Vraag & Antwoord

Beveiliging & privacy

Vundo virus Verwijderd

Anoniem
smeenk
7 antwoorden
 • Hallo allemaal, hoop dat jullie me met mijn probleem kunnen helpen.

  Ik had het Vundo virus op mijn laptop staan, heb ik verwijderd met het programma Vundofix.
  Computer loopt nu weer goed, alleen krijg ik nu elke keer de melding als ik de computer opstart er is een fout opgetreden in ppapmvtl.ddl kan het opgegeven bestand niet vinden.
  Hoe kan ik dit oplossen.
  Hoop dat jullie een antwoord hebben. en dat ik niet mijn laptop heb kapot gemaakt.

  mvg Dennis
 • Ben je zeker dat ppapmvtl.ddl juiste schrijfwijze is van de bestandsnaam. Waarschijnlijk eindigt deze foutmeding al op .dll, maar ook het eerste deel is onbekend. En dat betekent niet veel goeds. Als de schrijfwijze juist is, lijkt me het posten van een log van HiJackThis geen overbodige zaak.
 • Ik had het inderdaad niet goed opgeschreven er staat"kan opgegeven bestand niet vinden en dan c/windows/system32/ppapmtvl.dll.
  en dit is een log van hijackthis:
  Logfile of Trend Micro HijackThis v2.0.0 (BETA)
  Scan saved at 09:11, on 2007-06-05
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\svchost.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\WINDOWS\system32\Ati2evxx.exe
  C:\WINDOWS\Explorer.EXE
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\sm56hlpr.exe
  C:\WINDOWS\RTHDCPL.EXE
  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
  C:\Program Files\QuickTime\qttask.exe
  C:\Program Files\McAfee.com\VSO\oasclnt.exe
  C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
  C:\Program Files\MSN Messenger\MsnMsgr.Exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Windows Media Player\WMPNSCFG.exe
  C:\Program Files\DAEMON Tools\daemon.exe
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
  c:\progra~1\mcafee.com\vso\mcvsftsn.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  C:\Program Files\Messenger\msmsgs.exe
  C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
  C:\WINDOWS\system32\wuauclt.exe
  c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
  C:\Documents and Settings\Tamara\Bureaublad\HiJackThis_v2.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
  O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
  O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
  O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [Snelkoppeling naar eigenschappenvenster voor High Definition Audio] HDAShCut.exe
  O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
  O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
  O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
  O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
  O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
  O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
  O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ppapmtvl.dll",realset
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
  O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/nl/4,0,0,90/mcinsctl.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154450874752
  O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://83.228.51.50:9999/program/SonyNetworkCameraViewer.cab
  O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader4.cab
  O16 - DPF: {6E81F1E7-B27E-4AE7-B33A-E5E4851AB631} (MMSurf2Music Control) - http://beta.surf2music.nl/component/1/mmsurf2music.cab
  O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CAB
  O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://nl.mcafee.com/Apps/WSC/nl/WscWlanScannerCtrl.cab
  O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://cache.hyves.nl/statics/Aurigma/ImageUploader.cab
  O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
  O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)
  O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
  O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
  O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
  O23 - Service: Planner voor Automatische LiveUpdate - VSO Software - (no file)
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


  End of file - 11606 bytes

  hoop dat je me kan helpen
  mvg dennis
 • Start HijackThis nog een keer, kies voor "Do a system scan only" en plaats alleen een vinkje voor de volgende regels:
  [b:13294008e8]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ppapmtvl.dll",realset
  O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing) [/b:13294008e8]
  Sluit alle open vensters(behalve HijackThis), klik daarna op "Fix checked" en sluit HijackThis af.

  Download [b:13294008e8]Combofix[/b:13294008e8] naar je bureaublad.
  Dubbelklik [b:13294008e8]combofix.exe[/b:13294008e8]
  Volg de instructies.
  Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

  Wanneer de fix gedaan heeft en na herstart, zal de log combofix.txt openen.
  Plaats deze log in je volgende post.

  Groeten smeenk ;)
 • dit is de log van combofix:
  "Tamara" - 2007-06-05 9:52:02 Service Pack 2 NTFS
  ComboFix 07-06-3 - Running from: "C:\Documents and Settings\Tamara\Bureaublad\"


  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


  C:\DOCUME~1\Tamara\BUREAU~1\internet.lnk


  ((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))


  2007-06-05 08:42 <DIR> d——– C:\DOCUME~1\Tamara\DoctorWeb
  2007-06-05 08:36 <DIR> d——– C:\Program Files\Eusing Free Registry Cleaner
  2007-06-05 08:29 <DIR> d——– C:\DOCUME~1\Tamara\APPLIC~1\Smart PC Solutions
  2007-06-05 08:06 524,288 –ah—– C:\DOCUME~1\ADMINI~1\NTUSER.DAT
  2007-06-05 08:06 <DIR> dr——- C:\DOCUME~1\ADMINI~1\Menu Start
  2007-06-05 08:06 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Sjablonen
  2007-06-05 08:06 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Onlangs geopend
  2007-06-05 08:06 <DIR> d–h—– C:\DOCUME~1\ADMINI~1\Netwerkprinteromgeving
  2007-06-05 08:06 <DIR> d——– C:\DOCUME~1\ADMINI~1\Mijn documenten
  2007-06-05 08:06 <DIR> d——– C:\DOCUME~1\ADMINI~1\Favorieten
  2007-06-05 08:06 <DIR> d——– C:\DOCUME~1\ADMINI~1\Bureaublad
  2007-06-05 07:36 <DIR> d——– C:\VundoFix Backups
  2007-06-04 21:13 2,580 –a—— C:\WINDOWS\system32\nrepgwef.exe
  2007-06-04 20:51 87,608 –a—— C:\DOCUME~1\Tamara\APPLIC~1\inst.exe
  2007-06-04 20:51 47,360 –a—— C:\WINDOWS\system32\drivers\pcouffin.sys
  2007-06-04 20:51 47,360 –a—— C:\DOCUME~1\Tamara\APPLIC~1\pcouffin.sys
  2007-06-04 20:51 217,127 –a—— C:\WINDOWS\system32\drv43260.dll
  2007-06-04 20:51 208,935 –a—— C:\WINDOWS\system32\drv33260.dll
  2007-06-04 20:51 176,165 –a—— C:\WINDOWS\system32\drv23260.dll
  2007-06-04 20:51 <DIR> d——– C:\Program Files\VSO
  2007-06-04 20:51 <DIR> d——– C:\DOCUME~1\Tamara\APPLIC~1\Vso
  2007-06-04 20:26 <DIR> d——– C:\DOCUME~1\Tamara\APPLIC~1\Media Player Classic
  2007-06-04 20:03 740,442 –a—— C:\WINDOWS\system32\divx.dll
  2007-06-04 20:03 73,728 –a—— C:\WINDOWS\system32\dpl100.dll
  2007-06-04 20:03 593,920 –a—— C:\WINDOWS\system32\xvidcore.dll
  2007-06-04 20:03 3,596,288 –a—— C:\WINDOWS\system32\qt-dx331.dll
  2007-06-04 20:03 217,088 –a—— C:\WINDOWS\system32\yv12vfw.dll
  2007-06-04 20:03 180,224 –a—— C:\WINDOWS\system32\xvidvfw.dll
  2007-06-04 20:03 10,752 –a—— C:\WINDOWS\system32\ff_vfw.dll
  2007-06-04 20:03 1,565,480 –a—— C:\WINDOWS\system32\wmv9vcm.dll
  2007-06-04 20:03 <DIR> d——– C:\Program Files\K-Lite Codec Pack
  2007-06-04 19:37 <DIR> d——– C:\Program Files\URUSoft
  2007-06-04 19:22 73,216 –a—— C:\WINDOWS\ST6UNST.EXE
  2007-06-04 19:22 249,856 ——— C:\WINDOWS\Setup1.exe
  2007-06-04 19:22 <DIR> d——– C:\Program Files\SubSync
  2007-06-04 17:41 <DIR> d——– C:\Program Files\Nero
  2007-06-04 17:41 <DIR> d——– C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
  2007-06-04 13:03 <DIR> d——– C:\DOCUME~1\Tamara\APPLIC~1\vlc
  2007-06-04 13:00 <DIR> d——– C:\Program Files\VideoLAN
  2007-05-21 15:37 <DIR> d——– C:\Program Files\ModTheSims2.com
  2007-05-21 15:09 <DIR> d——– C:\temp
  2007-05-21 14:50 <DIR> d——– C:\Program Files\Sims2Pack Clean Installer
  2007-05-17 21:11 <DIR> d——– C:\DOCUME~1\Tamara\Downloads
  2007-05-17 21:11 <DIR> d——– C:\DOCUME~1\Tamara\APPLIC~1\NewsLeecher
  2007-05-16 18:19 133,168 –a—— C:\WINDOWS\system32\drivers\imagesrv.sys
  2007-05-16 18:19 11,568 –a—— C:\WINDOWS\system32\drivers\imagedrv.sys
  2007-05-16 09:42 972,336 –a—— C:\WINDOWS\UNNeroMediaHome.exe
  2007-05-15 09:45 972,336 –a—— C:\WINDOWS\UNNeroVision.exe
  2007-05-13 21:22 <DIR> d——– C:\DOCUME~1\Tamara\APPLIC~1\uTorrent
  2007-05-07 15:20 <DIR> dr-h—– C:\DOCUME~1\Tamara\Onlangs geopend


  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

  2007-06-04 20:21:50 ——– d—–w C:\Program Files\SpeedFan
  2007-06-04 20:01:43 ——– d—–w C:\DOCUME~1\Tamara\APPLIC~1\Ahead
  2007-06-04 17:23:49 ——– d—–w C:\Program Files\Common Files\Ahead
  2007-06-04 15:33:08 ——– d—–w C:\Program Files\Ahead
  2007-05-26 17:40:43 ——– d—–w C:\Program Files\World of Warcraft
  2007-05-21 12:30:09 ——– d—–w C:\Program Files\MSN Messenger
  2007-05-21 12:30:09 ——– d—–w C:\Program Files\Messenger Plus! Live
  2007-05-14 11:37:13 ——– d—–w C:\Program Files\DAEMON Tools
  2007-05-14 11:35:23 682,232 —-a-w C:\WINDOWS\system32\drivers\sptd.sys
  2007-04-23 14:42:50 972,336 —-a-w C:\WINDOWS\UNRecode.exe
  2007-04-18 16:15:26 2,854,400 —-a-w C:\WINDOWS\system32\msi.dll
  2007-04-17 10:46:54 424 —-a-w C:\DOCUME~1\Tamara\APPLIC~1\wklnhst.dat
  2007-03-27 15:52:25 69,812 —-a-w C:\WINDOWS\system32\perfc013.dat
  2007-03-27 15:52:25 442,556 —-a-w C:\WINDOWS\system32\perfh013.dat
  2007-03-20 19:22:04 972,336 —-a-w C:\WINDOWS\UNNeroBackItUp.exe
  2007-03-17 13:45:54 293,376 —-a-w C:\WINDOWS\system32\winsrv.dll
  2007-03-08 15:39:10 579,072 —-a-w C:\WINDOWS\system32\user32.dll
  2007-03-08 15:39:10 40,960 —-a-w C:\WINDOWS\system32\mf3216.dll
  2007-03-08 15:39:10 281,600 —-a-w C:\WINDOWS\system32\gdi32.dll
  2007-03-08 15:37:59 1,843,712 —-a-w C:\WINDOWS\system32\win32k.sys
  2007-03-05 15:00:18 95,864 —-a-w C:\WINDOWS\system32\NeroCo.dll


  ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


  *Note* empty entries & legit default entries are not shown

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
  {227B8AA8-DAF2-4892-BD1D-73F568BCB24E}=c:\program files\mcafee.com\mps\mcbrhlpr.dll [2005-10-28 11:30]
  {3EC8255F-E043-4cae-8B3B-B191550C2A22}=c:\program files\mcafee.com\mps\popupkiller.dll [2005-10-28 11:30]
  {41D68ED8-4CFF-4115-88A6-6EBB8AF19000}=c:\program files\mcafee\spamkiller\mcapfbho.dll [2005-11-09 16:08]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
  {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18]
  "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 15:25]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
  "Snelkoppeling naar eigenschappenvenster voor High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
  "SMSERIAL"="sm56hlpr.exe" [2005-09-16 14:01 C:\WINDOWS\sm56hlpr.exe]
  "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15:49 C:\WINDOWS\RTHDCPL.exe]
  "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 16:13]
  "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-02 23:48]
  "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02]
  "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 17:16]
  "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-11-09 16:08]
  "MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [2006-03-30 15:31]
  "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00]
  "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
  "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
  "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24]
  "BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21]
  "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 C:\WINDOWS\system32\bthprops.cpl]
  "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
  "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
  "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
  "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-02-03 22:16]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
  "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53]
  "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27]

  [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
  "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
  "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\Stardock\MCPCore.dll" [2005-05-10 13:31]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
  C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  bthsvcs BthServ

  HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


  Contents of the 'Scheduled Tasks' folder
  2007-06-05 07:11:59 C:\WINDOWS\tasks\MP Scheduled Scan.job

  **************************************************************************

  catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
  Rootkit scan 2007-06-05 09:55:22
  Windows 5.1.2600 Service Pack 2 NTFS

  scanning hidden processes …

  scanning hidden autostart entries …

  scanning hidden files …

  scan completed successfully
  hidden files: 0

  **************************************************************************

  [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]


  [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]


  Completion time: 2007-06-05 9:55:49
  C:\ComboFix-quarantined-files.txt … 2007-06-05 09:55

  — E O F —
 • Verwijder dit bestand:
  C:\WINDOWS\system32\nrepgwef.exe

  Maak je prullenbak leeg.

  Doe dit nog even:
  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
  Kijk hier hoe je je systeemherstel moet uitschakelen.
  Hiermee verwijder je eventuele restanten van de infecties uit je systeemherstel.

  Zijn alle problemen dan voorbij?
 • Geweldig bedanks alles doet het weer.
  geen foutmeldingen meer.
  Nog nooit zo goed geholpen.
  Hardstikke bedankt!!!!!!!!!!
  mvg Dennis

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.