Mededeling

Collapse
No announcement yet.

HJT log: wuauclt en andere

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • HJT log: wuauclt en andere

    Hey,

    Zou iemand mijn HJT log willen bekijken?

    ik heb sinds gister last van onder andere de fout melding:
    In wuauclt.exe is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak.
    (windows update, toch?)
    Mijn geluidskaart driver deed het tijdelijk niet, maar dat is op dit moment opgelost.
    Ook verandert mijn vormgeving van het bureaublad af en toe (van Windows xp-stijl naar Windows-klassiek)

    Alvast bedankt!


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:39:10, on 11-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PackethSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\mHotkey.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Winamp\winamp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerweb.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [imjpmig] D:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [WinPatrol] D:\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129186750703
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129186737812
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://wessel.myphotoalbum.com/ImageUploader4.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{96B0BD16-D4F2-44CE-B108-443CD218CBC7}: NameServer = 195.121.1.34,195.121.1.66
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 13095 bytes

  • #2
    Hallo,

    Ik weet dat ik nog 2 uur moet wachten voordat ik mijn bericht weer onder de aandacht mag brengen, maar ik heb nu echt hulp nodig!

    Ik krijg nu vanaf afgelopen donderdag de ene na de andere foutmelding (vooral de wuauclt.exe).
    Ik weet niet hoe maar de drivers van mijn video- en audio kaart waren beide verdwenen. Ik heb voor beide weer drivers gedownload, maar deze werken beide nog niet optimaal. Zo loopt mijn winamp player telkens vast, evenals mijn computerspellen.

    Ook is mijn internet erg traag geworden sinds vanmiddag

    Ik post nu opnieuw een HJT log, omdat er in de tussen tijd nogal wat is veranderd.

    Ik hoop dat iemand mij zo snel mogelijk kan helpen (ik ben namelijk de komende week niet thuis)

    Groeten en alvast bedankt!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:28:12, on 14-4-2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\PackethSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Apps\Softex\OmniPass\Omniserv.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\mHotkey.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Apps\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerweb.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    O4 - HKLM\..\Run: [imjpmig] D:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [WinPatrol] D:\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [6495b5fd] rundll32.exe "C:\WINDOWS\system32\lneptmkb.dll",b
    O4 - HKLM\..\Run: [BM67a68661] Rundll32.exe "C:\WINDOWS\system32\bfpfevrl.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129186750703
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129186737812
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
    O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://wessel.myphotoalbum.com/ImageUploader4.cab
    O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{96B0BD16-D4F2-44CE-B108-443CD218CBC7}: NameServer = 195.121.1.34,195.121.1.66
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 11965 bytes

    Comment


    • #3
      Download VirtumundoBegone (mirror)
      Sla dit op op je bureaublad.

      Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
      Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
      Als de fix klaar is, start je de pc opnieuw op.
      Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

      Download: RVAXO.exe
      • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
      • Start de computer in veilige modus.
      • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
        Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
      • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
      • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
        Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
      • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
      • Post de inhoud van de logfile in je volgende bericht.
      Post ook een nieuw logje van Hijackthis

      Comment


      • #4
        Bedankt voor je snelle reactie!
        Hier zijn de logjes:

        VBG:
        [04/14/2008, 16:49:03] - VirtumundoBeGone v1.5 ( "D:\Documents and Settings\Wessel\Bureaublad\VirtumundoBeGone.exe" )
        [04/14/2008, 16:49:09] - Detected System Information:
        [04/14/2008, 16:49:09] - Windows Version: 5.1.2600, Service Pack 2
        [04/14/2008, 16:49:09] - Current Username: Wessel (Admin)
        [04/14/2008, 16:49:09] - Windows is in NORMAL mode.
        [04/14/2008, 16:49:09] - Searching for Browser Helper Objects:
        [04/14/2008, 16:49:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
        [04/14/2008, 16:49:09] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
        [04/14/2008, 16:49:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:09] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
        [04/14/2008, 16:49:09] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
        [04/14/2008, 16:49:09] - BHO 3: {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} (MSTBR)
        [04/14/2008, 16:49:09] - BHO 4: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAfee Phishing Filter)
        [04/14/2008, 16:49:09] - BHO 5: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} (VMN Toolbar)
        [04/14/2008, 16:49:09] - BHO 6: {690af4ab-2500-42d9-9665-070ac2ec61e9} ()
        [04/14/2008, 16:49:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:09] - Checking for HKLM\...\Winlogon\Notify\scwaftwt
        [04/14/2008, 16:49:09] - Key not found: HKLM\...\Winlogon\Notify\scwaftwt, continuing.
        [04/14/2008, 16:49:09] - BHO 7: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
        [04/14/2008, 16:49:09] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [04/14/2008, 16:49:09] - BHO 9: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
        [04/14/2008, 16:49:09] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [04/14/2008, 16:49:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:09] - No filename found. Continuing.
        [04/14/2008, 16:49:09] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
        [04/14/2008, 16:49:09] - BHO 12: {B83A1143-E4EC-453E-84A6-A96E40DD0B9E} ()
        [04/14/2008, 16:49:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:09] - Checking for HKLM\...\Winlogon\Notify\yayxvVmL
        [04/14/2008, 16:49:09] - Key not found: HKLM\...\Winlogon\Notify\yayxvVmL, continuing.
        [04/14/2008, 16:49:09] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
        [04/14/2008, 16:49:09] - BHO 14: {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} ()
        [04/14/2008, 16:49:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:09] - Checking for HKLM\...\Winlogon\Notify\geBQHbyX
        [04/14/2008, 16:49:09] - Found: HKLM\...\Winlogon\Notify\geBQHbyX - This is probably Virtumundo.
        [04/14/2008, 16:49:09] - Assigning {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} MSEvents Object
        [04/14/2008, 16:49:09] - BHO list has been changed! Starting over...
        [04/14/2008, 16:49:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
        [04/14/2008, 16:49:09] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
        [04/14/2008, 16:49:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:09] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
        [04/14/2008, 16:49:09] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
        [04/14/2008, 16:49:09] - BHO 3: {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} (MSTBR)
        [04/14/2008, 16:49:10] - BHO 4: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAfee Phishing Filter)
        [04/14/2008, 16:49:10] - BHO 5: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} (VMN Toolbar)
        [04/14/2008, 16:49:10] - BHO 6: {690af4ab-2500-42d9-9665-070ac2ec61e9} ()
        [04/14/2008, 16:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:10] - Checking for HKLM\...\Winlogon\Notify\scwaftwt
        [04/14/2008, 16:49:10] - Key not found: HKLM\...\Winlogon\Notify\scwaftwt, continuing.
        [04/14/2008, 16:49:10] - BHO 7: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
        [04/14/2008, 16:49:10] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [04/14/2008, 16:49:10] - BHO 9: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
        [04/14/2008, 16:49:10] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [04/14/2008, 16:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:10] - No filename found. Continuing.
        [04/14/2008, 16:49:10] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
        [04/14/2008, 16:49:10] - BHO 12: {B83A1143-E4EC-453E-84A6-A96E40DD0B9E} ()
        [04/14/2008, 16:49:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:10] - Checking for HKLM\...\Winlogon\Notify\yayxvVmL
        [04/14/2008, 16:49:10] - Key not found: HKLM\...\Winlogon\Notify\yayxvVmL, continuing.
        [04/14/2008, 16:49:10] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
        [04/14/2008, 16:49:10] - BHO 14: {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} (MSEvents Object)
        [04/14/2008, 16:49:10] - ALERT: Found MSEvents Object!
        [04/14/2008, 16:49:10] - Finished Searching Browser Helper Objects
        [04/14/2008, 16:49:10] - *** Detected MSEvents Object
        [04/14/2008, 16:49:10] - Trying to remove MSEvents Object...
        [04/14/2008, 16:49:11] - Terminating Process: IEXPLORE.EXE
        [04/14/2008, 16:49:11] - Terminating Process: RUNDLL32.EXE
        [04/14/2008, 16:49:11] - Disabling Automatic Shell Restart
        [04/14/2008, 16:49:11] - Terminating Process: EXPLORER.EXE
        [04/14/2008, 16:49:12] - Suspending the NT Session Manager System Service
        [04/14/2008, 16:49:12] - Terminating Windows NT Logon/Logoff Manager
        [04/14/2008, 16:49:12] - Re-enabling Automatic Shell Restart
        [04/14/2008, 16:49:12] - File to disable: C:\WINDOWS\system32\geBQHbyX.dll
        [04/14/2008, 16:49:12] - Renaming C:\WINDOWS\system32\geBQHbyX.dll -> C:\WINDOWS\system32\geBQHbyX.dll.vir
        [04/14/2008, 16:49:12] - File successfully renamed!
        [04/14/2008, 16:49:12] - Removing HKLM\...\Browser Helper Objects\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
        [04/14/2008, 16:49:12] - Removing HKCR\CLSID\{EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
        [04/14/2008, 16:49:12] - Adding Kill Bit for ActiveX for GUID: {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9}
        [04/14/2008, 16:49:12] - Deleting ATLEvents/MSEvents Registry entries
        [04/14/2008, 16:49:12] - Removing HKLM\...\Winlogon\Notify\geBQHbyX
        [04/14/2008, 16:49:12] - Searching for Browser Helper Objects:
        [04/14/2008, 16:49:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
        [04/14/2008, 16:49:12] - BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
        [04/14/2008, 16:49:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:12] - Checking for HKLM\...\Winlogon\Notify\SiteAdv
        [04/14/2008, 16:49:12] - Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
        [04/14/2008, 16:49:12] - BHO 3: {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} (MSTBR)
        [04/14/2008, 16:49:12] - BHO 4: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} (McAfee Phishing Filter)
        [04/14/2008, 16:49:12] - BHO 5: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} (VMN Toolbar)
        [04/14/2008, 16:49:12] - BHO 6: {690af4ab-2500-42d9-9665-070ac2ec61e9} ()
        [04/14/2008, 16:49:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:12] - Checking for HKLM\...\Winlogon\Notify\scwaftwt
        [04/14/2008, 16:49:12] - Key not found: HKLM\...\Winlogon\Notify\scwaftwt, continuing.
        [04/14/2008, 16:49:12] - BHO 7: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
        [04/14/2008, 16:49:12] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
        [04/14/2008, 16:49:12] - BHO 9: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
        [04/14/2008, 16:49:12] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
        [04/14/2008, 16:49:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:12] - No filename found. Continuing.
        [04/14/2008, 16:49:12] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Aanmelden - Help)
        [04/14/2008, 16:49:12] - BHO 12: {B83A1143-E4EC-453E-84A6-A96E40DD0B9E} ()
        [04/14/2008, 16:49:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
        [04/14/2008, 16:49:12] - Checking for HKLM\...\Winlogon\Notify\yayxvVmL
        [04/14/2008, 16:49:12] - Key not found: HKLM\...\Winlogon\Notify\yayxvVmL, continuing.
        [04/14/2008, 16:49:12] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
        [04/14/2008, 16:49:12] - Finished Searching Browser Helper Objects
        [04/14/2008, 16:49:12] - Finishing up...
        [04/14/2008, 16:49:12] - A restart is needed.
        [04/14/2008, 16:49:12] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
        [04/14/2008, 16:49:17] - Attempting to Restart via STOP error (Blue Screen!)


