Mededeling

**smeenk** · 25-05-08, 19:09

Download Malwarebytes' Anti-Malware via hier of hier.

Dubbelklik mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw logje van Hijackthis.

Extra opmerking:
Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

**tlpeter** · 25-05-08, 20:05

Ik kan op geen enkele manier het programma geinstalleerd krijgen

Ook deze website bezoeken gaat niet ( met de geinfecteerde pc)
Wat ik ook doe ik krijg het niet voor elkaar
Als ik ping naar www.nucia.eu dan krijg ik 127.0.0.1 als IP-adres.

Wat kan ik nog meer doen ?

**smeenk** · 25-05-08, 20:37

Download: RVAXO.exe

Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
Start de computer in veilige modus.
Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
Post de inhoud van de logfile in je volgende bericht.

Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

**tlpeter** · 25-05-08, 21:18

Hier de logfiles.

---RVAXO.exe Updated: 2008-05-25---first run---
Uninstallers:

Files found:
C:\WINDOWS\BM379682a4.xml
C:\WINDOWS\BM379682a4.txt
C:\WINDOWS\system32\rBJRAGgh.ini2
C:\WINDOWS\system32\rqYcdfii.ini2
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\WinCtrl32.dll
C:\WINDOWS\system32\mcrh.tmp

Folders Found:
C:\WINDOWS\system32\Cache

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------

======C:\WINDOWS====
----a-w 0 2008-05-25 19:07:36 C:\WINDOWS\0.log
----a-w 69,632 2008-04-18 16:58:24 C:\WINDOWS\Alcmtr.exe
----a-w 2,808,832 2008-04-18 16:58:24 C:\WINDOWS\alcwzrd.exe
--s-a-w 2,048 2008-05-25 19:06:46 C:\WINDOWS\bootstat.dat
----a-w 200 2008-04-18 15:00:43 C:\WINDOWS\cmsetacl.log
----a-w 4,308 2008-04-29 18:21:14 C:\WINDOWS\COM+.log
----a-w 276,380 2008-05-14 05:07:34 C:\WINDOWS\comsetup.log
----a-w 0 2008-04-18 13:49:24 C:\WINDOWS\control.ini
----a-w 12,282 2008-05-13 07:22:12 C:\WINDOWS\DPINST.LOG
----a-w 360 2008-04-18 15:09:54 C:\WINDOWS\DtcInstall.log
----a-w 794,055 2008-05-14 05:07:34 C:\WINDOWS\FaxSetup.log
----a-w 29,370 2008-04-18 17:49:48 C:\WINDOWS\IDNMitigationAPIs.log
----a-w 73,573 2008-04-18 17:53:13 C:\WINDOWS\ie7.log
----a-w 39,570 2008-04-18 17:55:57 C:\WINDOWS\ie7_main.log
----a-w 1,079,230 2008-05-14 05:07:34 C:\WINDOWS\iis6.log
----a-w 1,374 2008-05-13 07:38:33 C:\WINDOWS\imsins.BAK
----a-w 1,374 2008-05-14 05:07:34 C:\WINDOWS\imsins.log
----a-w 4,100 2008-04-18 14:45:48 C:\WINDOWS\KB835409.log
----a-w 5,970 2008-04-18 14:24:27 C:\WINDOWS\KB842773.log
----a-w 12,249 2008-04-18 15:30:27 C:\WINDOWS\KB873333.log
----a-w 24,009 2008-04-18 15:14:21 C:\WINDOWS\KB873339.log
----a-w 27,257 2008-04-18 15:15:51 C:\WINDOWS\KB885835.log
----a-w 26,266 2008-04-18 15:15:44 C:\WINDOWS\KB885836.log
----a-w 12,110 2008-04-18 17:37:28 C:\WINDOWS\KB886185.log
----a-w 28,506 2008-04-18 17:42:01 C:\WINDOWS\KB887472.log
----a-w 4,533 2008-04-18 17:00:28 C:\WINDOWS\KB888111.log
----a-w 20,132 2008-04-18 15:12:25 C:\WINDOWS\KB888302.log
----a-w 23,870 2008-04-18 15:13:23 C:\WINDOWS\KB890046.log
----a-w 18,607 2008-04-18 15:10:28 C:\WINDOWS\KB890859.log
----a-w 22,920 2008-04-18 15:13:29 C:\WINDOWS\KB891781.log
----a-w 5,436 2008-04-18 14:25:14 C:\WINDOWS\KB892130.log
----a-w 4,814 2008-04-18 14:47:53 C:\WINDOWS\KB892944.log
----a-w 26,220 2008-04-18 15:14:46 C:\WINDOWS\KB893756.log
----a-w 6,971 2008-04-18 14:24:52 C:\WINDOWS\KB893803v2.log
----a-w 17,039 2008-04-18 17:36:43 C:\WINDOWS\KB894391.log
----a-w 24,529 2008-04-18 15:14:00 C:\WINDOWS\KB896358.log
----a-w 25,715 2008-04-18 15:14:27 C:\WINDOWS\KB896423.log
----a-w 26,604 2008-04-18 15:14:53 C:\WINDOWS\KB896424.log
----a-w 17,138 2008-04-18 15:10:54 C:\WINDOWS\KB896428.log
----a-w 8,106 2008-04-18 14:25:06 C:\WINDOWS\KB898461.log
----a-w 29,336 2008-04-18 15:16:12 C:\WINDOWS\KB899587.log
----a-w 5,507 2008-04-18 14:48:59 C:\WINDOWS\KB899589.log
----a-w 26,414 2008-04-18 15:15:06 C:\WINDOWS\KB899591.log
----a-w 37,831 2008-04-18 17:44:40 C:\WINDOWS\KB900485.log
----a-w 21,941 2008-04-18 15:11:42 C:\WINDOWS\KB900725.log
----a-w 26,091 2008-04-18 15:15:14 C:\WINDOWS\KB901017.log
----a-w 21,569 2008-04-18 15:12:44 C:\WINDOWS\KB901214.log
----a-w 38,714 2008-04-18 17:40:58 C:\WINDOWS\KB902400.log
----a-w 19,247 2008-04-18 15:11:28 C:\WINDOWS\KB904706.log
----a-w 60,730 2008-04-18 17:47:43 C:\WINDOWS\KB904942.log
----a-w 22,629 2008-04-18 15:12:56 C:\WINDOWS\KB905414.log
----a-w 5,947 2008-04-18 14:49:42 C:\WINDOWS\KB905495.log
----a-w 18,891 2008-04-18 15:11:13 C:\WINDOWS\KB905749.log
----a-w 17,363 2008-04-18 15:10:48 C:\WINDOWS\KB908519.log
----a-w 19,283 2008-04-18 15:11:22 C:\WINDOWS\KB908531.log
----a-w 17,882 2008-04-18 15:13:52 C:\WINDOWS\KB910437.log
----a-w 25,790 2008-04-18 15:14:40 C:\WINDOWS\KB911280.log
----a-w 26,382 2008-04-18 15:14:33 C:\WINDOWS\KB911562.log
----a-w 12,948 2008-04-18 15:13:46 C:\WINDOWS\KB911564.log
----a-w 4,175 2008-04-18 15:30:09 C:\WINDOWS\KB911565.log
----a-w 26,538 2008-04-18 15:15:26 C:\WINDOWS\KB911927.log
----a-w 19,546 2008-04-18 15:11:33 C:\WINDOWS\KB912919.log
----a-w 18,687 2008-04-18 15:11:02 C:\WINDOWS\KB913580.log
----a-w 23,824 2008-04-18 15:13:10 C:\WINDOWS\KB914388.log
----a-w 17,144 2008-04-18 15:10:35 C:\WINDOWS\KB914389.log
----a-w 29,488 2008-04-18 17:47:51 C:\WINDOWS\KB914440.log
----a-w 30,932 2008-04-18 17:49:03 C:\WINDOWS\KB915865.log
----a-w 17,391 2008-04-18 17:37:19 C:\WINDOWS\KB916595.log
----a-w 22,213 2008-04-18 15:13:04 C:\WINDOWS\KB917344.log
----a-w 21,208 2008-04-18 15:12:31 C:\WINDOWS\KB917422.log
----a-w 21,839 2008-04-18 15:12:50 C:\WINDOWS\KB917953.log
----a-w 23,477 2008-04-18 17:38:54 C:\WINDOWS\KB918118.log
----a-w 28,472 2008-04-18 17:41:09 C:\WINDOWS\KB918439.log
----a-w 23,233 2008-04-18 15:13:17 C:\WINDOWS\KB919007.log
----a-w 20,814 2008-04-18 17:38:06 C:\WINDOWS\KB920213.log
----a-w 23,467 2008-04-18 15:13:35 C:\WINDOWS\KB920670.log
----a-w 17,661 2008-04-18 15:10:41 C:\WINDOWS\KB920683.log
----a-w 25,986 2008-04-18 15:15:00 C:\WINDOWS\KB920685.log
----a-w 27,092 2008-04-18 17:40:31 C:\WINDOWS\KB920872.log
----a-w 25,076 2008-04-18 15:14:09 C:\WINDOWS\KB921398.log
----a-w 27,134 2008-04-18 15:15:32 C:\WINDOWS\KB921883.log
----a-w 18,473 2008-04-18 17:39:13 C:\WINDOWS\KB922582.log
----a-w 25,779 2008-04-18 15:15:20 C:\WINDOWS\KB922616.log
----a-w 28,699 2008-04-18 15:15:59 C:\WINDOWS\KB922819.log
----a-w 19,078 2008-04-18 15:12:37 C:\WINDOWS\KB923191.log
----a-w 27,141 2008-04-18 15:15:39 C:\WINDOWS\KB923414.log
----a-w 38,999 2008-04-18 17:45:13 C:\WINDOWS\KB923980.log
----a-w 28,433 2008-04-18 15:16:06 C:\WINDOWS\KB924191.log
----a-w 37,133 2008-04-18 17:44:26 C:\WINDOWS\KB924270.log
----a-w 24,907 2008-04-18 15:14:15 C:\WINDOWS\KB924496.log
----a-w 35,351 2008-04-18 17:44:48 C:\WINDOWS\KB924667.log
----a-w 20,905 2008-04-18 17:41:45 C:\WINDOWS\KB925398.log
----a-w 29,986 2008-04-18 17:41:27 C:\WINDOWS\KB925902.log
----a-w 22,309 2008-04-18 17:38:44 C:\WINDOWS\KB926255.log
----a-w 25,032 2008-04-18 17:40:38 C:\WINDOWS\KB926436.log
----a-w 62,525 2008-04-18 17:57:08 C:\WINDOWS\KB927779.log
----a-w 59,218 2008-04-18 17:56:59 C:\WINDOWS\KB927802.log
----a-w 23,834 2008-04-18 17:42:47 C:\WINDOWS\KB927891.log
----a-w 59,749 2008-04-18 17:56:20 C:\WINDOWS\KB928255.log
----a-w 15,382 2008-04-18 17:36:21 C:\WINDOWS\KB928843.log
----a-w 29,029 2008-04-18 17:41:18 C:\WINDOWS\KB929123.log
----a-w 25,434 2008-04-18 17:40:06 C:\WINDOWS\KB930178.log
----a-w 17,572 2008-04-18 17:37:11 C:\WINDOWS\KB930916.log
----a-w 35,713 2008-04-18 17:44:17 C:\WINDOWS\KB931261.log
----a-w 60,431 2008-04-18 17:56:10 C:\WINDOWS\KB931784.log
----a-w 26,069 2008-04-18 17:39:24 C:\WINDOWS\KB932168.log
----a-w 31,722 2008-04-18 17:45:21 C:\WINDOWS\KB933729.log
----a-w 6,308 2008-04-18 18:04:00 C:\WINDOWS\KB935448.log
----a-w 17,392 2008-04-18 17:36:58 C:\WINDOWS\KB935839.log
----a-w 19,140 2008-04-18 17:37:55 C:\WINDOWS\KB935840.log
----a-w 38,370 2008-04-18 17:45:05 C:\WINDOWS\KB936021.log
----a-w 29,675 2008-04-18 17:42:30 C:\WINDOWS\KB936357.log
----a-w 26,576 2008-04-18 17:44:09 C:\WINDOWS\KB936782.log
----a-w 60,856 2008-04-18 17:56:40 C:\WINDOWS\KB937894.log
----a-w 14,592 2008-04-19 16:58:33 C:\WINDOWS\KB938127-IE7.log
----a-w 21,582 2008-04-18 17:38:22 C:\WINDOWS\KB938127.log
----a-w 37,873 2008-04-18 17:44:56 C:\WINDOWS\KB938828.log
----a-w 12,513 2008-04-30 08:22:39 C:\WINDOWS\KB939373.log
----a-w 23,033 2008-04-18 17:39:03 C:\WINDOWS\KB941202.log
----a-w 21,498 2008-04-18 17:38:37 C:\WINDOWS\KB941568.log
----a-w 17,341 2008-04-18 17:39:59 C:\WINDOWS\KB941569.log
----a-w 36,054 2008-04-18 17:43:40 C:\WINDOWS\KB941644.log
----a-w 29,466 2008-04-18 17:42:13 C:\WINDOWS\KB941693.log
----a-w 80,729 2008-04-18 17:54:32 C:\WINDOWS\KB942615-IE7.log
----a-w 37,164 2008-04-18 17:40:19 C:\WINDOWS\KB942763.log
----a-w 12,211 2008-04-30 08:22:48 C:\WINDOWS\KB942830.log
----a-w 12,031 2008-04-30 08:22:28 C:\WINDOWS\KB942831.log
----a-w 17,031 2008-04-18 17:36:50 C:\WINDOWS\KB943055.log
----a-w 52,717 2008-04-18 17:56:51 C:\WINDOWS\KB943460.log
----a-w 18,773 2008-04-18 17:37:46 C:\WINDOWS\KB943485.log
----a-w 22,772 2008-04-18 17:38:14 C:\WINDOWS\KB944338.log
----a-w 70,478 2008-04-18 17:55:14 C:\WINDOWS\KB944533-IE7.log
----a-w 14,898 2008-04-18 17:36:34 C:\WINDOWS\KB944653.log
----a-w 18,714 2008-04-18 17:37:38 C:\WINDOWS\KB945553.log
----a-w 29,469 2008-04-18 17:41:53 C:\WINDOWS\KB946026.log
----a-w 65,302 2008-04-18 17:55:53 C:\WINDOWS\KB947864-IE7.log
----a-w 40,276 2008-04-18 17:43:28 C:\WINDOWS\KB947864.log
----a-w 21,809 2008-04-18 17:38:29 C:\WINDOWS\KB948590.log
----a-w 51,481 2008-04-18 17:56:27 C:\WINDOWS\KB948881.log
----a-w 14,205 2008-05-14 05:07:34 C:\WINDOWS\KB950749.log
----a-w 54,920 2008-05-14 05:07:34 C:\WINDOWS\medctroc.Log
--sh--r 0 2008-05-24 07:56:58 C:\WINDOWS\megavid.cdt
----a-w 2,158,592 2008-04-18 16:58:24 C:\WINDOWS\MicCal.exe
----a-w 40,625 2008-05-14 05:07:34 C:\WINDOWS\msgsocm.log
----a-w 261,624 2008-05-14 05:07:33 C:\WINDOWS\msmqinst.log
----a-w 295,086 2008-05-14 05:06:54 C:\WINDOWS\msxml4-KB936181-enu.LOG
----a-w 511,498 2008-05-14 05:07:42 C:\WINDOWS\msxml6-KB933579-enu-x86.LOG
--sh--r 33 2008-05-24 07:56:57 C:\WINDOWS\muotr.so
----a-w 69 2008-05-22 09:48:18 C:\WINDOWS\NeroDigital.ini
----a-w 140,321 2008-05-14 05:07:34 C:\WINDOWS\netfxocm.log
----a-w 29,061 2008-04-18 17:49:21 C:\WINDOWS\NLSDownlevelMapping.log
----a-w 349 2008-04-20 05:08:17 C:\WINDOWS\nsw.log
----a-w 586,802 2008-05-24 15:38:15 C:\WINDOWS\ntbtlog.txt
----a-w 167,981 2008-05-14 05:07:34 C:\WINDOWS\ntdtcsetup.log
----a-w 403,360 2008-05-14 05:07:34 C:\WINDOWS\ocgen.log
----a-w 49,879 2008-05-14 05:07:34 C:\WINDOWS\ocmsn.log
----a-w 4,207 2008-04-18 13:49:13 C:\WINDOWS\ODBCINST.INI
----a-w 1,178 2008-04-18 15:08:03 C:\WINDOWS\OEWABLog.txt
----a-w 1,409 2008-04-20 17:14:31 C:\WINDOWS\QTFont.for
---ha-w 54,156 2008-05-25 17:57:59 C:\WINDOWS\QTFont.qfn
----a-w 8,192 2008-04-18 13:54:22 C:\WINDOWS\REGLOCS.OLD
----a-w 1,672 2008-04-18 15:39:06 C:\WINDOWS\regopt.log
----a-w 16,207,360 2008-04-18 16:58:25 C:\WINDOWS\RTHDCPL.exe
----a-w 9,709,568 2008-04-18 16:58:26 C:\WINDOWS\RTLCPL.exe
----a-w 487,424 2008-04-18 16:58:22 C:\WINDOWS\RtlExUpd.dll
----a-w 364,544 2008-04-18 16:58:26 C:\WINDOWS\RtlUpd.exe
----a-w 32,600 2008-05-25 18:57:27 C:\WINDOWS\SchedLgU.Txt
----a-w 1,277 2008-04-18 14:59:42 C:\WINDOWS\sessmgr.setup.log
------w 249,856 2008-05-06 14:37:08 C:\WINDOWS\Setup1.exe
----a-w 182,252 2008-05-24 13:21:52 C:\WINDOWS\setupact.log
----a-w 1,042,690 2008-05-24 11:18:54 C:\WINDOWS\setupapi.log
----a-w 0 2008-04-18 15:37:58 C:\WINDOWS\setuperr.log
----a-w 740,069 2008-04-18 15:07:41 C:\WINDOWS\setuplog.txt
----a-w 1,448,960 2008-04-18 16:58:26 C:\WINDOWS\SkyTel.exe
----a-w 86,016 2008-04-18 16:58:27 C:\WINDOWS\SoundMan.exe
----a-w 36,914 2008-04-18 18:00:23 C:\WINDOWS\spupdsvc.log
----a-w 74,752 2008-05-06 14:36:52 C:\WINDOWS\ST6UNST.EXE
----a-w 0 2008-04-18 15:41:28 C:\WINDOWS\Sti_Trace.log
----a-w 468,319 2008-04-18 15:04:28 C:\WINDOWS\svcpack.log
----a-w 227 2008-05-25 19:01:51 C:\WINDOWS\system.ini
----a-w 40,699 2008-05-14 05:07:34 C:\WINDOWS\tabletoc.log
----a-w 373,965 2008-05-14 05:07:34 C:\WINDOWS\tsoc.log
----a-w 74,467 2008-04-30 08:22:37 C:\WINDOWS\updspapi.log
----a-w 36 2008-04-18 13:45:47 C:\WINDOWS\vb.ini
----a-w 37 2008-04-18 13:45:47 C:\WINDOWS\vbaddin.ini
----a-w 300 2008-05-21 18:50:41 C:\WINDOWS\wcx_ftp.ini
----a-w 6,004 2008-05-13 07:38:33 C:\WINDOWS\Wdf01005Inst.log
----a-w 623 2008-05-21 14:51:13 C:\WINDOWS\wiadebug.log
----a-w 49 2008-05-21 14:51:13 C:\WINDOWS\wiaservc.log
----a-w 562 2008-05-25 19:01:51 C:\WINDOWS\win.ini
----a-w 2,372 2008-05-23 10:34:25 C:\WINDOWS\wincmd.ini
----a-w 280 2008-04-18 13:48:57 C:\WINDOWS\Windows Update.log
---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\WindowsShell.Manifest
----a-w 2,020,845 2008-05-25 18:57:22 C:\WINDOWS\WindowsUpdate.log
----a-w 25,770 2008-05-21 11:57:37 C:\WINDOWS\wmsetup.log
----a-w 316,640 2008-05-12 18:13:23 C:\WINDOWS\WMSysPr9.prx
----a-w 299,552 2008-04-18 13:49:21 C:\WINDOWS\WMSysPrx.prx

Entries: 197 (192)
Directories: 0 Files: 197
Bytes: 47,423,605 Blocks: 92,706
======C:\WINDOWS\system32=====
----a-w 261 2008-04-18 13:51:48 C:\WINDOWS\System32\$winnt$.inf
----a-w 82,944 2008-05-18 19:40:36 C:\WINDOWS\System32\404Fix.exe
--sh--r 130,048 2008-05-24 07:57:48 C:\WINDOWS\System32\adsldpd.exe
----a-w 299,008 2008-04-18 16:58:24 C:\WINDOWS\System32\ALSndMgr.Cpl
----a-w 16,832 2008-04-18 13:49:22 C:\WINDOWS\System32\amcompat.tlb
----a-w 14,962 2008-04-28 12:37:19 C:\WINDOWS\System32\asucoins.dll
----a-w 258,048 2008-04-18 17:01:38 C:\WINDOWS\System32\ati2cqag.dll
----a-w 257,536 2008-04-18 17:01:38 C:\WINDOWS\System32\ati2dvag.dll
----a-w 41,984 2008-04-18 17:01:39 C:\WINDOWS\System32\ati2edxx.dll
----a-w 61,440 2008-04-18 17:01:40 C:\WINDOWS\System32\ati2evxx.dll
----a-w 405,504 2008-04-18 17:01:40 C:\WINDOWS\System32\ati2evxx.exe
----a-w 26,112 2008-04-18 17:01:42 C:\WINDOWS\System32\Ati2mdxx.exe
----a-w 2,662,752 2008-04-18 17:01:43 C:\WINDOWS\System32\ati3duag.dll
----a-w 53,248 2008-04-18 17:01:44 C:\WINDOWS\System32\ATIDDC.DLL
----a-w 286,720 2008-04-18 17:01:44 C:\WINDOWS\System32\ATIDEMGR.dll
----a-w 6,005 2008-04-18 17:01:44 C:\WINDOWS\System32\atifglpf.xml
----a-w 125,796 2008-04-18 17:01:44 C:\WINDOWS\System32\atiicdxx.dat
----a-w 307,200 2008-04-18 17:01:44 C:\WINDOWS\System32\atiiiexx.dll
----a-w 151,552 2008-04-18 17:01:44 C:\WINDOWS\System32\atikvmag.dll
----a-w 6,684,672 2008-04-18 17:01:45 C:\WINDOWS\System32\atioglx1.dll
----a-w 5,025,792 2008-04-18 17:01:46 C:\WINDOWS\System32\atioglxx.dll
----a-w 114,688 2008-04-18 17:01:46 C:\WINDOWS\System32\atipdlxx.dll
----a-w 17,408 2008-04-18 17:01:46 C:\WINDOWS\System32\atitvo32.dll
----a-w 24,064 2008-04-18 17:01:46 C:\WINDOWS\System32\ativcoxx.dll
----a-w 1,130,848 2008-04-18 17:01:46 C:\WINDOWS\System32\ativvaxx.dll
----a-w 1,785,856 2008-04-21 10:09:12 C:\WINDOWS\System32\AvBrand.dll
----a-w 2,560 2008-05-23 19:38:55 C:\WINDOWS\System32\bitcometres.dll
--sh--w 1,402,488 2008-05-25 18:02:36 C:\WINDOWS\System32\bstjbgbq.ini
----a-w 146,650 2008-04-18 17:13:14 C:\WINDOWS\System32\BuzzingBee.wav
----a-w 69,632 2008-04-21 09:43:42 C:\WINDOWS\System32\CallFlowDrawing.dll
----a-w 174,096 2008-04-28 12:37:20 C:\WINDOWS\System32\capi2032.dll
---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\cdplayer.exe.manifest
----a-w 40,960 2008-04-18 16:58:21 C:\WINDOWS\System32\ChCfg.exe
----a-w 21,589 2008-05-25 18:57:23 C:\WINDOWS\System32\Config.MPF
----a-w 2,845 2008-04-18 13:49:24 C:\WINDOWS\System32\CONFIG.NT
----a-w 21,748 2008-04-18 13:46:01 C:\WINDOWS\System32\emptyregdb.dat
----a-w 265,416 2008-04-20 16:13:06 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 0 2008-04-18 15:43:14 C:\WINDOWS\System32\h323log.txt
--sh--w 1,401,776 2008-05-25 11:29:44 C:\WINDOWS\System32\hxlqgstu.ini
----a-w 82,944 2008-05-18 19:40:36 C:\WINDOWS\System32\IEDFix.exe
----a-w 2,560 2008-05-25 16:18:10 C:\WINDOWS\System32\iroxalir.exe
----a-w 9,354 2008-05-19 15:20:28 C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log
----a-w 6,300 2008-05-22 13:09:13 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
----a-w 136,704 2008-05-25 11:32:39 C:\WINDOWS\System32\kknclpnt.dll
----a-w 125,440 2008-05-25 11:27:12 C:\WINDOWS\System32\ksfntxtx.dll
----a-w 90,112 2008-04-28 12:37:20 C:\WINDOWS\System32\linkcfg.dll
----a-w 49,152 2008-04-28 12:37:20 C:\WINDOWS\System32\linklt.dll
----a-w 45,056 2008-04-28 12:37:20 C:\WINDOWS\System32\linkmlp.dll
----a-w 172,032 2008-04-28 12:37:20 C:\WINDOWS\System32\linkrc.dll
----a-w 229,376 2008-04-28 12:37:20 C:\WINDOWS\System32\linksts.exe
----a-w 36,864 2008-04-28 12:37:20 C:\WINDOWS\System32\linkupg.dll
---ha-r 488 2008-04-18 13:48:23 C:\WINDOWS\System32\logonui.exe.manifest
----a-w 940,794 2008-04-18 17:13:14 C:\WINDOWS\System32\LoopyMusic.wav
----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
---ha-r 749 2008-04-18 13:48:17 C:\WINDOWS\System32\ncpa.cpl.manifest
----a-w 136,704 2008-05-25 16:21:10 C:\WINDOWS\System32\nlrugnik.dll
----a-w 23,392 2008-04-18 13:49:22 C:\WINDOWS\System32\nscompat.tlb
---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\nwc.cpl.manifest
----a-w 77,824 2008-04-18 17:01:46 C:\WINDOWS\System32\Oemdspif.dll
----a-w 83,780 2008-04-29 17:52:09 C:\WINDOWS\System32\perfc009.dat
----a-w 106,278 2008-04-29 17:52:09 C:\WINDOWS\System32\perfc013.dat
----a-w 460,846 2008-04-29 17:52:09 C:\WINDOWS\System32\perfh009.dat
----a-w 531,450 2008-04-29 17:52:09 C:\WINDOWS\System32\perfh013.dat
----a-w 1,151,770 2008-04-29 17:52:09 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 57,344 2008-05-24 07:56:33 C:\WINDOWS\System32\pmnmmmlJ.dll
----a-w 115,712 2008-05-25 16:21:19 C:\WINDOWS\System32\qbgbjtsb.dll
--sh--w 1,402,076 2008-05-25 16:10:32 C:\WINDOWS\System32\qpdcbvfg.ini
--sha-w 317,731 2008-05-25 14:31:55 C:\WINDOWS\System32\rBJRAGgh.ini
----a-w 308 2008-04-18 17:23:29 C:\WINDOWS\System32\results.txt
--sha-w 316,573 2008-05-25 17:31:27 C:\WINDOWS\System32\rqYcdfii.ini
----a-w 135,168 2008-04-18 16:58:26 C:\WINDOWS\System32\RtlCPAPI.dll
----a-w 266,240 2008-04-18 16:58:26 C:\WINDOWS\System32\RTSndMgr.Cpl
----a-w 827,132 2008-05-25 16:59:52 C:\WINDOWS\System32\RVAXO.bat
---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\sapi.cpl.manifest
----a-w 125,440 2008-05-25 16:15:57 C:\WINDOWS\System32\sjhxfhib.dll
----a-w 259 2008-04-18 15:07:33 C:\WINDOWS\System32\spupdwxp.log
----a-w 78,378 2008-05-24 14:27:27 C:\WINDOWS\System32\spywarewarning2.mht
----a-w 3,812 2008-05-24 13:16:34 C:\WINDOWS\System32\tmp.reg
----a-w 0 2008-05-24 13:16:34 C:\WINDOWS\System32\tmp.txt
----a-w 77,824 2008-04-18 17:41:48 C:\WINDOWS\System32\tosmreg.exe
----a-w 138,760 2008-04-18 17:40:15 C:\WINDOWS\System32\TZLog.log
----a-w 86,528 2008-05-15 21:22:46 C:\WINDOWS\System32\VACFix.exe
----a-w 2,560 2008-05-25 11:29:47 C:\WINDOWS\System32\wasqahuf.exe
----a-w 14,336 2008-05-25 19:06:46 C:\WINDOWS\System32\WinCtrl32.dllRVAXO
---ha-r 488 2008-04-18 13:48:23 C:\WINDOWS\System32\WindowsLogon.manifest
----a-w 25,065 2008-04-18 13:55:44 C:\WINDOWS\System32\wmpscheme.xml
----a-w 13,646 2008-04-18 14:31:01 C:\WINDOWS\System32\wpa.bak
----a-w 13,646 2008-05-24 11:19:14 C:\WINDOWS\System32\wpa.dbl
---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\wuaucpl.cpl.manifest

Entries: 90 (77)
Directories: 0 Files: 90
Bytes: 48,919,527 Blocks: 95,568
======C:\WINDOWS\system32\drivers=====
----a-w 21,035 2008-04-18 17:23:15 C:\WINDOWS\System32\drivers\AegisP.sys
----a-w 547,072 2008-04-20 05:21:41 C:\WINDOWS\System32\drivers\ar5211.sys
----a-w 40,960 2008-04-18 17:01:40 C:\WINDOWS\System32\drivers\ati2erec.dll
----a-w 1,523,712 2008-04-18 17:01:42 C:\WINDOWS\System32\drivers\ati2mtag.sys
----a-w 1,114,674 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativcaxx.cpa
----a-w 929 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativcaxx.vp
----a-w 58,560 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativckxx.vp
----a-w 27,568 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativvpxx.vp
----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
----a-w 1,712 2008-04-18 16:58:21 C:\WINDOWS\System32\drivers\HDACfg.dat
----a-w 609,635 2008-04-28 12:37:20 C:\WINDOWS\System32\drivers\linkisdn.sys
---ha-w 0 2008-05-13 07:38:49 C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
---ha-w 0 2008-05-13 07:38:51 C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
----a-w 4,273,152 2008-04-18 16:58:26 C:\WINDOWS\System32\drivers\RtkHDAud.Sys
----a-w 716,272 2008-05-24 07:26:19 C:\WINDOWS\System32\drivers\sptd.sys
----a-w 47,968 2008-04-28 12:37:19 C:\WINDOWS\System32\drivers\wanlink.sys
----a-w 29,056 2008-05-25 18:02:15 C:\WINDOWS\System32\drivers\wfM86.sys

Entries: 19 (17)
Directories: 0 Files: 19
Bytes: 9,056,561 Blocks: 17,695
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
----a-w 0 2008-04-18 13:49:24 C:\AUTOEXEC.BAT
--sha-r 211 2008-05-25 19:01:51 C:\boot.ini
----a-w 0 2008-04-18 13:49:24 C:\CONFIG.SYS
----a-w 4,194,304 2008-05-24 16:18:12 C:\DbgOut.txt
----a-w 485 2008-05-25 19:05:34 C:\firstrun6.log
--sha-w 1,475,530,752 2008-05-25 19:06:44 C:\hiberfil.sys
--sha-r 0 2008-04-18 13:49:24 C:\IO.SYS
----a-w 97,280 2008-04-24 08:00:49 C:\IPServicesdb.tar
----a-w 1,649,976 2008-05-25 17:25:22 C:\mbam-setup.exe
--sha-r 0 2008-04-18 13:49:24 C:\MSDOS.SYS
--sha-r 47,564 2008-04-18 14:53:09 C:\NTDETECT.COM
--sha-r 251,184 2008-04-18 14:53:09 C:\ntldr
--sha-w 2,145,386,496 2008-05-25 19:06:42 C:\pagefile.sys
----a-w 1,645 2008-05-24 13:22:40 C:\rapport.txt
----a-w 620 2008-05-25 19:10:39 C:\RVAXO-results.log
----a-w 23,940 2008-05-25 19:10:40 C:\RVAXO-Vfind.log

Entries: 16 (9)
Directories: 0 Files: 16
Bytes: 3,627,184,457 Blocks: 7,084,348
======C:\Documents and Settings\Peter\Application Data======
--sha-w 62 2008-04-18 15:38:38 C:\Documents and Settings\Peter\Application Data\desktop.ini

Entries: 1 (0)
Directories: 0 Files: 1
Bytes: 62 Blocks: 1
======C:\Documents and Settings\Peter======
----a-w 646 2008-05-21 12:31:31 C:\Documents and Settings\Peter\address.ser
---ha-w 3,932,160 2008-05-25 19:05:51 C:\Documents and Settings\Peter\NTUSER.DAT
---ha-w 36,864 2008-05-25 19:10:07 C:\Documents and Settings\Peter\ntuser.dat.LOG
--sh--w 188 2008-05-25 18:57:21 C:\Documents and Settings\Peter\ntuser.ini

Entries: 4 (1)
Directories: 0 Files: 4
Bytes: 3,969,858 Blocks: 7,755
======C:\WINDOWS\Downloaded Program Files====
---h--w 65 2008-04-18 13:48:23 C:\WINDOWS\Downloaded Program Files\desktop.ini

Entries: 1 (0)
Directories: 0 Files: 1
Bytes: 65 Blocks: 1
=============

**smeenk** · 25-05-08, 23:48

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\bstjbgbq.ini
C:\WINDOWS\System32\hxlqgstu.ini
C:\WINDOWS\System32\iroxalir.exe
C:\WINDOWS\System32\kknclpnt.dll
C:\WINDOWS\System32\ksfntxtx.dll
C:\WINDOWS\System32\nlrugnik.dll
C:\WINDOWS\System32\pmnmmmlJ.dll
C:\WINDOWS\System32\qbgbjtsb.dll
C:\WINDOWS\System32\qpdcbvfg.ini
C:\WINDOWS\System32\rBJRAGgh.ini
C:\WINDOWS\System32\rqYcdfii.ini
C:\WINDOWS\System32\sjhxfhib.dll
C:\WINDOWS\System32\spywarewarning2.mht
C:\WINDOWS\System32\tmp.reg
C:\WINDOWS\System32\tmp.txt
C:\WINDOWS\System32\wasqahuf.exe
C:\WINDOWS\System32\WinCtrl32.dllRVAXO
C:\WINDOWS\System32\WinCtrl32.dll
C:\WINDOWS\System32\WinCtrl32.dl_
C:\WINDOWS\System32\drivers\wfM86.sys
C:\WINDOWS\System32\adsldpd.exe
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
REN %%g *NUCIA
IF EXIST %%gNUCIA (
ECHO renamed to %%gNUCIA>>log.txt)
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

**tlpeter** · 26-05-08, 08:56

Hier de log

Deleting files
C:\WINDOWS\System32\bstjbgbq.ini deleted
C:\WINDOWS\System32\hxlqgstu.ini deleted
C:\WINDOWS\System32\iroxalir.exe deleted
C:\WINDOWS\System32\kknclpnt.dll deleted
C:\WINDOWS\System32\ksfntxtx.dll deleted
renamed to C:\WINDOWS\System32\nlrugnik.dllNUCIA
C:\WINDOWS\System32\nlrugnik.dll deleted
C:\WINDOWS\System32\pmnmmmlJ.dll not deleted
renamed to C:\WINDOWS\System32\qbgbjtsb.dllNUCIA
C:\WINDOWS\System32\qbgbjtsb.dll deleted
C:\WINDOWS\System32\qpdcbvfg.ini deleted
C:\WINDOWS\System32\rBJRAGgh.ini deleted
C:\WINDOWS\System32\rqYcdfii.ini deleted
renamed to C:\WINDOWS\System32\sjhxfhib.dllNUCIA
C:\WINDOWS\System32\sjhxfhib.dll deleted
C:\WINDOWS\System32\spywarewarning2.mht deleted
C:\WINDOWS\System32\tmp.reg deleted
C:\WINDOWS\System32\tmp.txt deleted
C:\WINDOWS\System32\wasqahuf.exe deleted
C:\WINDOWS\System32\WinCtrl32.dllRVAXO deleted
renamed to C:\WINDOWS\System32\WinCtrl32.dllNUCIA
C:\WINDOWS\System32\WinCtrl32.dll deleted
C:\WINDOWS\System32\WinCtrl32.dl_ deleted
C:\WINDOWS\System32\drivers\wfM86.sys not deleted
C:\WINDOWS\System32\adsldpd.exe deleted
C:\WINDOWS\megavid.cdt deleted
C:\WINDOWS\muotr.so deleted

**smeenk** · 26-05-08, 10:05

Herstart de computer en dubbelklik daarna nog een keer op del.bat

Post dan een nieuw logje van Hijackthis

**tlpeter** · 26-05-08, 10:12

Hier de del.bat en hijkack log

Deleting files
C:\WINDOWS\System32\bstjbgbq.ini not found
C:\WINDOWS\System32\hxlqgstu.ini not found
C:\WINDOWS\System32\iroxalir.exe not found
C:\WINDOWS\System32\kknclpnt.dll not found
C:\WINDOWS\System32\ksfntxtx.dll not found
C:\WINDOWS\System32\nlrugnik.dll not found
C:\WINDOWS\System32\pmnmmmlJ.dll not deleted
C:\WINDOWS\System32\qbgbjtsb.dll not found
C:\WINDOWS\System32\qpdcbvfg.ini not found
C:\WINDOWS\System32\rBJRAGgh.ini not found
C:\WINDOWS\System32\rqYcdfii.ini not found
C:\WINDOWS\System32\sjhxfhib.dll not found
C:\WINDOWS\System32\spywarewarning2.mht not found
C:\WINDOWS\System32\tmp.reg not found
C:\WINDOWS\System32\tmp.txt not found
C:\WINDOWS\System32\wasqahuf.exe not found
C:\WINDOWS\System32\WinCtrl32.dllRVAXO not found
renamed to C:\WINDOWS\System32\WinCtrl32.dllNUCIA
C:\WINDOWS\System32\WinCtrl32.dll deleted
C:\WINDOWS\System32\WinCtrl32.dl_ deleted
C:\WINDOWS\System32\drivers\wfM86.sys not deleted
C:\WINDOWS\System32\adsldpd.exe not found
C:\WINDOWS\megavid.cdt not found
C:\WINDOWS\muotr.so not found

Logfile of HijackThis v1.99.1
Scan saved at 10:09:01, on 26-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\00THotkey.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Linksts.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - C:\WINDOWS\system32\pmnmmmlJ.dll
O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnmmmlJ - C:\WINDOWS\SYSTEM32\pmnmmmlJ.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

**smeenk** · 26-05-08, 10:51

Verwijder del.bat en maak een nieuwe aan.

Open een kladblokbestand.
Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

@ECHO OFF
IF EXIST log.txt DEL log.txt
sc stop wfM86
sc delete wfM86
remove C:\WINDOWS\System32\drivers\wfM86.sys C:\RVAXO\wfM86.sys
remove C:\WINDOWS\System32\WinCtrl32.dll C:\RVAXO\WinCtrl32.dll
remove C:\WINDOWS\System32\WinCtrl32.dl_ C:\RVAXO\WinCtrl32.dl_
ECHO Deleting files>>log.txt
FOR %%g in (
C:\WINDOWS\System32\pmnmmmlJ.dll.vir
C:\WINDOWS\System32\WinCtrl32.dll
C:\WINDOWS\System32\WinCtrl32.dl_
C:\WINDOWS\System32\drivers\wfM86.sys) DO (
DEL /Q %%gNUCIA
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: del.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.

Dubbelklik op del.bat en post de inhoud van de logfile die opent.

Herstart daarna de computer en dubbelklik del.bat nog een keer.

**tlpeter** · 26-05-08, 11:02

Hier de logfile

Deleting files
C:\WINDOWS\System32\pmnmmmlJ.dll not deleted
renamed to C:\WINDOWS\System32\WinCtrl32.dllNUCIA
C:\WINDOWS\System32\WinCtrl32.dll deleted
C:\WINDOWS\System32\WinCtrl32.dl_ not found
C:\WINDOWS\System32\AvBrand.dll not found
C:\WINDOWS\System32\drivers\wfM86.sys not deleted

**smeenk** · 26-05-08, 11:11

Download VirtumundoBegone (mirror)
Sla dit op op je bureaublad.

Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
Als de fix klaar is, start je de pc opnieuw op.
Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

Post ook een nieuw logje van Hijackthis

**tlpeter** · 26-05-08, 11:23

Hier de vitumundo log

[05/26/2008, 11:17:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Peter\Bureaublad\VirtumundoBeGone.exe" )
[05/26/2008, 11:17:30] - Detected System Information:
[05/26/2008, 11:17:30] - Windows Version: 5.1.2600, Service Pack 2
[05/26/2008, 11:17:30] - Current Username: Peter (Admin)
[05/26/2008, 11:17:30] - Windows is in NORMAL mode.
[05/26/2008, 11:17:30] - Searching for Browser Helper Objects:
[05/26/2008, 11:17:30] - BHO 1: {089FD14D-132B-48FC-8861-0048AE113215} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[05/26/2008, 11:17:30] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/26/2008, 11:17:30] - BHO 3: {81DB9AC3-E517-4195-ABF3-A7461D5D538F} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\iifdcYqr
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\iifdcYqr, continuing.
[05/26/2008, 11:17:30] - BHO 4: {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\hgGARJBr
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\hgGARJBr, continuing.
[05/26/2008, 11:17:30] - BHO 5: {99972D1B-964E-49EC-92F4-1EB39F4810A5} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\pmnmmmlJ
[05/26/2008, 11:17:30] - Found: HKLM\...\Winlogon\Notify\pmnmmmlJ - This is probably Virtumundo.
[05/26/2008, 11:17:30] - Assigning {99972D1B-964E-49EC-92F4-1EB39F4810A5} MSEvents Object
[05/26/2008, 11:17:30] - BHO list has been changed! Starting over...
[05/26/2008, 11:17:30] - BHO 1: {089FD14D-132B-48FC-8861-0048AE113215} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[05/26/2008, 11:17:30] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/26/2008, 11:17:30] - BHO 3: {81DB9AC3-E517-4195-ABF3-A7461D5D538F} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\iifdcYqr
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\iifdcYqr, continuing.
[05/26/2008, 11:17:30] - BHO 4: {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\hgGARJBr
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\hgGARJBr, continuing.
[05/26/2008, 11:17:30] - BHO 5: {99972D1B-964E-49EC-92F4-1EB39F4810A5} (MSEvents Object)
[05/26/2008, 11:17:30] - ALERT: Found MSEvents Object!
[05/26/2008, 11:17:30] - BHO 6: {a28255a0-d382-4d36-a611-77e11e91e812} ()
[05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\nlrugnik
[05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\nlrugnik, continuing.
[05/26/2008, 11:17:30] - Finished Searching Browser Helper Objects
[05/26/2008, 11:17:30] - *** Detected MSEvents Object
[05/26/2008, 11:17:30] - Trying to remove MSEvents Object...
[05/26/2008, 11:17:31] - Terminating Process: IEXPLORE.EXE
[05/26/2008, 11:17:32] - Terminating Process: RUNDLL32.EXE
[05/26/2008, 11:17:32] - Disabling Automatic Shell Restart
[05/26/2008, 11:17:32] - Terminating Process: EXPLORER.EXE
[05/26/2008, 11:17:32] - Suspending the NT Session Manager System Service
[05/26/2008, 11:17:32] - Terminating Windows NT Logon/Logoff Manager
[05/26/2008, 11:17:32] - Re-enabling Automatic Shell Restart
[05/26/2008, 11:17:32] - File to disable: C:\WINDOWS\system32\pmnmmmlJ.dll
[05/26/2008, 11:17:32] - Renaming C:\WINDOWS\system32\pmnmmmlJ.dll -> C:\WINDOWS\system32\pmnmmmlJ.dll.vir
[05/26/2008, 11:17:32] - File successfully renamed!
[05/26/2008, 11:17:32] - Removing HKLM\...\Browser Helper Objects\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
[05/26/2008, 11:17:32] - Removing HKCR\CLSID\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
[05/26/2008, 11:17:32] - Adding Kill Bit for ActiveX for GUID: {99972D1B-964E-49EC-92F4-1EB39F4810A5}
[05/26/2008, 11:17:33] - Deleting ATLEvents/MSEvents Registry entries
[05/26/2008, 11:17:33] - Removing HKLM\...\Winlogon\Notify\pmnmmmlJ
[05/26/2008, 11:17:33] - Searching for Browser Helper Objects:
[05/26/2008, 11:17:33] - BHO 1: {089FD14D-132B-48FC-8861-0048AE113215} ()
[05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
[05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[05/26/2008, 11:17:33] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/26/2008, 11:17:33] - BHO 3: {81DB9AC3-E517-4195-ABF3-A7461D5D538F} ()
[05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\iifdcYqr
[05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\iifdcYqr, continuing.
[05/26/2008, 11:17:33] - BHO 4: {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} ()
[05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\hgGARJBr
[05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\hgGARJBr, continuing.
[05/26/2008, 11:17:33] - BHO 5: {a28255a0-d382-4d36-a611-77e11e91e812} ()
[05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\nlrugnik
[05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\nlrugnik, continuing.
[05/26/2008, 11:17:33] - Finished Searching Browser Helper Objects
[05/26/2008, 11:17:33] - Finishing up...
[05/26/2008, 11:17:33] - A restart is needed.
[05/26/2008, 11:17:36] - Attempting to Restart via STOP error (Blue Screen!)

Hier de hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:20:52, on 26-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Linksts.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

**smeenk** · 26-05-08, 11:32

Start Hijackthis en vink alleen de volgende regels aan:
O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

Installeer unlocker eens : http://ccollomb.free.fr/unlocker/

Probeer daarna deze bestand te vinden met je verkenner:
C:\WINDOWS\System32\WinCtrl32.dll
C:\WINDOWS\System32\WinCtrl32.dl_
Rechtklik op die bestanden en kies voor het icoontje van Unlocker en daarna voor "Alles vrijgeven", lukt dit niet, kies dan voor verwijderen.
Herstart je computer en post een nieuw logje van Hijackthis

**tlpeter** · 26-05-08, 11:48

Ik heb de file win32.dll gedaan
De file win32dl_ staat er niet tussen maar wel win32.dllNUCIA
Moet ik ihern og wat mee doen ?

Hier de hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:20:52, on 26-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Linksts.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

Mededeling

Adult friend finder

Adult friend finder

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment