Vraag & Antwoord

Beveiliging & privacy

Help, Vundo Virus

8 antwoorden
  • Hallo, Ik ben intussen ook getroffen door het vundo virus. Kan iemand mij hiermee helpen... :D
  • Hier is mijn HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 18:01, on 2007-06-11 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Hijack This\hijackthis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\woqwschg.dll",realset O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{2715D~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{2715D~1\reboot.ini -l0x7 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • En combofix... HELP!!! ComboFix 07-06-11.3 - C:\Documents and Settings\Chris Bogaards\Bureaublad\ComboFix.exe "Chris Bogaards" - 2007-06-11 17:59:03 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\canhhdfe.dll C:\WINDOWS\system32\iygxawol.dll C:\WINDOWS\system32\mbhiyank.dll C:\WINDOWS\system32\soawgdcc.dll C:\WINDOWS\system32\woqwschg.dll C:\WINDOWS\system32\winowl32.dll C:\WINDOWS\system32\hjllm.bak1 C:\WINDOWS\system32\hjllm.bak2 C:\WINDOWS\system32\hjllm.ini C:\WINDOWS\system32\hjllm.ini2 C:\WINDOWS\system32\hjllm.tmp C:\WINDOWS\system32\ghcswqow.ini C:\WINDOWS\system32\hjllm.bak1 C:\WINDOWS\system32\hjllm.bak2 C:\WINDOWS\system32\hjllm.ini C:\WINDOWS\system32\hjllm.ini2 C:\WINDOWS\system32\hjllm.tmp C:\WINDOWS\system32\hjllm.bak1 C:\WINDOWS\system32\hjllm.bak2 C:\WINDOWS\system32\hjllm.ini C:\WINDOWS\system32\hjllm.ini2 C:\WINDOWS\system32\hjllm.tmp C:\WINDOWS\system32\nnnmp.ini2 C:\WINDOWS\system32\nnnmp.tmp C:\WINDOWS\system32\mlljh.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 ))))))))))))))))))))))))))))))) 2007-06-11 18:00 <DIR> d-------- C:\Program Files\Hijack This 2007-06-11 17:58 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-11 15:39 <DIR> d-------- C:\Program Files\Native Instruments 2007-06-11 15:31 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-06-11 15:31 <DIR> d-------- C:\WINDOWS\system32\custom matrices 2007-06-11 15:31 <DIR> d-------- C:\WINDOWS\system32\C2MP 2007-06-11 15:25 <DIR> d-------- C:\Program Files\GoldEsel 2007-06-11 15:25 <DIR> d-------- C:\Program Files\Ahead 2007-06-06 19:38 55,316 --a------ C:\WINDOWS\system32\tkkntjmf.dll 2007-06-05 09:52 <DIR> d-------- C:\Program Files\Zylom Games 2007-06-05 09:52 <DIR> d-------- C:\DOCUME~1\MARIAN~1\APPLIC~1\Zylom 2007-06-05 09:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom 2007-06-05 09:49 2,580 --a------ C:\WINDOWS\system32\qnolaofb.exe 2007-06-04 22:18 <DIR> d-------- C:\DOCUME~1\MARIAN~1\Saved Games 2007-06-04 21:33 2,580 --a------ C:\WINDOWS\system32\xhvppvgn.exe 2007-06-04 11:26 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-06-04 11:26 <DIR> d-------- C:\Program Files\Gamenext 2007-06-04 11:26 <DIR> d-------- C:\Program Files\Common Files\Oberon Media 2007-06-04 11:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Friends Games 2007-06-04 10:39 2,580 --a------ C:\WINDOWS\system32\xnkbnclp.exe 2007-06-03 16:01 2,580 --a------ C:\WINDOWS\system32\uatpadnn.exe 2007-06-02 18:19 2,580 --a------ C:\WINDOWS\system32\jerdbtey.exe 2007-06-02 15:42 <DIR> d-------- C:\DOCUME~1\EDBOGA~1\APPLIC~1\CyberLink 2007-06-02 15:41 2,580 --a------ C:\WINDOWS\system32\nfvrudst.exe 2007-05-31 20:43 <DIR> d-------- C:\DOCUME~1\CHRISB~1\APPLIC~1\ImgBurn 2007-05-31 20:12 <DIR> d-------- C:\Program Files\ImgBurn 2007-05-31 19:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-05-31 19:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-05-31 19:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-05-31 18:24 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-05-31 18:21 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-05-31 18:19 19,575 --------- C:\WINDOWS\hpoins01.dat 2007-05-31 18:19 16,606 --------- C:\WINDOWS\hpomdl01.dat 2007-05-31 18:17 <DIR> d-------- C:\temp\HP All-in-One Series Web Release 2007-05-31 18:17 <DIR> d-------- C:\temp 2007-05-31 18:03 <DIR> d-------- C:\movieshrink 2007-05-31 17:51 50,740 --a------ C:\WINDOWS\system32\nbekofkx.dll 2007-05-31 17:42 <DIR> d-------- C:\HARRY_POTTER_GOBLET_OF_FIRE 2007-05-31 17:41 <DIR> d-------- C:\DOCUME~1\CHRISB~1\APPLIC~1\CyberLink 2007-05-30 18:02 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll 2007-05-30 18:02 <DIR> d-------- C:\Program Files\Acala DVD 3gp Ripper 2007-05-30 16:46 <DIR> d-------- C:\Program Files\Codemasters 2007-05-30 16:35 <DIR> d-------- C:\Program Files\muvee Technologies 2007-05-30 16:35 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies 2007-05-30 16:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies 2007-05-30 16:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink 2007-05-30 16:22 198,144 --a------ C:\WINDOWS\system32\_psisdecd.dll 2007-05-30 16:18 <DIR> d-------- C:\Program Files\Home Cinema 2007-05-24 18:43 <DIR> d-------- C:\DOCUME~1\CHRISB~1\APPLIC~1\McAfee 2007-05-24 17:57 <DIR> d---s---- C:\DOCUME~1\CHRISB~1\UserData 2007-05-24 11:17 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-05-24 10:17 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander 2007-05-24 10:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings 2007-05-24 00:13 <DIR> d-------- C:\WINDOWS\system32\ageia 2007-05-24 00:13 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-05-23 23:32 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-05-23 23:32 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-05-23 23:32 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-05-23 23:32 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-05-23 23:31 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-05-23 16:35 <DIR> d-------- C:\DOCUME~1\CHRISB~1\APPLIC~1\Promixis 2007-05-23 16:34 <DIR> d-------- C:\Program Files\Promixis 2007-05-23 16:20 <DIR> d-------- C:\WINDOWS\pss 2007-05-23 16:10 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-05-23 16:00 17,792 --a------ C:\WINDOWS\system32\drivers\x10ufx2.sys 2007-05-23 16:00 127,184 --a------ C:\WINDOWS\Unwise.exe 2007-05-23 16:00 <DIR> d-------- C:\Program Files\X10 Hardware 2007-05-23 16:00 <DIR> d-------- C:\Program Files\Common Files\X10 2007-05-23 15:57 <DIR> d-------- C:\Program Files\CyberLink 2007-05-23 15:41 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2007-05-23 15:41 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-05-23 15:41 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll 2007-05-23 15:41 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL 2007-05-23 15:38 930,992 --------- C:\WINDOWS\system32\Ltr13n.dll 2007-05-23 15:38 884,736 --------- C:\WINDOWS\system32\LMUIRes.dll 2007-05-23 15:38 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll 2007-05-23 15:38 70,144 --------- C:\WINDOWS\system32\lfbmp13s.dll 2007-05-23 15:38 64,512 --------- C:\WINDOWS\system32\lftga13s.dll 2007-05-23 15:38 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll 2007-05-23 15:38 41,984 --a------ C:\WINDOWS\system32\cacheX.dll 2007-05-23 15:38 409,600 --------- C:\WINDOWS\system32\LFCMP13s.DLL 2007-05-23 15:38 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL 2007-05-23 15:38 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll 2007-05-23 15:38 306,352 --------- C:\WINDOWS\system32\Ltrio13n.dll 2007-05-23 15:38 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll 2007-05-23 15:38 24,576 --------- C:\WINDOWS\system32\lftga13n.dll 2007-05-23 15:38 233,472 --------- C:\WINDOWS\system32\DiskIO.dll 2007-05-23 15:38 2,079,232 --------- C:\WINDOWS\system32\LTCLR13s.dll 2007-05-23 15:38 184,320 --------- C:\WINDOWS\system32\RALMain.dll 2007-05-23 15:38 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL 2007-05-23 15:38 126,976 --------- C:\WINDOWS\system32\AVIPrAx.dll 2007-05-23 15:38 12,288 --------- C:\WINDOWS\system32\LMLRes.dll 2007-05-23 15:38 110,080 --------- C:\WINDOWS\system32\lfpsd13s.dll 2007-05-23 15:38 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll 2007-05-23 15:38 1,013,248 --------- C:\WINDOWS\system32\Ltwvc13n.dll 2007-05-23 15:23 <DIR> d-------- C:\WINDOWS\system32\URTTemp 2007-05-23 15:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2007-05-23 15:22 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2007-05-23 15:22 57,856 --a------ C:\WINDOWS\system32\masd32.dll 2007-05-23 15:22 27,648 --a------ C:\WINDOWS\system32\ma32.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-11 12:31:53 70,458 ----a-w C:\WINDOWS\system32\perfc013.dat 2007-06-11 12:31:53 445,222 ----a-w C:\WINDOWS\system32\perfh013.dat 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-04-18 16:15:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-03-21 18:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL 2007-03-21 18:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE 2007-03-21 18:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE 2007-03-17 13:45:54 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 16:17:14 337,280 ----a-w C:\WINDOWS\system32\WgaTray1.exe 2007-03-15 16:16:52 236,928 ----a-w C:\WINDOWS\system32\WgaLogon1.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 10:30] {3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 10:30] {41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-09 15:08] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00] "MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 14:31] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-11-09 15:08] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 16:16] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-14 15:09] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43] "RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-10-28 21:53] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04] "BitComet"="C:\Program Files\BitLord\BitLord.exe" [2005-05-07 02:47] "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxwu] efcbxwu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnn] C:\WINDOWS\system32\pmnnn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Ralink Wireless Utility.lnk backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c " [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Contents of the 'Scheduled Tasks' folder 2007-05-18 11:35:27 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-05-20 14:11:40 C:\WINDOWS\tasks\Norton Security Scan.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-11 18:08:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-11 18:09:35 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-11 18:09 --- E O F ---
  • bijna alles al gedaan. Download [b:02d5a849ce][url=http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe]VirtumundoBegone[/url][/b:02d5a849ce], sla dit op op je bureaublad. Dubbelklik op [b:02d5a849ce]VirtumundoBeGone.exe[/b:02d5a849ce] en volg de aanwijzingen. Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal. Als de fix klaar is, start je de pc opnieuw op. Plaats de inhoud van het logbestand [b:02d5a849ce]VBG.TXT[/b:02d5a849ce], dat nu op je bureaublad staat, hier in je volgende bericht samen met een nieuw HJT logje
  • [06/11/2007, 18:51:04] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Chris Bogaards\Bureaublad\VirtumundoBeGone.exe" ) [06/11/2007, 18:51:06] - Detected System Information: [06/11/2007, 18:51:06] - Windows Version: 5.1.2600, Service Pack 2 [06/11/2007, 18:51:06] - Current Username: Chris Bogaards (Admin) [06/11/2007, 18:51:06] - Windows is in NORMAL mode. [06/11/2007, 18:51:06] - Searching for Browser Helper Objects: [06/11/2007, 18:51:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen) [06/11/2007, 18:51:06] - BHO 2: {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} (McBrwHelper Class) [06/11/2007, 18:51:06] - BHO 3: {3EC8255F-E043-4cae-8B3B-B191550C2A22} (McAfee Privacy Service Popup Blocker) [06/11/2007, 18:51:06] - BHO 4: {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} (McAfee AntiPhishing Filter) [06/11/2007, 18:51:06] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) [06/11/2007, 18:51:06] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [06/11/2007, 18:51:06] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/11/2007, 18:51:06] - No filename found. Continuing. [06/11/2007, 18:51:06] - Finished Searching Browser Helper Objects [06/11/2007, 18:51:06] - Finishing up... [06/11/2007, 18:51:06] - Nothing found! Exiting...
  • Logfile of HijackThis v1.99.1 Scan saved at 19:35:33, on 11-6-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\program files\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\BitLord\BitLord.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ALCFDRTM.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Hijack This\hijackthis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: efcbxwu - efcbxwu.dll (file missing) O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll (file missing) O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
  • Start Hijackthis op en kies voor 'Do a system scan only' Selecteer alleen de items die hieronder zijn genoemd: [b:8acee571e8] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O20 - Winlogon Notify: efcbxwu - efcbxwu.dll (file missing) O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll (file missing) [/b:8acee571e8] Sluit alle vensters behalve Hijackthis Klik op 'Fix checked' om de items te verwijderen. start opnieuw op en verwijder alle gebruikte tools, start weer opnieuw op en plaats een nieuw HJT logje aub. Vertel ook even of het probleem al over is.
  • Logfile of HijackThis v1.99.1 Scan saved at 19:53:53, on 11-6-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\vso\mcvsescn.exe c:\program files\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe C:\Program Files\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ALCFDRTM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijack This\hijackthis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe" O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Ik hoop dat het nu voorbij is met alle irritante pop-ups ed.

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.