\NPF\NPFMSG.EXE [28/04/2008 19:00:16]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccyaYqo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

-- End of Deckard's System Scanner: finished at 2008-04-29 13:05:38 ------------

**smeenk** · 29-04-08, 13:13

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\system32\oqYayccf.ini2
C:\WINDOWS\system32\oqYayccf.ini
C:\WINDOWS\system32\psgcfcox.dll
C:\WINDOWS\system32\fqurjqmo.dll
C:\WINDOWS\system32\qshtpwyf.dll
C:\WINDOWS\system32\vhjugujp.dll
C:\WINDOWS\system32\fccyaYqo.dll) DO (
del /q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post het logje van del.bat

**rockebaj** · 29-04-08, 15:17

Deleting files
C:\WINDOWS\system32\oqYayccf.ini2 deleted
C:\WINDOWS\system32\oqYayccf.ini deleted
C:\WINDOWS\system32\psgcfcox.dll not found
C:\WINDOWS\system32\fqurjqmo.dll not found
C:\WINDOWS\system32\qshtpwyf.dll not found
C:\WINDOWS\system32\vhjugujp.dll not found
C:\WINDOWS\system32\fccyaYqo.dll not deleted

**smeenk** · 29-04-08, 15:56

Probeer dit eens:
1) Open een kladblokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: fix.reg
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccyaYqo]
"Asynchronous"=dword:00000001
"DllName"="fccyaYqo.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

Start nu VirtumundoBegone nog een keer.

Post dat logje tesamen met een nieuw logje van Hijackthis.

**rockebaj** · 29-04-08, 16:09

[04/29/2008, 12:33:29] - VirtumundoBeGone v1.5 ( "E:\Downloads\VirtumundoBeGone.exe" )
[04/29/2008, 12:33:38] - Detected System Information:
[04/29/2008, 12:33:38] - Windows Version: 5.1.2600, Service Pack 2
[04/29/2008, 12:33:38] - Current Username: Michiel (Admin)
[04/29/2008, 12:33:38] - Windows is in NORMAL mode.
[04/29/2008, 12:33:38] - Searching for Browser Helper Objects:
[04/29/2008, 12:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 12:33:38] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - No filename found. Continuing.
[04/29/2008, 12:33:38] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 12:33:38] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - No filename found. Continuing.
[04/29/2008, 12:33:38] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 12:33:38] - BHO 6: {AB69DE02-6E9C-4D8A-BF5B-5CBA896B0460} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 12:33:38] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 12:33:38] - BHO 7: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} ()
[04/29/2008, 12:33:38] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:38] - Checking for HKLM\...\Winlogon\Notify\byXOeCro
[04/29/2008, 12:33:38] - Found: HKLM\...\Winlogon\Notify\byXOeCro - This is probably Virtumundo.
[04/29/2008, 12:33:38] - Assigning {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} MSEvents Object
[04/29/2008, 12:33:38] - BHO list has been changed! Starting over...
[04/29/2008, 12:33:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 12:33:39] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 12:33:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:39] - No filename found. Continuing.
[04/29/2008, 12:33:39] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 12:33:39] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2008, 12:33:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:39] - No filename found. Continuing.
[04/29/2008, 12:33:39] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 12:33:39] - BHO 6: {AB69DE02-6E9C-4D8A-BF5B-5CBA896B0460} ()
[04/29/2008, 12:33:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:39] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 12:33:39] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 12:33:39] - BHO 7: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} (MSEvents Object)
[04/29/2008, 12:33:39] - ALERT: Found MSEvents Object!
[04/29/2008, 12:33:39] - Finished Searching Browser Helper Objects
[04/29/2008, 12:33:39] - *** Detected MSEvents Object
[04/29/2008, 12:33:39] - Trying to remove MSEvents Object...
[04/29/2008, 12:33:40] - Terminating Process: IEXPLORE.EXE
[04/29/2008, 12:33:45] - Terminating Process: RUNDLL32.EXE
[04/29/2008, 12:33:46] - Disabling Automatic Shell Restart
[04/29/2008, 12:33:46] - Terminating Process: EXPLORER.EXE
[04/29/2008, 12:33:47] - Suspending the NT Session Manager System Service
[04/29/2008, 12:33:48] - Terminating Windows NT Logon/Logoff Manager
[04/29/2008, 12:33:49] - Re-enabling Automatic Shell Restart
[04/29/2008, 12:33:49] - File to disable: C:\WINDOWS\system32\byXOeCro.dll
[04/29/2008, 12:33:49] - Renaming C:\WINDOWS\system32\byXOeCro.dll -> C:\WINDOWS\system32\byXOeCro.dll.vir
[04/29/2008, 12:33:49] - File successfully renamed!
[04/29/2008, 12:33:49] - Removing HKLM\...\Browser Helper Objects\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}
[04/29/2008, 12:33:50] - Removing HKCR\CLSID\{F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}
[04/29/2008, 12:33:50] - Adding Kill Bit for ActiveX for GUID: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F}
[04/29/2008, 12:33:50] - Deleting ATLEvents/MSEvents Registry entries
[04/29/2008, 12:33:50] - Removing HKLM\...\Winlogon\Notify\byXOeCro
[04/29/2008, 12:33:50] - Searching for Browser Helper Objects:
[04/29/2008, 12:33:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 12:33:50] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:50] - No filename found. Continuing.
[04/29/2008, 12:33:50] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 12:33:50] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2008, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:50] - No filename found. Continuing.
[04/29/2008, 12:33:50] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 12:33:50] - BHO 6: {AB69DE02-6E9C-4D8A-BF5B-5CBA896B0460} ()
[04/29/2008, 12:33:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 12:33:50] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 12:33:50] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 12:33:51] - Finished Searching Browser Helper Objects
[04/29/2008, 12:33:51] - Finishing up...
[04/29/2008, 12:33:51] - A restart is needed.
[04/29/2008, 12:34:34] - Attempting to Restart via STOP error (Blue Screen!)

[04/29/2008, 16:01:48] - VirtumundoBeGone v1.5 ( "E:\Downloads\VirtumundoBeGone.exe" )
[04/29/2008, 16:02:06] - Detected System Information:
[04/29/2008, 16:02:06] - Windows Version: 5.1.2600, Service Pack 2
[04/29/2008, 16:02:06] - Current Username: Michiel (Admin)
[04/29/2008, 16:02:06] - Windows is in NORMAL mode.
[04/29/2008, 16:02:06] - Searching for Browser Helper Objects:
[04/29/2008, 16:02:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 16:02:06] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 16:02:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 16:02:06] - No filename found. Continuing.
[04/29/2008, 16:02:06] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 16:02:06] - BHO 4: {7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF} ()
[04/29/2008, 16:02:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 16:02:06] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 16:02:06] - Found: HKLM\...\Winlogon\Notify\fccyaYqo - This is probably Virtumundo.
[04/29/2008, 16:02:06] - Assigning {7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF} MSEvents Object
[04/29/2008, 16:02:06] - BHO list has been changed! Starting over...
[04/29/2008, 16:02:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 16:02:06] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 16:02:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 16:02:06] - No filename found. Continuing.
[04/29/2008, 16:02:06] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 16:02:06] - BHO 4: {7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF} (MSEvents Object)
[04/29/2008, 16:02:06] - ALERT: Found MSEvents Object!
[04/29/2008, 16:02:06] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 16:02:07] - Finished Searching Browser Helper Objects
[04/29/2008, 16:02:07] - *** Detected MSEvents Object
[04/29/2008, 16:02:07] - Trying to remove MSEvents Object...
[04/29/2008, 16:02:08] - Terminating Process: IEXPLORE.EXE
[04/29/2008, 16:02:08] - Terminating Process: RUNDLL32.EXE
[04/29/2008, 16:02:08] - Disabling Automatic Shell Restart
[04/29/2008, 16:02:08] - Terminating Process: EXPLORER.EXE
[04/29/2008, 16:02:09] - Suspending the NT Session Manager System Service
[04/29/2008, 16:02:09] - Terminating Windows NT Logon/Logoff Manager
[04/29/2008, 16:02:09] - Re-enabling Automatic Shell Restart
[04/29/2008, 16:02:09] - File to disable: C:\WINDOWS\system32\fccyaYqo.dll
[04/29/2008, 16:02:09] - Renaming C:\WINDOWS\system32\fccyaYqo.dll -> C:\WINDOWS\system32\fccyaYqo.dll.vir
[04/29/2008, 16:02:09] - ! File rename was unsucessful.
[04/29/2008, 16:02:09] - Attempting to Deny Access to C:\WINDOWS\system32\fccyaYqo.dll
[04/29/2008, 16:02:10] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[04/29/2008, 16:02:10] - ERROR: Er is geen toewijzing uitgevoerd tussen accountnamen en beveiligings-ID's.

[04/29/2008, 16:02:10] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[04/29/2008, 16:02:10] - Removing HKLM\...\Browser Helper Objects\{7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF}
[04/29/2008, 16:02:11] - Removing HKCR\CLSID\{7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF}
[04/29/2008, 16:02:11] - Adding Kill Bit for ActiveX for GUID: {7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF}
[04/29/2008, 16:02:11] - Deleting ATLEvents/MSEvents Registry entries
[04/29/2008, 16:02:11] - Removing HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 16:02:11] - Searching for Browser Helper Objects:
[04/29/2008, 16:02:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2008, 16:02:11] - BHO 2: {140BD8E3-C167-11D4-B4A3-080000180323} ()
[04/29/2008, 16:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 16:02:11] - No filename found. Continuing.
[04/29/2008, 16:02:11] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2008, 16:02:11] - BHO 4: {7AEC8BA7-0248-4F11-A2EA-B0731C4E5DAF} ()
[04/29/2008, 16:02:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2008, 16:02:11] - Checking for HKLM\...\Winlogon\Notify\fccyaYqo
[04/29/2008, 16:02:11] - Key not found: HKLM\...\Winlogon\Notify\fccyaYqo, continuing.
[04/29/2008, 16:02:11] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
[04/29/2008, 16:02:11] - Finished Searching Browser Helper Objects
[04/29/2008, 16:02:11] - Finishing up...
[04/29/2008, 16:02:11] - A restart is needed.
[04/29/2008, 16:02:13] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of HijackThis v1.99.1
Scan saved at 16:05:45, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Michiel\Bureaublad\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noxa.net/badboy4life
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [9c61681c] rundll32.exe "C:\WINDOWS\system32\undssofm.dll",b
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BM9f525b80] Rundll32.exe "C:\WINDOWS\system32\bmdtwkls.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MoreNIU] "C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe" 45
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NPF Messenger.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://666darkmetal666.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160758506041
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

De foutmeldingen bij het opstarten zijn er nog steefs, en antivirus blijft nog altijd meldingen van trojans geven btw..
Pc is wel niet meer zo traag als gisteren.

**smeenk** · 29-04-08, 16:17

Download The Avenger en pak het programma uit op je bureaublad.
Open de map avenger en start het programma door op avenger.exe te dubbelklikken.
In het venster Input Script here, kopieer en plak je onderstaande dikgedrukte tekst:

Files to delete:
C:\WINDOWS\system32\fccyaYqo.dll

Klik daarna op de knop Execute.
The Avenger zal aangeven dat de computer gaat herstarten, sta dit toe.
Na reboot opent een logfile (avenger.txt). Post de inhoud van deze logfile met een nieuw logje van Hijackthis

**rockebaj** · 29-04-08, 18:38

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\fccyaYqo.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 18:37:52, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Xfire\xfire.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Michiel\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noxa.net/badboy4life
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F5F33A-4B24-4861-A99E-A75D10DCFC53} - C:\WINDOWS\system32\fccyaYqo.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [9c61681c] rundll32.exe "C:\WINDOWS\system32\undssofm.dll",b
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BM9f525b80] Rundll32.exe "C:\WINDOWS\system32\bmdtwkls.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MoreNIU] "C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe" 45
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NPF Messenger.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://666darkmetal666.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160758506041
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

**smeenk** · 29-04-08, 18:51

Start Hijackthis en vink alleen de onderstaande regels aan:
O2 - BHO: (no name) - {12F5F33A-4B24-4861-A99E-A75D10DCFC53} - C:\WINDOWS\system32\fccyaYqo.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O4 - HKLM\..\Run: [9c61681c] rundll32.exe "C:\WINDOWS\system32\undssofm.dll",b
O4 - HKLM\..\Run: [BM9f525b80] Rundll32.exe "C:\WINDOWS\system32\bmdtwkls.dll",s
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

Herstart je computer.

Post na de herstart een nieuw logje van Hijackthis en vertel of er nog problemen zijn

**rockebaj** · 29-04-08, 19:03

Logfile of HijackThis v1.99.1
Scan saved at 19:01:40, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Michiel\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noxa.net/badboy4life
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MoreNIU] "C:\Documents and Settings\Michiel\Mijn documenten\Norman Repair Center\Downloads\MoreNIU.exe" 45
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NPF Messenger.lnk = ?
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://666darkmetal666.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160758506041
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Program Files\Norman\NPF\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Geen problemen meer. De foutmeldingen zijn weg en antivirus laat ook niet meer van zich horen.
Hartelijk bedankt voor de moeite!
Echt topforum hier

**smeenk** · 29-04-08, 19:17

Graag gedaan hoor

Doe dit nog:
1) Open een kladblokbestand.
2) Kopieer onderstaande code in dit kladblokbestand.
3) Ga naar Bestand - Opslaan als.
-Bij "Opslaan in" kies je: Bureaublad
-Bij "Bestandsnaam" zet je: fix.reg
-Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
-Klik op de knop Opslaan.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

4) Dubbelklik op de fix.reg file en laat de wijzigingen aan het register toevoegen.

Download ATF cleaner (mirror)(gemaakt door Atribune)

Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

Dubbelklik op ATF cleaner om het programma te starten.
Op het tabblad "Main", plaats je een vinkje bij Select All.
Klik op de knop Empty Selected.

Het volgende doen als je ook FireFox als browser hebt:
Klik op tabblad "Firefox", plaats een vinkje bij Select All.
Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
(dit haalt het vinkje weer weg bij "Firefox saved passwords")
Klik op de knop Empty Selected.

Het volgende doen als je ook Opera als browser hebt:
Klik op tabblad "Opera", plaats een vinkje bij Select All.
Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
Klik op de knop Empty Selected.
Ga naar het tabblad "Main" en klik op de knop Exit om het programma af te sluiten.

Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
Kijk hier hoe je je systeemherstel moet uitschakelen.
Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

Mededeling

Trage pc vol trojans

Trage pc vol trojans

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment