Mededeling

Collapse
No announcement yet.

Adult friend finder

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Adult friend finder

    Hallo,

    Ik ben al een paar dagen bezig om van een behoorlijk vervelend stuk spyware/adware af te komen

    Eerst kreeg ik meldingen (in het engels terwijl os in nederlands is)dat de beveiligings instellingen niet goed waren

    Dit is nu weg maar ik heb nog steeds ongewild banners en pagina's als i kinternet explorer open

    Het meeste is nu weg door het gebruik van Superantispyware

    Wie kan mij hier mee helpen

    Ik heb een log gemaakt met hijachthis


    Logfile of HijackThis v1.99.1
    Scan saved at 18:37:35, on 25-5-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O1 - Hosts: 82.210.107.158 www.toptel.eu
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
    O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunServices: [IEUpdate] C:\WINDOWS\system32\adsldpd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunServices: [IEUpdate] C:\WINDOWS\system32\adsldpd.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
    O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

  • #2
    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw logje van Hijackthis.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Comment


    • #3
      Ik kan op geen enkele manier het programma geinstalleerd krijgen

      Ook deze website bezoeken gaat niet ( met de geinfecteerde pc)
      Wat ik ook doe ik krijg het niet voor elkaar
      Als ik ping naar www.nucia.eu dan krijg ik 127.0.0.1 als IP-adres.

      Wat kan ik nog meer doen ?
      Last edited by tlpeter; 25-05-08, 20:30.

      Comment


      • #4
        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

        Comment


        • #5
          Hier de logfiles.

          ---RVAXO.exe Updated: 2008-05-25---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\BM379682a4.xml
          C:\WINDOWS\BM379682a4.txt
          C:\WINDOWS\system32\rBJRAGgh.ini2
          C:\WINDOWS\system32\rqYcdfii.ini2
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system32\clkcnt.txt
          C:\WINDOWS\system32\WinCtrl32.dll
          C:\WINDOWS\system32\mcrh.tmp

          Folders Found:
          C:\WINDOWS\system32\Cache

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------





          ======C:\WINDOWS====
          ----a-w 0 2008-05-25 19:07:36 C:\WINDOWS\0.log
          ----a-w 69,632 2008-04-18 16:58:24 C:\WINDOWS\Alcmtr.exe
          ----a-w 2,808,832 2008-04-18 16:58:24 C:\WINDOWS\alcwzrd.exe
          --s-a-w 2,048 2008-05-25 19:06:46 C:\WINDOWS\bootstat.dat
          ----a-w 200 2008-04-18 15:00:43 C:\WINDOWS\cmsetacl.log
          ----a-w 4,308 2008-04-29 18:21:14 C:\WINDOWS\COM+.log
          ----a-w 276,380 2008-05-14 05:07:34 C:\WINDOWS\comsetup.log
          ----a-w 0 2008-04-18 13:49:24 C:\WINDOWS\control.ini
          ----a-w 12,282 2008-05-13 07:22:12 C:\WINDOWS\DPINST.LOG
          ----a-w 360 2008-04-18 15:09:54 C:\WINDOWS\DtcInstall.log
          ----a-w 794,055 2008-05-14 05:07:34 C:\WINDOWS\FaxSetup.log
          ----a-w 29,370 2008-04-18 17:49:48 C:\WINDOWS\IDNMitigationAPIs.log
          ----a-w 73,573 2008-04-18 17:53:13 C:\WINDOWS\ie7.log
          ----a-w 39,570 2008-04-18 17:55:57 C:\WINDOWS\ie7_main.log
          ----a-w 1,079,230 2008-05-14 05:07:34 C:\WINDOWS\iis6.log
          ----a-w 1,374 2008-05-13 07:38:33 C:\WINDOWS\imsins.BAK
          ----a-w 1,374 2008-05-14 05:07:34 C:\WINDOWS\imsins.log
          ----a-w 4,100 2008-04-18 14:45:48 C:\WINDOWS\KB835409.log
          ----a-w 5,970 2008-04-18 14:24:27 C:\WINDOWS\KB842773.log
          ----a-w 12,249 2008-04-18 15:30:27 C:\WINDOWS\KB873333.log
          ----a-w 24,009 2008-04-18 15:14:21 C:\WINDOWS\KB873339.log
          ----a-w 27,257 2008-04-18 15:15:51 C:\WINDOWS\KB885835.log
          ----a-w 26,266 2008-04-18 15:15:44 C:\WINDOWS\KB885836.log
          ----a-w 12,110 2008-04-18 17:37:28 C:\WINDOWS\KB886185.log
          ----a-w 28,506 2008-04-18 17:42:01 C:\WINDOWS\KB887472.log
          ----a-w 4,533 2008-04-18 17:00:28 C:\WINDOWS\KB888111.log
          ----a-w 20,132 2008-04-18 15:12:25 C:\WINDOWS\KB888302.log
          ----a-w 23,870 2008-04-18 15:13:23 C:\WINDOWS\KB890046.log
          ----a-w 18,607 2008-04-18 15:10:28 C:\WINDOWS\KB890859.log
          ----a-w 22,920 2008-04-18 15:13:29 C:\WINDOWS\KB891781.log
          ----a-w 5,436 2008-04-18 14:25:14 C:\WINDOWS\KB892130.log
          ----a-w 4,814 2008-04-18 14:47:53 C:\WINDOWS\KB892944.log
          ----a-w 26,220 2008-04-18 15:14:46 C:\WINDOWS\KB893756.log
          ----a-w 6,971 2008-04-18 14:24:52 C:\WINDOWS\KB893803v2.log
          ----a-w 17,039 2008-04-18 17:36:43 C:\WINDOWS\KB894391.log
          ----a-w 24,529 2008-04-18 15:14:00 C:\WINDOWS\KB896358.log
          ----a-w 25,715 2008-04-18 15:14:27 C:\WINDOWS\KB896423.log
          ----a-w 26,604 2008-04-18 15:14:53 C:\WINDOWS\KB896424.log
          ----a-w 17,138 2008-04-18 15:10:54 C:\WINDOWS\KB896428.log
          ----a-w 8,106 2008-04-18 14:25:06 C:\WINDOWS\KB898461.log
          ----a-w 29,336 2008-04-18 15:16:12 C:\WINDOWS\KB899587.log
          ----a-w 5,507 2008-04-18 14:48:59 C:\WINDOWS\KB899589.log
          ----a-w 26,414 2008-04-18 15:15:06 C:\WINDOWS\KB899591.log
          ----a-w 37,831 2008-04-18 17:44:40 C:\WINDOWS\KB900485.log
          ----a-w 21,941 2008-04-18 15:11:42 C:\WINDOWS\KB900725.log
          ----a-w 26,091 2008-04-18 15:15:14 C:\WINDOWS\KB901017.log
          ----a-w 21,569 2008-04-18 15:12:44 C:\WINDOWS\KB901214.log
          ----a-w 38,714 2008-04-18 17:40:58 C:\WINDOWS\KB902400.log
          ----a-w 19,247 2008-04-18 15:11:28 C:\WINDOWS\KB904706.log
          ----a-w 60,730 2008-04-18 17:47:43 C:\WINDOWS\KB904942.log
          ----a-w 22,629 2008-04-18 15:12:56 C:\WINDOWS\KB905414.log
          ----a-w 5,947 2008-04-18 14:49:42 C:\WINDOWS\KB905495.log
          ----a-w 18,891 2008-04-18 15:11:13 C:\WINDOWS\KB905749.log
          ----a-w 17,363 2008-04-18 15:10:48 C:\WINDOWS\KB908519.log
          ----a-w 19,283 2008-04-18 15:11:22 C:\WINDOWS\KB908531.log
          ----a-w 17,882 2008-04-18 15:13:52 C:\WINDOWS\KB910437.log
          ----a-w 25,790 2008-04-18 15:14:40 C:\WINDOWS\KB911280.log
          ----a-w 26,382 2008-04-18 15:14:33 C:\WINDOWS\KB911562.log
          ----a-w 12,948 2008-04-18 15:13:46 C:\WINDOWS\KB911564.log
          ----a-w 4,175 2008-04-18 15:30:09 C:\WINDOWS\KB911565.log
          ----a-w 26,538 2008-04-18 15:15:26 C:\WINDOWS\KB911927.log
          ----a-w 19,546 2008-04-18 15:11:33 C:\WINDOWS\KB912919.log
          ----a-w 18,687 2008-04-18 15:11:02 C:\WINDOWS\KB913580.log
          ----a-w 23,824 2008-04-18 15:13:10 C:\WINDOWS\KB914388.log
          ----a-w 17,144 2008-04-18 15:10:35 C:\WINDOWS\KB914389.log
          ----a-w 29,488 2008-04-18 17:47:51 C:\WINDOWS\KB914440.log
          ----a-w 30,932 2008-04-18 17:49:03 C:\WINDOWS\KB915865.log
          ----a-w 17,391 2008-04-18 17:37:19 C:\WINDOWS\KB916595.log
          ----a-w 22,213 2008-04-18 15:13:04 C:\WINDOWS\KB917344.log
          ----a-w 21,208 2008-04-18 15:12:31 C:\WINDOWS\KB917422.log
          ----a-w 21,839 2008-04-18 15:12:50 C:\WINDOWS\KB917953.log
          ----a-w 23,477 2008-04-18 17:38:54 C:\WINDOWS\KB918118.log
          ----a-w 28,472 2008-04-18 17:41:09 C:\WINDOWS\KB918439.log
          ----a-w 23,233 2008-04-18 15:13:17 C:\WINDOWS\KB919007.log
          ----a-w 20,814 2008-04-18 17:38:06 C:\WINDOWS\KB920213.log
          ----a-w 23,467 2008-04-18 15:13:35 C:\WINDOWS\KB920670.log
          ----a-w 17,661 2008-04-18 15:10:41 C:\WINDOWS\KB920683.log
          ----a-w 25,986 2008-04-18 15:15:00 C:\WINDOWS\KB920685.log
          ----a-w 27,092 2008-04-18 17:40:31 C:\WINDOWS\KB920872.log
          ----a-w 25,076 2008-04-18 15:14:09 C:\WINDOWS\KB921398.log
          ----a-w 27,134 2008-04-18 15:15:32 C:\WINDOWS\KB921883.log
          ----a-w 18,473 2008-04-18 17:39:13 C:\WINDOWS\KB922582.log
          ----a-w 25,779 2008-04-18 15:15:20 C:\WINDOWS\KB922616.log
          ----a-w 28,699 2008-04-18 15:15:59 C:\WINDOWS\KB922819.log
          ----a-w 19,078 2008-04-18 15:12:37 C:\WINDOWS\KB923191.log
          ----a-w 27,141 2008-04-18 15:15:39 C:\WINDOWS\KB923414.log
          ----a-w 38,999 2008-04-18 17:45:13 C:\WINDOWS\KB923980.log
          ----a-w 28,433 2008-04-18 15:16:06 C:\WINDOWS\KB924191.log
          ----a-w 37,133 2008-04-18 17:44:26 C:\WINDOWS\KB924270.log
          ----a-w 24,907 2008-04-18 15:14:15 C:\WINDOWS\KB924496.log
          ----a-w 35,351 2008-04-18 17:44:48 C:\WINDOWS\KB924667.log
          ----a-w 20,905 2008-04-18 17:41:45 C:\WINDOWS\KB925398.log
          ----a-w 29,986 2008-04-18 17:41:27 C:\WINDOWS\KB925902.log
          ----a-w 22,309 2008-04-18 17:38:44 C:\WINDOWS\KB926255.log
          ----a-w 25,032 2008-04-18 17:40:38 C:\WINDOWS\KB926436.log
          ----a-w 62,525 2008-04-18 17:57:08 C:\WINDOWS\KB927779.log
          ----a-w 59,218 2008-04-18 17:56:59 C:\WINDOWS\KB927802.log
          ----a-w 23,834 2008-04-18 17:42:47 C:\WINDOWS\KB927891.log
          ----a-w 59,749 2008-04-18 17:56:20 C:\WINDOWS\KB928255.log
          ----a-w 15,382 2008-04-18 17:36:21 C:\WINDOWS\KB928843.log
          ----a-w 29,029 2008-04-18 17:41:18 C:\WINDOWS\KB929123.log
          ----a-w 25,434 2008-04-18 17:40:06 C:\WINDOWS\KB930178.log
          ----a-w 17,572 2008-04-18 17:37:11 C:\WINDOWS\KB930916.log
          ----a-w 35,713 2008-04-18 17:44:17 C:\WINDOWS\KB931261.log
          ----a-w 60,431 2008-04-18 17:56:10 C:\WINDOWS\KB931784.log
          ----a-w 26,069 2008-04-18 17:39:24 C:\WINDOWS\KB932168.log
          ----a-w 31,722 2008-04-18 17:45:21 C:\WINDOWS\KB933729.log
          ----a-w 6,308 2008-04-18 18:04:00 C:\WINDOWS\KB935448.log
          ----a-w 17,392 2008-04-18 17:36:58 C:\WINDOWS\KB935839.log
          ----a-w 19,140 2008-04-18 17:37:55 C:\WINDOWS\KB935840.log
          ----a-w 38,370 2008-04-18 17:45:05 C:\WINDOWS\KB936021.log
          ----a-w 29,675 2008-04-18 17:42:30 C:\WINDOWS\KB936357.log
          ----a-w 26,576 2008-04-18 17:44:09 C:\WINDOWS\KB936782.log
          ----a-w 60,856 2008-04-18 17:56:40 C:\WINDOWS\KB937894.log
          ----a-w 14,592 2008-04-19 16:58:33 C:\WINDOWS\KB938127-IE7.log
          ----a-w 21,582 2008-04-18 17:38:22 C:\WINDOWS\KB938127.log
          ----a-w 37,873 2008-04-18 17:44:56 C:\WINDOWS\KB938828.log
          ----a-w 12,513 2008-04-30 08:22:39 C:\WINDOWS\KB939373.log
          ----a-w 23,033 2008-04-18 17:39:03 C:\WINDOWS\KB941202.log
          ----a-w 21,498 2008-04-18 17:38:37 C:\WINDOWS\KB941568.log
          ----a-w 17,341 2008-04-18 17:39:59 C:\WINDOWS\KB941569.log
          ----a-w 36,054 2008-04-18 17:43:40 C:\WINDOWS\KB941644.log
          ----a-w 29,466 2008-04-18 17:42:13 C:\WINDOWS\KB941693.log
          ----a-w 80,729 2008-04-18 17:54:32 C:\WINDOWS\KB942615-IE7.log
          ----a-w 37,164 2008-04-18 17:40:19 C:\WINDOWS\KB942763.log
          ----a-w 12,211 2008-04-30 08:22:48 C:\WINDOWS\KB942830.log
          ----a-w 12,031 2008-04-30 08:22:28 C:\WINDOWS\KB942831.log
          ----a-w 17,031 2008-04-18 17:36:50 C:\WINDOWS\KB943055.log
          ----a-w 52,717 2008-04-18 17:56:51 C:\WINDOWS\KB943460.log
          ----a-w 18,773 2008-04-18 17:37:46 C:\WINDOWS\KB943485.log
          ----a-w 22,772 2008-04-18 17:38:14 C:\WINDOWS\KB944338.log
          ----a-w 70,478 2008-04-18 17:55:14 C:\WINDOWS\KB944533-IE7.log
          ----a-w 14,898 2008-04-18 17:36:34 C:\WINDOWS\KB944653.log
          ----a-w 18,714 2008-04-18 17:37:38 C:\WINDOWS\KB945553.log
          ----a-w 29,469 2008-04-18 17:41:53 C:\WINDOWS\KB946026.log
          ----a-w 65,302 2008-04-18 17:55:53 C:\WINDOWS\KB947864-IE7.log
          ----a-w 40,276 2008-04-18 17:43:28 C:\WINDOWS\KB947864.log
          ----a-w 21,809 2008-04-18 17:38:29 C:\WINDOWS\KB948590.log
          ----a-w 51,481 2008-04-18 17:56:27 C:\WINDOWS\KB948881.log
          ----a-w 14,205 2008-05-14 05:07:34 C:\WINDOWS\KB950749.log
          ----a-w 54,920 2008-05-14 05:07:34 C:\WINDOWS\medctroc.Log
          --sh--r 0 2008-05-24 07:56:58 C:\WINDOWS\megavid.cdt
          ----a-w 2,158,592 2008-04-18 16:58:24 C:\WINDOWS\MicCal.exe
          ----a-w 40,625 2008-05-14 05:07:34 C:\WINDOWS\msgsocm.log
          ----a-w 261,624 2008-05-14 05:07:33 C:\WINDOWS\msmqinst.log
          ----a-w 295,086 2008-05-14 05:06:54 C:\WINDOWS\msxml4-KB936181-enu.LOG
          ----a-w 511,498 2008-05-14 05:07:42 C:\WINDOWS\msxml6-KB933579-enu-x86.LOG
          --sh--r 33 2008-05-24 07:56:57 C:\WINDOWS\muotr.so
          ----a-w 69 2008-05-22 09:48:18 C:\WINDOWS\NeroDigital.ini
          ----a-w 140,321 2008-05-14 05:07:34 C:\WINDOWS\netfxocm.log
          ----a-w 29,061 2008-04-18 17:49:21 C:\WINDOWS\NLSDownlevelMapping.log
          ----a-w 349 2008-04-20 05:08:17 C:\WINDOWS\nsw.log
          ----a-w 586,802 2008-05-24 15:38:15 C:\WINDOWS\ntbtlog.txt
          ----a-w 167,981 2008-05-14 05:07:34 C:\WINDOWS\ntdtcsetup.log
          ----a-w 403,360 2008-05-14 05:07:34 C:\WINDOWS\ocgen.log
          ----a-w 49,879 2008-05-14 05:07:34 C:\WINDOWS\ocmsn.log
          ----a-w 4,207 2008-04-18 13:49:13 C:\WINDOWS\ODBCINST.INI
          ----a-w 1,178 2008-04-18 15:08:03 C:\WINDOWS\OEWABLog.txt
          ----a-w 1,409 2008-04-20 17:14:31 C:\WINDOWS\QTFont.for
          ---ha-w 54,156 2008-05-25 17:57:59 C:\WINDOWS\QTFont.qfn
          ----a-w 8,192 2008-04-18 13:54:22 C:\WINDOWS\REGLOCS.OLD
          ----a-w 1,672 2008-04-18 15:39:06 C:\WINDOWS\regopt.log
          ----a-w 16,207,360 2008-04-18 16:58:25 C:\WINDOWS\RTHDCPL.exe
          ----a-w 9,709,568 2008-04-18 16:58:26 C:\WINDOWS\RTLCPL.exe
          ----a-w 487,424 2008-04-18 16:58:22 C:\WINDOWS\RtlExUpd.dll
          ----a-w 364,544 2008-04-18 16:58:26 C:\WINDOWS\RtlUpd.exe
          ----a-w 32,600 2008-05-25 18:57:27 C:\WINDOWS\SchedLgU.Txt
          ----a-w 1,277 2008-04-18 14:59:42 C:\WINDOWS\sessmgr.setup.log
          ------w 249,856 2008-05-06 14:37:08 C:\WINDOWS\Setup1.exe
          ----a-w 182,252 2008-05-24 13:21:52 C:\WINDOWS\setupact.log
          ----a-w 1,042,690 2008-05-24 11:18:54 C:\WINDOWS\setupapi.log
          ----a-w 0 2008-04-18 15:37:58 C:\WINDOWS\setuperr.log
          ----a-w 740,069 2008-04-18 15:07:41 C:\WINDOWS\setuplog.txt
          ----a-w 1,448,960 2008-04-18 16:58:26 C:\WINDOWS\SkyTel.exe
          ----a-w 86,016 2008-04-18 16:58:27 C:\WINDOWS\SoundMan.exe
          ----a-w 36,914 2008-04-18 18:00:23 C:\WINDOWS\spupdsvc.log
          ----a-w 74,752 2008-05-06 14:36:52 C:\WINDOWS\ST6UNST.EXE
          ----a-w 0 2008-04-18 15:41:28 C:\WINDOWS\Sti_Trace.log
          ----a-w 468,319 2008-04-18 15:04:28 C:\WINDOWS\svcpack.log
          ----a-w 227 2008-05-25 19:01:51 C:\WINDOWS\system.ini
          ----a-w 40,699 2008-05-14 05:07:34 C:\WINDOWS\tabletoc.log
          ----a-w 373,965 2008-05-14 05:07:34 C:\WINDOWS\tsoc.log
          ----a-w 74,467 2008-04-30 08:22:37 C:\WINDOWS\updspapi.log
          ----a-w 36 2008-04-18 13:45:47 C:\WINDOWS\vb.ini
          ----a-w 37 2008-04-18 13:45:47 C:\WINDOWS\vbaddin.ini
          ----a-w 300 2008-05-21 18:50:41 C:\WINDOWS\wcx_ftp.ini
          ----a-w 6,004 2008-05-13 07:38:33 C:\WINDOWS\Wdf01005Inst.log
          ----a-w 623 2008-05-21 14:51:13 C:\WINDOWS\wiadebug.log
          ----a-w 49 2008-05-21 14:51:13 C:\WINDOWS\wiaservc.log
          ----a-w 562 2008-05-25 19:01:51 C:\WINDOWS\win.ini
          ----a-w 2,372 2008-05-23 10:34:25 C:\WINDOWS\wincmd.ini
          ----a-w 280 2008-04-18 13:48:57 C:\WINDOWS\Windows Update.log
          ---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\WindowsShell.Manifest
          ----a-w 2,020,845 2008-05-25 18:57:22 C:\WINDOWS\WindowsUpdate.log
          ----a-w 25,770 2008-05-21 11:57:37 C:\WINDOWS\wmsetup.log
          ----a-w 316,640 2008-05-12 18:13:23 C:\WINDOWS\WMSysPr9.prx
          ----a-w 299,552 2008-04-18 13:49:21 C:\WINDOWS\WMSysPrx.prx

          Entries: 197 (192)
          Directories: 0 Files: 197
          Bytes: 47,423,605 Blocks: 92,706
          ======C:\WINDOWS\system32=====
          ----a-w 261 2008-04-18 13:51:48 C:\WINDOWS\System32\$winnt$.inf
          ----a-w 82,944 2008-05-18 19:40:36 C:\WINDOWS\System32\404Fix.exe
          --sh--r 130,048 2008-05-24 07:57:48 C:\WINDOWS\System32\adsldpd.exe
          ----a-w 299,008 2008-04-18 16:58:24 C:\WINDOWS\System32\ALSndMgr.Cpl
          ----a-w 16,832 2008-04-18 13:49:22 C:\WINDOWS\System32\amcompat.tlb
          ----a-w 14,962 2008-04-28 12:37:19 C:\WINDOWS\System32\asucoins.dll
          ----a-w 258,048 2008-04-18 17:01:38 C:\WINDOWS\System32\ati2cqag.dll
          ----a-w 257,536 2008-04-18 17:01:38 C:\WINDOWS\System32\ati2dvag.dll
          ----a-w 41,984 2008-04-18 17:01:39 C:\WINDOWS\System32\ati2edxx.dll
          ----a-w 61,440 2008-04-18 17:01:40 C:\WINDOWS\System32\ati2evxx.dll
          ----a-w 405,504 2008-04-18 17:01:40 C:\WINDOWS\System32\ati2evxx.exe
          ----a-w 26,112 2008-04-18 17:01:42 C:\WINDOWS\System32\Ati2mdxx.exe
          ----a-w 2,662,752 2008-04-18 17:01:43 C:\WINDOWS\System32\ati3duag.dll
          ----a-w 53,248 2008-04-18 17:01:44 C:\WINDOWS\System32\ATIDDC.DLL
          ----a-w 286,720 2008-04-18 17:01:44 C:\WINDOWS\System32\ATIDEMGR.dll
          ----a-w 6,005 2008-04-18 17:01:44 C:\WINDOWS\System32\atifglpf.xml
          ----a-w 125,796 2008-04-18 17:01:44 C:\WINDOWS\System32\atiicdxx.dat
          ----a-w 307,200 2008-04-18 17:01:44 C:\WINDOWS\System32\atiiiexx.dll
          ----a-w 151,552 2008-04-18 17:01:44 C:\WINDOWS\System32\atikvmag.dll
          ----a-w 6,684,672 2008-04-18 17:01:45 C:\WINDOWS\System32\atioglx1.dll
          ----a-w 5,025,792 2008-04-18 17:01:46 C:\WINDOWS\System32\atioglxx.dll
          ----a-w 114,688 2008-04-18 17:01:46 C:\WINDOWS\System32\atipdlxx.dll
          ----a-w 17,408 2008-04-18 17:01:46 C:\WINDOWS\System32\atitvo32.dll
          ----a-w 24,064 2008-04-18 17:01:46 C:\WINDOWS\System32\ativcoxx.dll
          ----a-w 1,130,848 2008-04-18 17:01:46 C:\WINDOWS\System32\ativvaxx.dll
          ----a-w 1,785,856 2008-04-21 10:09:12 C:\WINDOWS\System32\AvBrand.dll
          ----a-w 2,560 2008-05-23 19:38:55 C:\WINDOWS\System32\bitcometres.dll
          --sh--w 1,402,488 2008-05-25 18:02:36 C:\WINDOWS\System32\bstjbgbq.ini
          ----a-w 146,650 2008-04-18 17:13:14 C:\WINDOWS\System32\BuzzingBee.wav
          ----a-w 69,632 2008-04-21 09:43:42 C:\WINDOWS\System32\CallFlowDrawing.dll
          ----a-w 174,096 2008-04-28 12:37:20 C:\WINDOWS\System32\capi2032.dll
          ---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\cdplayer.exe.manifest
          ----a-w 40,960 2008-04-18 16:58:21 C:\WINDOWS\System32\ChCfg.exe
          ----a-w 21,589 2008-05-25 18:57:23 C:\WINDOWS\System32\Config.MPF
          ----a-w 2,845 2008-04-18 13:49:24 C:\WINDOWS\System32\CONFIG.NT
          ----a-w 21,748 2008-04-18 13:46:01 C:\WINDOWS\System32\emptyregdb.dat
          ----a-w 265,416 2008-04-20 16:13:06 C:\WINDOWS\System32\FNTCACHE.DAT
          ----a-w 0 2008-04-18 15:43:14 C:\WINDOWS\System32\h323log.txt
          --sh--w 1,401,776 2008-05-25 11:29:44 C:\WINDOWS\System32\hxlqgstu.ini
          ----a-w 82,944 2008-05-18 19:40:36 C:\WINDOWS\System32\IEDFix.exe
          ----a-w 2,560 2008-05-25 16:18:10 C:\WINDOWS\System32\iroxalir.exe
          ----a-w 9,354 2008-05-19 15:20:28 C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log
          ----a-w 6,300 2008-05-22 13:09:13 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
          ----a-w 136,704 2008-05-25 11:32:39 C:\WINDOWS\System32\kknclpnt.dll
          ----a-w 125,440 2008-05-25 11:27:12 C:\WINDOWS\System32\ksfntxtx.dll
          ----a-w 90,112 2008-04-28 12:37:20 C:\WINDOWS\System32\linkcfg.dll
          ----a-w 49,152 2008-04-28 12:37:20 C:\WINDOWS\System32\linklt.dll
          ----a-w 45,056 2008-04-28 12:37:20 C:\WINDOWS\System32\linkmlp.dll
          ----a-w 172,032 2008-04-28 12:37:20 C:\WINDOWS\System32\linkrc.dll
          ----a-w 229,376 2008-04-28 12:37:20 C:\WINDOWS\System32\linksts.exe
          ----a-w 36,864 2008-04-28 12:37:20 C:\WINDOWS\System32\linkupg.dll
          ---ha-r 488 2008-04-18 13:48:23 C:\WINDOWS\System32\logonui.exe.manifest
          ----a-w 940,794 2008-04-18 17:13:14 C:\WINDOWS\System32\LoopyMusic.wav
          ----a-w 12,632 2008-05-16 09:58:04 C:\WINDOWS\System32\lsdelete.exe
          ----a-w 16,863,864 2008-05-09 21:35:04 C:\WINDOWS\System32\MRT.exe
          ---ha-r 749 2008-04-18 13:48:17 C:\WINDOWS\System32\ncpa.cpl.manifest
          ----a-w 136,704 2008-05-25 16:21:10 C:\WINDOWS\System32\nlrugnik.dll
          ----a-w 23,392 2008-04-18 13:49:22 C:\WINDOWS\System32\nscompat.tlb
          ---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\nwc.cpl.manifest
          ----a-w 77,824 2008-04-18 17:01:46 C:\WINDOWS\System32\Oemdspif.dll
          ----a-w 83,780 2008-04-29 17:52:09 C:\WINDOWS\System32\perfc009.dat
          ----a-w 106,278 2008-04-29 17:52:09 C:\WINDOWS\System32\perfc013.dat
          ----a-w 460,846 2008-04-29 17:52:09 C:\WINDOWS\System32\perfh009.dat
          ----a-w 531,450 2008-04-29 17:52:09 C:\WINDOWS\System32\perfh013.dat
          ----a-w 1,151,770 2008-04-29 17:52:09 C:\WINDOWS\System32\PerfStringBackup.INI
          ----a-w 57,344 2008-05-24 07:56:33 C:\WINDOWS\System32\pmnmmmlJ.dll
          ----a-w 115,712 2008-05-25 16:21:19 C:\WINDOWS\System32\qbgbjtsb.dll
          --sh--w 1,402,076 2008-05-25 16:10:32 C:\WINDOWS\System32\qpdcbvfg.ini
          --sha-w 317,731 2008-05-25 14:31:55 C:\WINDOWS\System32\rBJRAGgh.ini
          ----a-w 308 2008-04-18 17:23:29 C:\WINDOWS\System32\results.txt
          --sha-w 316,573 2008-05-25 17:31:27 C:\WINDOWS\System32\rqYcdfii.ini
          ----a-w 135,168 2008-04-18 16:58:26 C:\WINDOWS\System32\RtlCPAPI.dll
          ----a-w 266,240 2008-04-18 16:58:26 C:\WINDOWS\System32\RTSndMgr.Cpl
          ----a-w 827,132 2008-05-25 16:59:52 C:\WINDOWS\System32\RVAXO.bat
          ---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\sapi.cpl.manifest
          ----a-w 125,440 2008-05-25 16:15:57 C:\WINDOWS\System32\sjhxfhib.dll
          ----a-w 259 2008-04-18 15:07:33 C:\WINDOWS\System32\spupdwxp.log
          ----a-w 78,378 2008-05-24 14:27:27 C:\WINDOWS\System32\spywarewarning2.mht
          ----a-w 3,812 2008-05-24 13:16:34 C:\WINDOWS\System32\tmp.reg
          ----a-w 0 2008-05-24 13:16:34 C:\WINDOWS\System32\tmp.txt
          ----a-w 77,824 2008-04-18 17:41:48 C:\WINDOWS\System32\tosmreg.exe
          ----a-w 138,760 2008-04-18 17:40:15 C:\WINDOWS\System32\TZLog.log
          ----a-w 86,528 2008-05-15 21:22:46 C:\WINDOWS\System32\VACFix.exe
          ----a-w 2,560 2008-05-25 11:29:47 C:\WINDOWS\System32\wasqahuf.exe
          ----a-w 14,336 2008-05-25 19:06:46 C:\WINDOWS\System32\WinCtrl32.dllRVAXO
          ---ha-r 488 2008-04-18 13:48:23 C:\WINDOWS\System32\WindowsLogon.manifest
          ----a-w 25,065 2008-04-18 13:55:44 C:\WINDOWS\System32\wmpscheme.xml
          ----a-w 13,646 2008-04-18 14:31:01 C:\WINDOWS\System32\wpa.bak
          ----a-w 13,646 2008-05-24 11:19:14 C:\WINDOWS\System32\wpa.dbl
          ---ha-r 749 2008-04-18 13:48:18 C:\WINDOWS\System32\wuaucpl.cpl.manifest

          Entries: 90 (77)
          Directories: 0 Files: 90
          Bytes: 48,919,527 Blocks: 95,568
          ======C:\WINDOWS\system32\drivers=====
          ----a-w 21,035 2008-04-18 17:23:15 C:\WINDOWS\System32\drivers\AegisP.sys
          ----a-w 547,072 2008-04-20 05:21:41 C:\WINDOWS\System32\drivers\ar5211.sys
          ----a-w 40,960 2008-04-18 17:01:40 C:\WINDOWS\System32\drivers\ati2erec.dll
          ----a-w 1,523,712 2008-04-18 17:01:42 C:\WINDOWS\System32\drivers\ati2mtag.sys
          ----a-w 1,114,674 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativcaxx.cpa
          ----a-w 929 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativcaxx.vp
          ----a-w 58,560 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativckxx.vp
          ----a-w 27,568 2008-04-18 17:01:46 C:\WINDOWS\System32\drivers\ativvpxx.vp
          ----a-w 12,960 2008-04-29 09:19:50 C:\WINDOWS\System32\drivers\Awrtpd.sys
          ----a-w 15,648 2008-04-29 09:19:54 C:\WINDOWS\System32\drivers\Awrtrd.sys
          ----a-w 1,712 2008-04-18 16:58:21 C:\WINDOWS\System32\drivers\HDACfg.dat
          ----a-w 609,635 2008-04-28 12:37:20 C:\WINDOWS\System32\drivers\linkisdn.sys
          ---ha-w 0 2008-05-13 07:38:49 C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
          ---ha-w 0 2008-05-13 07:38:51 C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
          ----a-w 15,648 2008-04-29 09:20:00 C:\WINDOWS\System32\drivers\NSDriver.sys
          ----a-w 4,273,152 2008-04-18 16:58:26 C:\WINDOWS\System32\drivers\RtkHDAud.Sys
          ----a-w 716,272 2008-05-24 07:26:19 C:\WINDOWS\System32\drivers\sptd.sys
          ----a-w 47,968 2008-04-28 12:37:19 C:\WINDOWS\System32\drivers\wanlink.sys
          ----a-w 29,056 2008-05-25 18:02:15 C:\WINDOWS\System32\drivers\wfM86.sys

          Entries: 19 (17)
          Directories: 0 Files: 19
          Bytes: 9,056,561 Blocks: 17,695
          =======C:\Program Files=====
          Entries: 0 (0)
          Directories: 0 Files: 0
          Bytes: 0 Blocks: 0
          =======C:=====
          ----a-w 0 2008-04-18 13:49:24 C:\AUTOEXEC.BAT
          --sha-r 211 2008-05-25 19:01:51 C:\boot.ini
          ----a-w 0 2008-04-18 13:49:24 C:\CONFIG.SYS
          ----a-w 4,194,304 2008-05-24 16:18:12 C:\DbgOut.txt
          ----a-w 485 2008-05-25 19:05:34 C:\firstrun6.log
          --sha-w 1,475,530,752 2008-05-25 19:06:44 C:\hiberfil.sys
          --sha-r 0 2008-04-18 13:49:24 C:\IO.SYS
          ----a-w 97,280 2008-04-24 08:00:49 C:\IPServicesdb.tar
          ----a-w 1,649,976 2008-05-25 17:25:22 C:\mbam-setup.exe
          --sha-r 0 2008-04-18 13:49:24 C:\MSDOS.SYS
          --sha-r 47,564 2008-04-18 14:53:09 C:\NTDETECT.COM
          --sha-r 251,184 2008-04-18 14:53:09 C:\ntldr
          --sha-w 2,145,386,496 2008-05-25 19:06:42 C:\pagefile.sys
          ----a-w 1,645 2008-05-24 13:22:40 C:\rapport.txt
          ----a-w 620 2008-05-25 19:10:39 C:\RVAXO-results.log
          ----a-w 23,940 2008-05-25 19:10:40 C:\RVAXO-Vfind.log

          Entries: 16 (9)
          Directories: 0 Files: 16
          Bytes: 3,627,184,457 Blocks: 7,084,348
          ======C:\Documents and Settings\Peter\Application Data======
          --sha-w 62 2008-04-18 15:38:38 C:\Documents and Settings\Peter\Application Data\desktop.ini

          Entries: 1 (0)
          Directories: 0 Files: 1
          Bytes: 62 Blocks: 1
          ======C:\Documents and Settings\Peter======
          ----a-w 646 2008-05-21 12:31:31 C:\Documents and Settings\Peter\address.ser
          ---ha-w 3,932,160 2008-05-25 19:05:51 C:\Documents and Settings\Peter\NTUSER.DAT
          ---ha-w 36,864 2008-05-25 19:10:07 C:\Documents and Settings\Peter\ntuser.dat.LOG
          --sh--w 188 2008-05-25 18:57:21 C:\Documents and Settings\Peter\ntuser.ini

          Entries: 4 (1)
          Directories: 0 Files: 4
          Bytes: 3,969,858 Blocks: 7,755
          ======C:\WINDOWS\Downloaded Program Files====
          ---h--w 65 2008-04-18 13:48:23 C:\WINDOWS\Downloaded Program Files\desktop.ini

          Entries: 1 (0)
          Directories: 0 Files: 1
          Bytes: 65 Blocks: 1
          =============

          Comment


          • #6
            Open een kladblokbestand.
            Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

            @ECHO OFF
            IF EXIST log.txt DEL log.txt
            ECHO Deleting files>>log.txt
            FOR %%g in (
            C:\WINDOWS\System32\bstjbgbq.ini
            C:\WINDOWS\System32\hxlqgstu.ini
            C:\WINDOWS\System32\iroxalir.exe
            C:\WINDOWS\System32\kknclpnt.dll
            C:\WINDOWS\System32\ksfntxtx.dll
            C:\WINDOWS\System32\nlrugnik.dll
            C:\WINDOWS\System32\pmnmmmlJ.dll
            C:\WINDOWS\System32\qbgbjtsb.dll
            C:\WINDOWS\System32\qpdcbvfg.ini
            C:\WINDOWS\System32\rBJRAGgh.ini
            C:\WINDOWS\System32\rqYcdfii.ini
            C:\WINDOWS\System32\sjhxfhib.dll
            C:\WINDOWS\System32\spywarewarning2.mht
            C:\WINDOWS\System32\tmp.reg
            C:\WINDOWS\System32\tmp.txt
            C:\WINDOWS\System32\wasqahuf.exe
            C:\WINDOWS\System32\WinCtrl32.dllRVAXO
            C:\WINDOWS\System32\WinCtrl32.dll
            C:\WINDOWS\System32\WinCtrl32.dl_
            C:\WINDOWS\System32\drivers\wfM86.sys
            C:\WINDOWS\System32\adsldpd.exe
            C:\WINDOWS\megavid.cdt
            C:\WINDOWS\muotr.so) DO (
            DEL /Q %%gNUCIA
            IF EXIST %%g (
            ATTRIB -r -s -h %%g
            DEL %%g
            REN %%g *NUCIA
            IF EXIST %%gNUCIA (
            ECHO renamed to %%gNUCIA>>log.txt)
            IF EXIST %%g (
            ECHO %%g not deleted>>log.txt
            ) ELSE (
            ECHO %%g deleted>>log.txt)
            ) ELSE (
            ECHO %%g not found>>log.txt))
            START NOTEPAD.EXE log.txt

            Ga naar Bestand - Opslaan als.
            Bij "Opslaan in" kies je: Bureaublad
            Bij "Bestandsnaam" zet je: del.bat
            Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
            Klik op de knop Opslaan.

            Dubbelklik op del.bat en post de inhoud van de logfile die opent.

            Comment


            • #7
              Hier de log



              Deleting files
              C:\WINDOWS\System32\bstjbgbq.ini deleted
              C:\WINDOWS\System32\hxlqgstu.ini deleted
              C:\WINDOWS\System32\iroxalir.exe deleted
              C:\WINDOWS\System32\kknclpnt.dll deleted
              C:\WINDOWS\System32\ksfntxtx.dll deleted
              renamed to C:\WINDOWS\System32\nlrugnik.dllNUCIA
              C:\WINDOWS\System32\nlrugnik.dll deleted
              C:\WINDOWS\System32\pmnmmmlJ.dll not deleted
              renamed to C:\WINDOWS\System32\qbgbjtsb.dllNUCIA
              C:\WINDOWS\System32\qbgbjtsb.dll deleted
              C:\WINDOWS\System32\qpdcbvfg.ini deleted
              C:\WINDOWS\System32\rBJRAGgh.ini deleted
              C:\WINDOWS\System32\rqYcdfii.ini deleted
              renamed to C:\WINDOWS\System32\sjhxfhib.dllNUCIA
              C:\WINDOWS\System32\sjhxfhib.dll deleted
              C:\WINDOWS\System32\spywarewarning2.mht deleted
              C:\WINDOWS\System32\tmp.reg deleted
              C:\WINDOWS\System32\tmp.txt deleted
              C:\WINDOWS\System32\wasqahuf.exe deleted
              C:\WINDOWS\System32\WinCtrl32.dllRVAXO deleted
              renamed to C:\WINDOWS\System32\WinCtrl32.dllNUCIA
              C:\WINDOWS\System32\WinCtrl32.dll deleted
              C:\WINDOWS\System32\WinCtrl32.dl_ deleted
              C:\WINDOWS\System32\drivers\wfM86.sys not deleted
              C:\WINDOWS\System32\adsldpd.exe deleted
              C:\WINDOWS\megavid.cdt deleted
              C:\WINDOWS\muotr.so deleted

              Comment


              • #8
                Herstart de computer en dubbelklik daarna nog een keer op del.bat

                Post dan een nieuw logje van Hijackthis

                Comment


                • #9
                  Hier de del.bat en hijkack log



                  Deleting files
                  C:\WINDOWS\System32\bstjbgbq.ini not found
                  C:\WINDOWS\System32\hxlqgstu.ini not found
                  C:\WINDOWS\System32\iroxalir.exe not found
                  C:\WINDOWS\System32\kknclpnt.dll not found
                  C:\WINDOWS\System32\ksfntxtx.dll not found
                  C:\WINDOWS\System32\nlrugnik.dll not found
                  C:\WINDOWS\System32\pmnmmmlJ.dll not deleted
                  C:\WINDOWS\System32\qbgbjtsb.dll not found
                  C:\WINDOWS\System32\qpdcbvfg.ini not found
                  C:\WINDOWS\System32\rBJRAGgh.ini not found
                  C:\WINDOWS\System32\rqYcdfii.ini not found
                  C:\WINDOWS\System32\sjhxfhib.dll not found
                  C:\WINDOWS\System32\spywarewarning2.mht not found
                  C:\WINDOWS\System32\tmp.reg not found
                  C:\WINDOWS\System32\tmp.txt not found
                  C:\WINDOWS\System32\wasqahuf.exe not found
                  C:\WINDOWS\System32\WinCtrl32.dllRVAXO not found
                  renamed to C:\WINDOWS\System32\WinCtrl32.dllNUCIA
                  C:\WINDOWS\System32\WinCtrl32.dll deleted
                  C:\WINDOWS\System32\WinCtrl32.dl_ deleted
                  C:\WINDOWS\System32\drivers\wfM86.sys not deleted
                  C:\WINDOWS\System32\adsldpd.exe not found
                  C:\WINDOWS\megavid.cdt not found
                  C:\WINDOWS\muotr.so not found




                  Logfile of HijackThis v1.99.1
                  Scan saved at 10:09:01, on 26-5-2008
                  Platform: Windows XP SP2 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Windows Defender\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\system32\Ati2evxx.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\acs.exe
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\WINDOWS\system32\inetsrv\inetinfo.exe
                  C:\Program Files\McAfee.com\Agent\mcagent.exe
                  C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
                  C:\WINDOWS\RTHDCPL.EXE
                  C:\WINDOWS\SkyTel.EXE
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\WINDOWS\system32\00THotkey.exe
                  C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  C:\WINDOWS\system32\thpsrv.exe
                  C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
                  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\WINDOWS\system32\Linksts.exe
                  C:\Program Files\Windows Defender\MSASCui.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  C:\Program Files\McAfee\MPF\MPFSrv.exe
                  C:\Program Files\SiteAdvisor\6261\SAService.exe
                  C:\WINDOWS\system32\ThpSrv.exe
                  C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\WINDOWS\system32\wscntfy.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                  C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
                  C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\notepad.exe
                  C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                  O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
                  O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
                  O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
                  O2 - BHO: (no name) - {99972D1B-964E-49EC-92F4-1EB39F4810A5} - C:\WINDOWS\system32\pmnmmmlJ.dll
                  O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
                  O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                  O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                  O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
                  O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                  O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
                  O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
                  O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
                  O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
                  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                  O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
                  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                  O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
                  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                  O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
                  O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
                  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
                  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
                  O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
                  O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
                  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
                  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
                  O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                  O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
                  O11 - Options group: [INTERNATIONAL] International*
                  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
                  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                  O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
                  O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                  O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O20 - Winlogon Notify: pmnmmmlJ - C:\WINDOWS\SYSTEM32\pmnmmmlJ.dll
                  O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
                  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                  O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
                  O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                  O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                  O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                  O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                  O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                  O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                  O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                  O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
                  O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
                  O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

                  Comment


                  • #10
                    Verwijder del.bat en maak een nieuwe aan.

                    Open een kladblokbestand.
                    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                    @ECHO OFF
                    IF EXIST log.txt DEL log.txt
                    sc stop wfM86
                    sc delete wfM86
                    remove C:\WINDOWS\System32\drivers\wfM86.sys C:\RVAXO\wfM86.sys
                    remove C:\WINDOWS\System32\WinCtrl32.dll C:\RVAXO\WinCtrl32.dll
                    remove C:\WINDOWS\System32\WinCtrl32.dl_ C:\RVAXO\WinCtrl32.dl_
                    ECHO Deleting files>>log.txt
                    FOR %%g in (
                    C:\WINDOWS\System32\pmnmmmlJ.dll.vir
                    C:\WINDOWS\System32\WinCtrl32.dll
                    C:\WINDOWS\System32\WinCtrl32.dl_
                    C:\WINDOWS\System32\drivers\wfM86.sys) DO (
                    DEL /Q %%gNUCIA
                    IF EXIST %%g (
                    ATTRIB -r -s -h %%g
                    DEL %%g
                    IF EXIST %%g (
                    ECHO %%g not deleted>>log.txt
                    ) ELSE (
                    ECHO %%g deleted>>log.txt)
                    ) ELSE (
                    ECHO %%g not found>>log.txt))
                    START NOTEPAD.EXE log.txt

                    Ga naar Bestand - Opslaan als.
                    Bij "Opslaan in" kies je: Bureaublad
                    Bij "Bestandsnaam" zet je: del.bat
                    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                    Klik op de knop Opslaan.

                    Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                    Herstart daarna de computer en dubbelklik del.bat nog een keer.
                    Last edited by smeenk; 26-05-08, 13:11.

                    Comment


                    • #11
                      Hier de logfile


                      Deleting files
                      C:\WINDOWS\System32\pmnmmmlJ.dll not deleted
                      renamed to C:\WINDOWS\System32\WinCtrl32.dllNUCIA
                      C:\WINDOWS\System32\WinCtrl32.dll deleted
                      C:\WINDOWS\System32\WinCtrl32.dl_ not found
                      C:\WINDOWS\System32\AvBrand.dll not found
                      C:\WINDOWS\System32\drivers\wfM86.sys not deleted

                      Comment


                      • #12
                        Download VirtumundoBegone (mirror)
                        Sla dit op op je bureaublad.

                        Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
                        Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
                        Als de fix klaar is, start je de pc opnieuw op.
                        Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

                        Post ook een nieuw logje van Hijackthis

                        Comment


                        • #13
                          Hier de vitumundo log


                          [05/26/2008, 11:17:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Peter\Bureaublad\VirtumundoBeGone.exe" )
                          [05/26/2008, 11:17:30] - Detected System Information:
                          [05/26/2008, 11:17:30] - Windows Version: 5.1.2600, Service Pack 2
                          [05/26/2008, 11:17:30] - Current Username: Peter (Admin)
                          [05/26/2008, 11:17:30] - Windows is in NORMAL mode.
                          [05/26/2008, 11:17:30] - Searching for Browser Helper Objects:
                          [05/26/2008, 11:17:30] - BHO 1: {089FD14D-132B-48FC-8861-0048AE113215} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
                          [05/26/2008, 11:17:30] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
                          [05/26/2008, 11:17:30] - BHO 3: {81DB9AC3-E517-4195-ABF3-A7461D5D538F} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\iifdcYqr
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\iifdcYqr, continuing.
                          [05/26/2008, 11:17:30] - BHO 4: {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\hgGARJBr
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\hgGARJBr, continuing.
                          [05/26/2008, 11:17:30] - BHO 5: {99972D1B-964E-49EC-92F4-1EB39F4810A5} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\pmnmmmlJ
                          [05/26/2008, 11:17:30] - Found: HKLM\...\Winlogon\Notify\pmnmmmlJ - This is probably Virtumundo.
                          [05/26/2008, 11:17:30] - Assigning {99972D1B-964E-49EC-92F4-1EB39F4810A5} MSEvents Object
                          [05/26/2008, 11:17:30] - BHO list has been changed! Starting over...
                          [05/26/2008, 11:17:30] - BHO 1: {089FD14D-132B-48FC-8861-0048AE113215} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
                          [05/26/2008, 11:17:30] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
                          [05/26/2008, 11:17:30] - BHO 3: {81DB9AC3-E517-4195-ABF3-A7461D5D538F} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\iifdcYqr
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\iifdcYqr, continuing.
                          [05/26/2008, 11:17:30] - BHO 4: {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\hgGARJBr
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\hgGARJBr, continuing.
                          [05/26/2008, 11:17:30] - BHO 5: {99972D1B-964E-49EC-92F4-1EB39F4810A5} (MSEvents Object)
                          [05/26/2008, 11:17:30] - ALERT: Found MSEvents Object!
                          [05/26/2008, 11:17:30] - BHO 6: {a28255a0-d382-4d36-a611-77e11e91e812} ()
                          [05/26/2008, 11:17:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:30] - Checking for HKLM\...\Winlogon\Notify\nlrugnik
                          [05/26/2008, 11:17:30] - Key not found: HKLM\...\Winlogon\Notify\nlrugnik, continuing.
                          [05/26/2008, 11:17:30] - Finished Searching Browser Helper Objects
                          [05/26/2008, 11:17:30] - *** Detected MSEvents Object
                          [05/26/2008, 11:17:30] - Trying to remove MSEvents Object...
                          [05/26/2008, 11:17:31] - Terminating Process: IEXPLORE.EXE
                          [05/26/2008, 11:17:32] - Terminating Process: RUNDLL32.EXE
                          [05/26/2008, 11:17:32] - Disabling Automatic Shell Restart
                          [05/26/2008, 11:17:32] - Terminating Process: EXPLORER.EXE
                          [05/26/2008, 11:17:32] - Suspending the NT Session Manager System Service
                          [05/26/2008, 11:17:32] - Terminating Windows NT Logon/Logoff Manager
                          [05/26/2008, 11:17:32] - Re-enabling Automatic Shell Restart
                          [05/26/2008, 11:17:32] - File to disable: C:\WINDOWS\system32\pmnmmmlJ.dll
                          [05/26/2008, 11:17:32] - Renaming C:\WINDOWS\system32\pmnmmmlJ.dll -> C:\WINDOWS\system32\pmnmmmlJ.dll.vir
                          [05/26/2008, 11:17:32] - File successfully renamed!
                          [05/26/2008, 11:17:32] - Removing HKLM\...\Browser Helper Objects\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
                          [05/26/2008, 11:17:32] - Removing HKCR\CLSID\{99972D1B-964E-49EC-92F4-1EB39F4810A5}
                          [05/26/2008, 11:17:32] - Adding Kill Bit for ActiveX for GUID: {99972D1B-964E-49EC-92F4-1EB39F4810A5}
                          [05/26/2008, 11:17:33] - Deleting ATLEvents/MSEvents Registry entries
                          [05/26/2008, 11:17:33] - Removing HKLM\...\Winlogon\Notify\pmnmmmlJ
                          [05/26/2008, 11:17:33] - Searching for Browser Helper Objects:
                          [05/26/2008, 11:17:33] - BHO 1: {089FD14D-132B-48FC-8861-0048AE113215} ()
                          [05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
                          [05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
                          [05/26/2008, 11:17:33] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
                          [05/26/2008, 11:17:33] - BHO 3: {81DB9AC3-E517-4195-ABF3-A7461D5D538F} ()
                          [05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\iifdcYqr
                          [05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\iifdcYqr, continuing.
                          [05/26/2008, 11:17:33] - BHO 4: {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} ()
                          [05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\hgGARJBr
                          [05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\hgGARJBr, continuing.
                          [05/26/2008, 11:17:33] - BHO 5: {a28255a0-d382-4d36-a611-77e11e91e812} ()
                          [05/26/2008, 11:17:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
                          [05/26/2008, 11:17:33] - Checking for HKLM\...\Winlogon\Notify\nlrugnik
                          [05/26/2008, 11:17:33] - Key not found: HKLM\...\Winlogon\Notify\nlrugnik, continuing.
                          [05/26/2008, 11:17:33] - Finished Searching Browser Helper Objects
                          [05/26/2008, 11:17:33] - Finishing up...
                          [05/26/2008, 11:17:33] - A restart is needed.
                          [05/26/2008, 11:17:36] - Attempting to Restart via STOP error (Blue Screen!)



                          Hier de hijack log


                          Logfile of HijackThis v1.99.1
                          Scan saved at 11:20:52, on 26-5-2008
                          Platform: Windows XP SP2 (WinNT 5.01.2600)
                          MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                          Running processes:
                          C:\WINDOWS\System32\smss.exe
                          C:\WINDOWS\system32\winlogon.exe
                          C:\WINDOWS\system32\services.exe
                          C:\WINDOWS\system32\lsass.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\system32\svchost.exe
                          C:\Program Files\Windows Defender\MsMpEng.exe
                          C:\WINDOWS\System32\svchost.exe
                          C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                          C:\WINDOWS\system32\Ati2evxx.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\WINDOWS\system32\acs.exe
                          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          C:\Program Files\Bonjour\mDNSResponder.exe
                          C:\WINDOWS\system32\inetsrv\inetinfo.exe
                          C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                          c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                          c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                          C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                          C:\Program Files\McAfee\MPF\MPFSrv.exe
                          C:\Program Files\SiteAdvisor\6261\SAService.exe
                          C:\WINDOWS\system32\ThpSrv.exe
                          C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe
                          C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                          C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
                          C:\WINDOWS\RTHDCPL.EXE
                          C:\WINDOWS\SkyTel.EXE
                          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                          C:\WINDOWS\system32\00THotkey.exe
                          C:\WINDOWS\system32\thpsrv.exe
                          C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
                          C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                          C:\Program Files\iTunes\iTunesHelper.exe
                          C:\WINDOWS\system32\Linksts.exe
                          C:\Program Files\Windows Defender\MSASCui.exe
                          C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                          C:\WINDOWS\system32\wscntfy.exe
                          C:\Program Files\iPod\bin\iPodService.exe
                          C:\WINDOWS\System32\wbem\wmiapsrv.exe
                          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                          C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                          C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
                          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                          O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
                          O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
                          O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
                          O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
                          O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                          O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                          O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
                          O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                          O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                          O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                          O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
                          O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
                          O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
                          O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
                          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                          O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
                          O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                          O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
                          O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                          O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
                          O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
                          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
                          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
                          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
                          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
                          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
                          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
                          O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                          O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
                          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                          O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
                          O11 - Options group: [INTERNATIONAL] International*
                          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
                          O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                          O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
                          O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                          O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
                          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                          O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
                          O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                          O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
                          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                          O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                          O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                          O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                          O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                          O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                          O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                          O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                          O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                          O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
                          O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
                          O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

                          Comment


                          • #14
                            Start Hijackthis en vink alleen de volgende regels aan:
                            O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
                            O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
                            O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
                            O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
                            O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
                            O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
                            O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll

                            Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                            Installeer unlocker eens : http://ccollomb.free.fr/unlocker/

                            Probeer daarna deze bestand te vinden met je verkenner:
                            C:\WINDOWS\System32\WinCtrl32.dll
                            C:\WINDOWS\System32\WinCtrl32.dl_
                            Rechtklik op die bestanden en kies voor het icoontje van Unlocker en daarna voor "Alles vrijgeven", lukt dit niet, kies dan voor verwijderen.
                            Herstart je computer en post een nieuw logje van Hijackthis

                            Comment


                            • #15
                              Ik heb de file win32.dll gedaan
                              De file win32dl_ staat er niet tussen maar wel win32.dllNUCIA
                              Moet ik ihern og wat mee doen ?


                              Hier de hijack log


                              Logfile of HijackThis v1.99.1
                              Scan saved at 11:20:52, on 26-5-2008
                              Platform: Windows XP SP2 (WinNT 5.01.2600)
                              MSIE: Internet Explorer v7.00 (7.00.6000.16640)

                              Running processes:
                              C:\WINDOWS\System32\smss.exe
                              C:\WINDOWS\system32\winlogon.exe
                              C:\WINDOWS\system32\services.exe
                              C:\WINDOWS\system32\lsass.exe
                              C:\WINDOWS\system32\Ati2evxx.exe
                              C:\WINDOWS\system32\svchost.exe
                              C:\Program Files\Windows Defender\MsMpEng.exe
                              C:\WINDOWS\System32\svchost.exe
                              C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                              C:\WINDOWS\system32\Ati2evxx.exe
                              C:\WINDOWS\Explorer.EXE
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\WINDOWS\system32\acs.exe
                              C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              C:\Program Files\Bonjour\mDNSResponder.exe
                              C:\WINDOWS\system32\inetsrv\inetinfo.exe
                              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                              c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                              c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                              C:\Program Files\McAfee\MPF\MPFSrv.exe
                              C:\Program Files\SiteAdvisor\6261\SAService.exe
                              C:\WINDOWS\system32\ThpSrv.exe
                              C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe
                              C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                              C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
                              C:\WINDOWS\RTHDCPL.EXE
                              C:\WINDOWS\SkyTel.EXE
                              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                              C:\WINDOWS\system32\00THotkey.exe
                              C:\WINDOWS\system32\thpsrv.exe
                              C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
                              C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                              C:\Program Files\iTunes\iTunesHelper.exe
                              C:\WINDOWS\system32\Linksts.exe
                              C:\Program Files\Windows Defender\MSASCui.exe
                              C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
                              C:\WINDOWS\system32\ctfmon.exe
                              C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                              C:\WINDOWS\system32\wscntfy.exe
                              C:\Program Files\iPod\bin\iPodService.exe
                              C:\WINDOWS\System32\wbem\wmiapsrv.exe
                              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                              C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
                              C:\Documents and Settings\Peter\Bureaublad\HijackThis.exe

                              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tek-tips.com/threadminder.cfm?pid=940
                              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                              O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                              O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
                              O2 - BHO: (no name) - {81DB9AC3-E517-4195-ABF3-A7461D5D538F} - C:\WINDOWS\system32\iifdcYqr.dll (file missing)
                              O2 - BHO: (no name) - {8C7970AB-7B50-456B-9DD2-44CA49E62B2A} - C:\WINDOWS\system32\hgGARJBr.dll (file missing)
                              O2 - BHO: {218e19e1-1e77-116a-63d4-283d0a55282a} - {a28255a0-d382-4d36-a611-77e11e91e812} - C:\WINDOWS\system32\nlrugnik.dll (file missing)
                              O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                              O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                              O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
                              O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
                              O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
                              O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
                              O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
                              O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
                              O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
                              O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
                              O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
                              O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
                              O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                              O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
                              O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                              O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                              O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
                              O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
                              O4 - HKLM\..\Run: [34a5b138] rundll32.exe "C:\WINDOWS\system32\qbgbjtsb.dll",b
                              O4 - HKLM\..\Run: [BM379682a4] Rundll32.exe "C:\WINDOWS\system32\sjhxfhib.dll",s
                              O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
                              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                              O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                              O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
                              O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
                              O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
                              O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
                              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
                              O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                              O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                              O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                              O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
                              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
                              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                              O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
                              O11 - Options group: [INTERNATIONAL] International*
                              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
                              O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208528488390
                              O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                              O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
                              O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
                              O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
                              O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                              O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
                              O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
                              O23 - Service: Atheros-clienthulpprogramma (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
                              O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                              O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                              O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                              O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                              O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
                              O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                              O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                              O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                              O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                              O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                              O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
                              O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
                              O23 - Service: TOSHIBA vaste-schijfbeveiliging (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
                              O23 - Service: VPNM Database Server (VPIMDBSVR) - Small Medium Business Solutions Group, Avaya - C:\Program Files\Avaya\IP Office\Voicemail Pro\VPIM\vpimdbsvr.exe

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X