        RVAXO:
        ---RVAXO.exe Updated: 2008-04-13---first run---
        Uninstallers:

        Files found:
        C:\WINDOWS\system32\geBQHbyX.dll.vir
        C:\WINDOWS\system32\LmVvxyay.ini2
        C:\WINDOWS\pskt.ini
        C:\WINDOWS\wininit.ini

        Folders Found:

        Hosts-file was reset, If you use a custom hosts file please replace it...

        --------------RVAXO.exe last run---------------
        Not deleted items:

        --------------RVAXO.exe finished----------------


        HJT:
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 17:30:30, on 14-4-2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\PackethSvc.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        C:\Program Files\Cisco Systems\cvpnd.exe
        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
        c:\APPS\HIDSERVICE\HIDSERVICE.exe
        C:\Program Files\McAfee\MBK\MBackMonitor.exe
        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        c:\program files\common files\mcafee\mna\mcnasvc.exe
        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
        C:\WINDOWS\mHotkey.exe
        C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
        C:\Program Files\McAfee\MPF\MPFSrv.exe
        C:\Apps\Powercinema\PCMService.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\McAfee\MSK\MskSrver.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Apps\Softex\OmniPass\Omniserv.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        C:\WINDOWS\ALCWZRD.EXE
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\Rundll32.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\SiteAdvisor\6253\SAService.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
        C:\WINDOWS\system32\SearchIndexer.exe
        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        C:\Apps\Softex\OmniPass\OPXPApp.exe
        D:\Program Files\Mozilla Firefox\firefox.exe
        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\WINDOWS\system32\SearchProtocolHost.exe
        D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerweb.nl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
        O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
        O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
        O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
        O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
        O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
        O4 - HKLM\..\Run: [imjpmig] D:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
        O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
        O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
        O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
        O4 - HKLM\..\Run: [WinPatrol] D:\BILLPS~1\WINPAT~1\winpatrol.exe
        O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
        O4 - HKLM\..\Run: [6495b5fd] rundll32.exe "C:\WINDOWS\system32\lneptmkb.dll",b
        O4 - HKLM\..\Run: [BM67a68661] Rundll32.exe "C:\WINDOWS\system32\bfpfevrl.dll",s
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
        O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129186750703
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129186737812
        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
        O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://wessel.myphotoalbum.com/ImageUploader4.cab
        O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{96B0BD16-D4F2-44CE-B108-443CD218CBC7}: NameServer = 195.121.1.34,195.121.1.66
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
        O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
        O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
        O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
        O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

        --
        End of file - 11984 bytes

        Comment


        • #5
          Download Malwarebytes' Anti-Malware op je bureaublad.
          Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
          Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
          Druk daarna op "Finish".
          Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
          Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
          Druk dan op de knop "Start Scan".
          Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
          Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
          Als het programma je computer wil laten herstarten, sta je dit toe.
          Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
          Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis

          Comment


          • #6
            Bij het opstarten gaf hij de volgende foutmeldingen:
            - rundll32.exe - ongeldig beeld
            de toepassing of DLL-bestand c:\Windows\system32\lneptmkb.dll is geen geldig Windows-kopie. Controleer dit op uw instalatie-diskette.
            - rundll32.exe - ongeldig beeld
            de toepassing of DLL-bestand c:\Windows\system32\bfofevrl.dll is geen geldig Windows-kopie. Controleer dit op uw instalatie-diskette.

            Hier zijn de logjes:

            Malwarebytes' Anti-Malware 1.11
            Database versie: 624

            Scan type: Volledige Scan (C:\|D:\|)
            Objecten gescand: 234236
            Verstreken tijd: 1 hour(s), 36 minute(s), 18 second(s)

            Geheugenprocessen geïnfecteerd: 0
            Geheugenmodulen geïnfecteerd: 2
            Registersleutels geïnfecteerd: 28
            Registerwaarden geïnfecteerd: 3
            Registerdata bestanden geïnfecteerd: 2
            Mappen geïnfecteerd: 0
            Bestanden geïnfecteerd: 8

            Geheugenprocessen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Geheugenmodulen geïnfecteerd:
            C:\WINDOWS\system32\lneptmkb.dll (Trojan.Vundo) -> Unloaded module successfully.
            C:\WINDOWS\system32\yayxvVmL.dll (Trojan.Vundo) -> Unloaded module successfully.

            Registersleutels geïnfecteerd:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8e57414-20fa-47aa-b2fa-8110f4d45660} (Trojan.Vundo) -> Delete on reboot.
            HKEY_CLASSES_ROOT\CLSID\{d8e57414-20fa-47aa-b2fa-8110f4d45660} (Trojan.Vundo) -> Delete on reboot.
            HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{13dc9d24-53c4-4b97-b6d2-cc135bf8058f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{f09d8f30-c85e-4b66-b6f2-499a78d21552} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{0a09e46b-bf4f-4414-9a2d-ed684e21af4a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{f4b1ffa2-207f-4a97-a2a7-5dc2f645513c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{0ba91b73-6b31-4e93-86ec-787a7eb6bf66} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\CLSID\{4f8c5bb1-8d81-497d-8e4c-4f81490b8fb8} (Trojan.Vundo) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Interface\{b1e22eb8-2ae8-4e8e-96ae-74f2a1764533} (Adware.WebDir) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\Typelib\{bdbebf18-7615-4971-9ac3-bd6ffb7ad6c1} (Adware.WebDir) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\dlp.dlpobj (Adware.WebDir) -> Quarantined and deleted successfully.
            HKEY_CLASSES_ROOT\dlp.dlpobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Delete on reboot.
            HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

            Registerwaarden geïnfecteerd:
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{eec73ea5-1367-49d1-93f4-ca1d8c22e9f9} (Trojan.Vundo) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4f8c5bb1-8d81-497d-8e4c-4f81490b8fb8} (Trojan.Vundo) -> Quarantined and deleted successfully.
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM67a68661 (Trojan.Agent) -> Delete on reboot.

            Registerdata bestanden geïnfecteerd:
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxvvml -> Delete on reboot.
            HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayxvvml -> Delete on reboot.

            Mappen geïnfecteerd:
            (Geen kwaadaardige items gevonden)

            Bestanden geïnfecteerd:
            C:\WINDOWS\system32\lneptmkb.dll (Trojan.Vundo) -> Delete on reboot.
            C:\WINDOWS\system32\bkmtpenl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\yayxvVmL.dll (Trojan.Vundo) -> Delete on reboot.
            C:\WINDOWS\system32\LmVvxyay.ini (Trojan.Vundo) -> Delete on reboot.
            C:\WINDOWS\system32\LmVvxyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\bfpfevrl.dll (Trojan.Agent) -> Delete on reboot.
            C:\WINDOWS\Fonts\SketchyTimesBold.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
            C:\WINDOWS\system32\nqtwa.ini (Malware.Trace) -> Quarantined and deleted successfully.



            HJT:
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 19:43:49, on 14-4-2008
            Platform: Windows XP SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\PackethSvc.exe
            C:\Program Files\Bonjour\mDNSResponder.exe
            c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
            C:\Program Files\Cisco Systems\cvpnd.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
            C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
            c:\APPS\HIDSERVICE\HIDSERVICE.exe
            C:\Program Files\McAfee\MBK\MBackMonitor.exe
            C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
            c:\program files\common files\mcafee\mna\mcnasvc.exe
            C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
            c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
            C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\McAfee\MPF\MPFSrv.exe
            C:\Program Files\McAfee\MSK\MskSrver.exe
            C:\Apps\Softex\OmniPass\Omniserv.exe
            C:\Program Files\SiteAdvisor\6253\SAService.exe
            C:\WINDOWS\system32\svchost.exe
            C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
            C:\WINDOWS\system32\SearchIndexer.exe
            c:\APPS\Powercinema\Kernel\TV\CLSched.exe
            C:\WINDOWS\mHotkey.exe
            C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
            C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
            C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
            C:\Apps\Powercinema\PCMService.exe
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\WINDOWS\ALCWZRD.EXE
            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
            C:\WINDOWS\system32\ctfmon.exe
            C:\Apps\Softex\OmniPass\OPXPApp.exe
            C:\WINDOWS\System32\svchost.exe
            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
            C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
            C:\WINDOWS\system32\wuauclt.exe
            C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
            C:\WINDOWS\system32\NOTEPAD.EXE
            D:\Program Files\Mozilla Firefox\firefox.exe
            D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerweb.nl/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
            O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
            O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
            O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
            O2 - BHO: {9e16ce2c-a070-5669-9d24-0052ba4fa096} - {690af4ab-2500-42d9-9665-070ac2ec61e9} - C:\WINDOWS\system32\scwaftwt.dll
            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: (no name) - {D8E57414-20FA-47AA-B2FA-8110F4D45660} - C:\WINDOWS\system32\yayxvVmL.dll
            O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
            O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
            O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
            O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
            O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
            O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
            O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
            O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
            O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
            O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
            O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
            O4 - HKLM\..\Run: [imjpmig] D:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
            O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
            O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
            O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
            O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
            O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
            O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
            O4 - HKLM\..\Run: [WinPatrol] D:\BILLPS~1\WINPAT~1\winpatrol.exe
            O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
            O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
            O4 - HKLM\..\Run: [6495b5fd] rundll32.exe "C:\WINDOWS\system32\lneptmkb.dll",b
            O4 - HKLM\..\Run: [BM67a68661] Rundll32.exe "C:\WINDOWS\system32\bfpfevrl.dll",s
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
            O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
            O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
            O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129186750703
            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129186737812
            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
            O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://wessel.myphotoalbum.com/ImageUploader4.cab
            O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
            O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
            O17 - HKLM\System\CCS\Services\Tcpip\..\{96B0BD16-D4F2-44CE-B108-443CD218CBC7}: NameServer = 195.121.1.34,195.121.1.66
            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
            O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
            O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
            O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
            O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
            O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
            O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
            O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
            O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
            O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
            O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
            O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
            O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
            O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
            O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
            O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
            O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
            O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

            --
            End of file - 13395 bytes

            Comment


            • #7
              Download dit bestand: zoek.exe
              Dubbelklik het, na een tijdje opent er een logje.
              Post de inhoud van dit logje in je volgende bericht

              Comment


              • #8
                ======C:\WINDOWS====
                ----a-w 0 2008-04-14 17:37:06 C:\WINDOWS\0.log
                ----a-w 81,920 2008-04-12 21:51:49 C:\WINDOWS\ALCFDRTM.EXE
                ----a-w 81,920 2008-04-13 18:09:00 C:\WINDOWS\ALCFDRTM.VER
                ----a-w 0 2008-04-12 19:24:42 C:\WINDOWS\ativpsrm.bin
                ----a-w 23 2008-04-14 14:10:04 C:\WINDOWS\BlendSettings.ini
                ----a-w 12,256 2008-04-14 17:02:36 C:\WINDOWS\BM67a68661.txt
                ----a-w 101,231 2008-04-14 17:28:22 C:\WINDOWS\BM67a68661.xml
                --s-a-w 2,048 2008-04-14 17:36:59 C:\WINDOWS\bootstat.dat
                ----a-w 369,398 2008-04-09 15:47:17 C:\WINDOWS\comsetup.log
                ----a-w 4,154 2008-03-15 08:39:19 C:\WINDOWS\DIFx.log
                ----a-w 281,689 2008-04-14 11:40:22 C:\WINDOWS\DirectX.log
                ----a-w 1,171,182 2008-04-12 21:03:07 C:\WINDOWS\DPINST.LOG
                ----a-w 1,081,580 2008-04-09 15:47:17 C:\WINDOWS\FaxSetup.log
                ----a-w 315,392 2008-04-12 20:37:38 C:\WINDOWS\HideWin.exe
                ----a-w 171,965 2008-04-09 15:47:17 C:\WINDOWS\iis6.log
                ----a-w 1,355 2008-04-09 15:46:19 C:\WINDOWS\imsins.BAK
                ----a-w 1,355 2008-04-09 15:47:17 C:\WINDOWS\imsins.log
                ----a-w 61,122 2008-04-12 21:01:04 C:\WINDOWS\KB888111.log
                ----a-w 20,178 2008-04-09 15:46:19 C:\WINDOWS\KB941693.log
                ----a-w 14,379 2008-04-09 15:43:55 C:\WINDOWS\KB945553.log
                ----a-w 39,228 2008-04-09 15:46:12 C:\WINDOWS\KB947864-IE7.log
                ----a-w 13,702 2008-04-09 15:45:44 C:\WINDOWS\KB948590.log
                ----a-w 14,603 2008-04-09 15:47:17 C:\WINDOWS\KB948881.log
                ----a-w 55,696 2008-04-09 15:47:17 C:\WINDOWS\msgsocm.log
                ----a-w 1,160,668 2008-04-14 15:03:35 C:\WINDOWS\ntbtlog.txt
                ----a-w 225,048 2008-04-09 15:47:17 C:\WINDOWS\ntdtcsetup.log
                ----a-w 550,136 2008-04-09 15:47:17 C:\WINDOWS\ocgen.log
                ----a-w 67,829 2008-04-09 15:47:17 C:\WINDOWS\ocmsn.log
                ----a-w 22 2008-04-14 15:24:33 C:\WINDOWS\pskt.ini
                ----a-w 1,409 2008-04-13 13:26:37 C:\WINDOWS\QTFont.for
                ---ha-w 54,156 2008-04-13 13:26:37 C:\WINDOWS\QTFont.qfn
                ----a-w 32,550 2008-04-14 14:59:33 C:\WINDOWS\SchedLgU.Txt
                ----a-w 190,562 2008-04-12 19:02:35 C:\WINDOWS\setupact.log
                ----a-w 430,658 2008-04-14 14:43:47 C:\WINDOWS\setupapi.log
                ----a-w 1,066,049 2008-04-12 19:58:15 C:\WINDOWS\setupapi.log.4.old
                ----a-w 259 2008-04-12 11:18:01 C:\WINDOWS\system.ini
                ----a-w 430,951 2008-04-09 15:47:17 C:\WINDOWS\tsoc.log
                ----a-w 181,678 2008-04-09 15:46:02 C:\WINDOWS\updspapi.log
                ----a-w 159 2008-04-14 17:39:03 C:\WINDOWS\wiadebug.log
                ----a-w 49 2008-04-14 17:38:57 C:\WINDOWS\wiaservc.log
                ----a-w 672 2008-04-12 11:18:01 C:\WINDOWS\win.ini
                ----a-w 1,721,742 2008-04-14 17:41:55 C:\WINDOWS\WindowsUpdate.log
                ----a-w 92,313 2008-04-07 12:24:20 C:\WINDOWS\wmsetup.log

                Entries: 43 (41)
                Directories: 0 Files: 43
                Bytes: 10,103,286 Blocks: 19,752
                ======C:\WINDOWS\system32=====
                ------w 96,320 2008-04-14 17:29:55 C:\WINDOWS\System32\bfpfevrl.dll
                --sh--w 708,714 2008-04-14 17:30:10 C:\WINDOWS\System32\bkmtpenl.ini
                ----a-w 0 2008-04-14 12:11:59 C:\WINDOWS\System32\clkcnt.txt
                ----a-w 41,826 2008-04-14 17:40:33 C:\WINDOWS\System32\Config.MPF
                ----a-w 4,096 2008-04-12 18:14:07 C:\WINDOWS\System32\crash
                ----a-w 682,496 2008-03-31 21:25:46 C:\WINDOWS\System32\DivX.dll
                ----a-w 161,096 2008-03-31 21:25:52 C:\WINDOWS\System32\DivXCodecVersionChecker.exe
                ----a-w 630,784 2008-03-24 19:45:56 C:\WINDOWS\System32\divxdec.ax
                ----a-w 352,401 2008-03-21 20:28:42 C:\WINDOWS\System32\DivXMedia.ax
                ----a-w 524,288 2008-03-21 20:30:12 C:\WINDOWS\System32\DivXsm.exe
                ----a-w 4,816 2008-03-21 20:30:12 C:\WINDOWS\System32\divxsm.tlb
                ----a-w 12,288 2008-03-21 20:28:20 C:\WINDOWS\System32\DivXWMPExtType.dll
                ----a-w 823,296 2008-03-31 21:25:48 C:\WINDOWS\System32\divx_xx07.dll
                ----a-w 831,488 2008-03-31 21:25:46 C:\WINDOWS\System32\divx_xx0a.dll
                ----a-w 823,296 2008-03-31 21:25:48 C:\WINDOWS\System32\divx_xx0c.dll
                ----a-w 802,816 2008-03-31 21:25:46 C:\WINDOWS\System32\divx_xx11.dll
                ----a-w 81,920 2008-03-21 20:28:54 C:\WINDOWS\System32\dpl100.dll
                ----a-w 416 2008-03-21 20:28:54 C:\WINDOWS\System32\dpl100.dll.manifest
                ----a-w 294,912 2008-03-21 20:28:50 C:\WINDOWS\System32\dpu10.dll
                ----a-w 294,912 2008-03-21 20:28:50 C:\WINDOWS\System32\dpu11.dll
                ----a-w 53,248 2008-03-21 20:28:52 C:\WINDOWS\System32\dpuGUI10.dll
                ----a-w 593,920 2008-03-21 20:28:50 C:\WINDOWS\System32\dpuGUI11.dll
                ----a-w 344,064 2008-03-21 20:28:50 C:\WINDOWS\System32\dpus11.dll
                ----a-w 57,344 2008-03-21 20:28:50 C:\WINDOWS\System32\dpv11.dll
                ----a-w 196,608 2008-03-21 20:28:54 C:\WINDOWS\System32\dtu100.dll
                ----a-w 416 2008-03-21 20:28:54 C:\WINDOWS\System32\dtu100.dll.manifest
                ----a-w 3,648 2008-04-14 12:12:30 C:\WINDOWS\System32\dyonntyy.dll
                ----a-w 6,144 2008-04-10 15:50:48 C:\WINDOWS\System32\ff_acm.acm
                ----a-w 7,680 2008-04-10 15:50:40 C:\WINDOWS\System32\ff_vfw.dll
                ----a-w 1,702,936 2008-04-09 18:51:24 C:\WINDOWS\System32\FNTCACHE.DAT
                ----a-w 6,242 2008-04-14 11:18:34 C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log
                ----a-w 1,044,480 2008-03-21 20:30:00 C:\WINDOWS\System32\libdivx.dll
                --sha-w 201,815 2008-04-14 17:31:11 C:\WINDOWS\System32\LmVvxyay.ini
                --sha-w 201,815 2008-04-14 17:30:24 C:\WINDOWS\System32\LmVvxyay.ini2
                ------w 85,056 2008-04-14 17:29:55 C:\WINDOWS\System32\lneptmkb.dll
                ----a-w 72,288 2008-04-10 21:35:37 C:\WINDOWS\System32\perfc009.dat
                ----a-w 101,760 2008-04-10 21:35:37 C:\WINDOWS\System32\perfc013.dat
                ----a-w 444,664 2008-04-10 21:35:37 C:\WINDOWS\System32\perfh009.dat
                ----a-w 537,748 2008-04-10 21:35:37 C:\WINDOWS\System32\perfh013.dat
                ----a-w 1,125,962 2008-04-10 21:35:37 C:\WINDOWS\System32\PerfStringBackup.INI
                ------w 551,672 2008-03-21 20:30:04 C:\WINDOWS\System32\Px.dll
                ------w 129,784 2008-03-21 20:30:04 C:\WINDOWS\System32\pxafs.dll
                ------w 66,296 2008-03-21 20:30:04 C:\WINDOWS\System32\pxcpya64.exe
                ------w 120,056 2008-03-21 20:30:04 C:\WINDOWS\System32\pxcpyi64.exe
                ------w 518,904 2008-03-21 20:30:04 C:\WINDOWS\System32\pxdrv.dll
                ------w 72,440 2008-03-21 20:30:06 C:\WINDOWS\System32\pxhpinst.exe
                ------w 64,760 2008-03-21 20:30:04 C:\WINDOWS\System32\pxinsa64.exe
                ------w 118,520 2008-03-21 20:30:04 C:\WINDOWS\System32\pxinsi64.exe
                ------w 187,128 2008-03-21 20:30:06 C:\WINDOWS\System32\pxmas.dll
                ------w 1,628,920 2008-03-21 20:30:04 C:\WINDOWS\System32\pxsfs.dll
                ------w 379,640 2008-03-21 20:30:06 C:\WINDOWS\System32\PxWave.dll
                ----a-w 3,596,288 2008-03-21 20:30:08 C:\WINDOWS\System32\qt-dx331.dll
                ----a-w 789,499 2008-04-13 16:55:38 C:\WINDOWS\System32\RVAXO.bat
                ----a-w 92,224 2008-04-14 12:14:26 C:\WINDOWS\System32\scwaftwt.dll
                ----a-w 200,704 2008-03-21 20:30:00 C:\WINDOWS\System32\ssldivx.dll
                ------w 88,824 2008-03-21 20:30:04 C:\WINDOWS\System32\VXBLOCK.dll
                ----a-w 1,845,376 2008-03-20 08:10:47 C:\WINDOWS\System32\win32k.sys
                ----a-w 1,158 2008-04-14 17:40:05 C:\WINDOWS\System32\wpa.dbl
                ------w 273,408 2008-04-14 17:29:55 C:\WINDOWS\System32\yayxvVmL.dll

                Entries: 59 (56)
                Directories: 0 Files: 59
                Bytes: 24,685,620 Blocks: 48,235
                ======C:\WINDOWS\system32\drivers=====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =======C:\Program Files=====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =======D:=====
                ----a-w 331 2008-04-14 15:06:02 D:\firstrun5.log

                Entries: 1 (1)
                Directories: 0 Files: 1
                Bytes: 331 Blocks: 1
                ======D:\Documents and Settings\Wessel\Application Data======
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                ======D:\Temp======
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                ======D:\Documents and Settings\Wessel======
                ---ha-w 12,320,768 2008-04-14 17:31:25 D:\Documents and Settings\Wessel\NTUSER.DAT
                ---ha-w 32,768 2008-04-14 18:02:41 D:\Documents and Settings\Wessel\ntuser.dat.LOG
                --sh--w 288 2008-04-14 17:31:25 D:\Documents and Settings\Wessel\ntuser.ini

                Entries: 3 (0)
                Directories: 0 Files: 3
                Bytes: 12,353,824 Blocks: 24,129
                ======C:\WINDOWS\Downloaded Program Files====
                Entries: 0 (0)
                Directories: 0 Files: 0
                Bytes: 0 Blocks: 0
                =============

                Comment


                • #9
                  Open een kladblokbestand.
                  Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

                  @ECHO OFF
                  IF EXIST log.txt DEL log.txt
                  ECHO Deleting files>>log.txt
                  FOR %%g in (
                  C:\WINDOWS\BM67a68661.txt
                  C:\WINDOWS\BM67a68661.xml
                  C:\WINDOWS\pskt.ini
                  C:\WINDOWS\System32\bfpfevrl.dll
                  C:\WINDOWS\System32\bkmtpenl.ini
                  C:\WINDOWS\System32\clkcnt.txt
                  C:\WINDOWS\System32\dyonntyy.dll
                  C:\WINDOWS\System32\LmVvxyay.ini
                  C:\WINDOWS\System32\LmVvxyay.ini2
                  C:\WINDOWS\System32\lneptmkb.dll
                  C:\WINDOWS\System32\scwaftwt.dll
                  C:\WINDOWS\System32\yayxvVmL.dll) DO (
                  DEL /Q %%gNUCIA
                  IF EXIST %%g (
                  ATTRIB -r -s -h %%g
                  DEL %%g
                  REN %%g *NUCIA
                  IF EXIST %%gNUCIA (
                  ECHO renamed to %%gNUCIA>>log.txt)
                  IF EXIST %%g (
                  ECHO %%g not deleted>>log.txt
                  ) ELSE (
                  ECHO %%g deleted>>log.txt)
                  ) ELSE (
                  ECHO %%g not found>>log.txt))
                  START NOTEPAD.EXE log.txt

                  Ga naar Bestand - Opslaan als.
                  Bij "Opslaan in" kies je: Bureaublad
                  Bij "Bestandsnaam" zet je: del.bat
                  Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
                  Klik op de knop Opslaan.

                  Dubbelklik op del.bat en post de inhoud van de logfile die opent.

                  Comment


                  • #10
                    Deleting files
                    C:\WINDOWS\BM67a68661.txt deleted
                    C:\WINDOWS\BM67a68661.xml deleted
                    C:\WINDOWS\pskt.ini deleted
                    C:\WINDOWS\System32\bfpfevrl.dll deleted
                    C:\WINDOWS\System32\bkmtpenl.ini deleted
                    C:\WINDOWS\System32\clkcnt.txt deleted
                    C:\WINDOWS\System32\dyonntyy.dll deleted
                    C:\WINDOWS\System32\LmVvxyay.ini deleted
                    C:\WINDOWS\System32\LmVvxyay.ini2 deleted
                    C:\WINDOWS\System32\lneptmkb.dll deleted
                    C:\WINDOWS\System32\scwaftwt.dll deleted
                    C:\WINDOWS\System32\yayxvVmL.dll deleted

                    Comment


                    • #11
                      Post maar even een nieuw logje van Hijackthis en vertel of er nog problemen zijn

                      Comment


                      • #12
                        Hey smeenk,

                        Bij het opstarten krijg ik de volgende foutmeldingen:

                        RUNDLL
                        Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\lneptemkb.dll
                        Kan opgegeven module niet vinden

                        RUNDLL
                        Er is een fout opgetreden tijdens het laden van C:\WINDOWS\system32\bfpfevrl.dll
                        Kan opgegeven module niet vinden

                        Ook heb ik nog steeds last van deze:

                        In wuauclt.exe is een fout opgetreden en moet worden afgesloten. Onze excuses voor dit ongemak.

                        Voor de rest doet alles het weer. Ik heb geen problemen meer met winamp en de computerspellen die ik heb getest lopen niet meer vast.

                        HTJ:
                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 22:44:06, on 14-4-2008
                        Platform: Windows XP SP2 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\Ati2evxx.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\Ati2evxx.exe
                        D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\Explorer.EXE
                        C:\WINDOWS\system32\PackethSvc.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                        C:\Program Files\Cisco Systems\cvpnd.exe
                        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                        C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                        c:\APPS\HIDSERVICE\HIDSERVICE.exe
                        C:\Program Files\McAfee\MBK\MBackMonitor.exe
                        C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                        c:\program files\common files\mcafee\mna\mcnasvc.exe
                        C:\WINDOWS\mHotkey.exe
                        C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                        C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
                        C:\Apps\Powercinema\PCMService.exe
                        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                        C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                        c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                        C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                        C:\WINDOWS\SOUNDMAN.EXE
                        C:\WINDOWS\ALCWZRD.EXE
                        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                        C:\Program Files\McAfee\MPF\MPFSrv.exe
                        C:\Program Files\McAfee\MSK\MskSrver.exe
                        C:\Apps\Softex\OmniPass\Omniserv.exe
                        C:\Program Files\SiteAdvisor\6253\SAService.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                        C:\WINDOWS\system32\SearchIndexer.exe
                        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                        C:\Apps\Softex\OmniPass\OPXPApp.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
                        C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                        D:\Program Files\Mozilla Firefox\firefox.exe
                        D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerweb.nl/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                        O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                        O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                        O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
                        O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
                        O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
                        O2 - BHO: {9e16ce2c-a070-5669-9d24-0052ba4fa096} - {690af4ab-2500-42d9-9665-070ac2ec61e9} - C:\WINDOWS\system32\scwaftwt.dll (file missing)
                        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                        O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: (no name) - {D8E57414-20FA-47AA-B2FA-8110F4D45660} - C:\WINDOWS\system32\yayxvVmL.dll (file missing)
                        O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                        O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
                        O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                        O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                        O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
                        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                        O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
                        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
                        O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                        O4 - HKLM\..\Run: [imjpmig] D:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
                        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                        O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                        O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
                        O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
                        O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
                        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                        O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
                        O4 - HKLM\..\Run: [WinPatrol] D:\BILLPS~1\WINPAT~1\winpatrol.exe
                        O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
                        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                        O4 - HKLM\..\Run: [6495b5fd] rundll32.exe "C:\WINDOWS\system32\lneptmkb.dll",b
                        O4 - HKLM\..\Run: [BM67a68661] Rundll32.exe "C:\WINDOWS\system32\bfpfevrl.dll",s
                        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                        O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                        O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                        O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                        O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                        O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                        O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
                        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129186750703
                        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129186737812
                        O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                        O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://wessel.myphotoalbum.com/ImageUploader4.cab
                        O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
                        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                        O17 - HKLM\System\CCS\Services\Tcpip\..\{96B0BD16-D4F2-44CE-B108-443CD218CBC7}: NameServer = 195.121.1.34,195.121.1.66
                        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                        O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
                        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                        O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                        O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
                        O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                        O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                        O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                        O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                        O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                        O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                        O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                        O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                        O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
                        O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
                        O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                        O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                        --
                        End of file - 13305 bytes

                        Comment


                        • #13
                          Start Hijackthis en vink alleen de volgende regels aan:
                          O2 - BHO: {9e16ce2c-a070-5669-9d24-0052ba4fa096} - {690af4ab-2500-42d9-9665-070ac2ec61e9} - C:\WINDOWS\system32\scwaftwt.dll (file missing)
                          O2 - BHO: (no name) - {D8E57414-20FA-47AA-B2FA-8110F4D45660} - C:\WINDOWS\system32\yayxvVmL.dll (file missing)
                          O4 - HKLM\..\Run: [6495b5fd] rundll32.exe "C:\WINDOWS\system32\lneptmkb.dll",b
                          O4 - HKLM\..\Run: [BM67a68661] Rundll32.exe "C:\WINDOWS\system32\bfpfevrl.dll",s

                          Sluit alle openstaande vensters(behalve Hijackthis) en klik op "Fix checked".

                          Herstart de computer.

                          Post na de herstart een nieuw logje van Hijackthis en vertel welke problemen er nog zijn

                          Comment


                          • #14
                            Ik krijg nog steeds de wuauclt.exe foutmelding... maar voor de rest nergens meer last van

                            Logfile of Trend Micro HijackThis v2.0.2
                            Scan saved at 23:25:41, on 14-4-2008
                            Platform: Windows XP SP2 (WinNT 5.01.2600)
                            MSIE: Internet Explorer v7.00 (7.00.6000.16640)
                            Boot mode: Normal

                            Running processes:
                            C:\WINDOWS\System32\smss.exe
                            C:\WINDOWS\system32\winlogon.exe
                            C:\WINDOWS\system32\services.exe
                            C:\WINDOWS\system32\lsass.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\WINDOWS\system32\Ati2evxx.exe
                            D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\Explorer.EXE
                            C:\WINDOWS\system32\PackethSvc.exe
                            C:\Program Files\Bonjour\mDNSResponder.exe
                            c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                            C:\Program Files\Cisco Systems\cvpnd.exe
                            C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                            C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                            c:\APPS\HIDSERVICE\HIDSERVICE.exe
                            C:\Program Files\McAfee\MBK\MBackMonitor.exe
                            C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                            c:\program files\common files\mcafee\mna\mcnasvc.exe
                            C:\WINDOWS\mHotkey.exe
                            C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
                            c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                            C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                            C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                            C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
                            C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
                            C:\Apps\Powercinema\PCMService.exe
                            C:\Program Files\Common Files\Real\Update_OB\realsched.exe
                            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
                            C:\WINDOWS\SOUNDMAN.EXE
                            C:\Program Files\McAfee\MPF\MPFSrv.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
                            C:\WINDOWS\ALCWZRD.EXE
                            C:\WINDOWS\system32\ctfmon.exe
                            C:\Program Files\McAfee\MSK\MskSrver.exe
                            C:\Apps\Softex\OmniPass\Omniserv.exe
                            C:\Program Files\SiteAdvisor\6253\SAService.exe
                            C:\WINDOWS\system32\svchost.exe
                            C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
                            C:\WINDOWS\system32\SearchIndexer.exe
                            c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                            C:\Apps\Softex\OmniPass\OPXPApp.exe
                            C:\WINDOWS\System32\svchost.exe
                            C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
                            C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            D:\Program Files\Mozilla Firefox\firefox.exe
                            D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

                            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.powerweb.nl/
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
                            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
                            O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
                            O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O2 - BHO: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
                            O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
                            O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
                            O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
                            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
                            O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                            O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                            O3 - Toolbar: MSTBR - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - C:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
                            O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
                            O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
                            O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
                            O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                            O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
                            O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
                            O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
                            O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
                            O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
                            O4 - HKLM\..\Run: [imjpmig] D:\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
                            O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
                            O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
                            O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
                            O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
                            O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
                            O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
                            O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
                            O4 - HKLM\..\Run: [WinPatrol] D:\BILLPS~1\WINPAT~1\winpatrol.exe
                            O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
                            O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
                            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                            O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
                            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                            O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
                            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
                            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
                            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                            O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
                            O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
                            O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                            O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
                            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
                            O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                            O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                            O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
                            O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
                            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129186750703
                            O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
                            O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129186737812
                            O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/system/upload/ImageUploader4.cab
                            O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://wessel.myphotoalbum.com/ImageUploader4.cab
                            O16 - DPF: {91F52A42-C10D-49A7-B941-882C657C604F} (Installation Helper Object) - http://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll
                            O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
                            O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                            O17 - HKLM\System\CCS\Services\Tcpip\..\{96B0BD16-D4F2-44CE-B108-443CD218CBC7}: NameServer = 195.121.1.34,195.121.1.66
                            O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
                            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                            O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
                            O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
                            O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                            O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                            O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                            O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                            O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
                            O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                            O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
                            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
                            O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
                            O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
                            O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
                            O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
                            O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
                            O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
                            O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
                            O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
                            O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
                            O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
                            O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
                            O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
                            O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
                            O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

                            --
                            End of file - 12923 bytes

                            Comment


                            • #15
                              Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
                              • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                                In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                                Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                                Sluit dit venster na afloop door onderaan op "Exit" te klikken.

                              Geeft dat verbetering?

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X