Vraag & Antwoord

Beveiliging & privacy

HijackThis; wie kan mij helpen

Anoniem
None
14 antwoorden
 • Deze week kreeg mijn machine last van Web popups, ongeacht of de browser al dan niet geopend was voor eigen doeleinden. Dit terwijl Adaware SE Pro meeliep samen met McAfee. Ondanks Spybot, Spysweeper, Spyware-Doctor, SpyBlocs en MS AntiSpyware blijven de popups komen (tenzij ik de LAN uitschakel), en de machine wordt zo traag als…….
  CT adviseert de log van Hijackthis op dit forum te plaatsen. Hierbij volgt dat dus. Is er iemand die mij kan verlossen.

  Logfile of HijackThis v1.99.0
  Scan saved at 20:40:22, on 29-12-05
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Nhksrv.exe
  C:\Program Files\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\DELLMMKB.EXE
  C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  C:\WINDOWS\System32\devldr32.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Netropa\OSD.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\WINDOWS\System32\rundll32.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
  C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\iKernel.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  c:\Program Files\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  R3 - Default URLSearchHook is missing
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
  O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html
  O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
  O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
  O23 - Service: BlueSoleil Hid Service - Unknown - C:\Program Files\BlueSoleil\BTNtService.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee.com VirusScan Online Realtime Engine - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  O23 - Service: Netropa NHK Server - Unknown - C:\WINDOWS\Nhksrv.exe
  O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor - Unknown - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
 • Je gebruikt een oudere versie van HijackThis. Best dat je eerst update naar de nieuwste versie.
  Start HijackThis, Ga naar Config - Misc tools - Check for update online. Download de nieuwste versie, unzip het en plaats het in een eigen map (vb c:\hijackthis).
  (De nieuwste versie van HijackThis kan je ook hier downloaden).

  Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

  [b:26443d7ef9]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  R3 - Default URLSearchHook is missing[/b:26443d7ef9]

  Klik daarna op "Fix checked" en sluit HijackThis af.

  Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
  Download de Registry Search Tool hier. Unzip het script.
  Start de computer op in veilige modus. Hoe je dit doet kan je hier lezen.
  Start RegSrch.vbs.
  In het Zoekveld geef je het volgende in:
  [b:26443d7ef9]adchannel[/b:26443d7ef9]
  Als er wat gevonden wordt, krijg je een logje. Sla dit logje op.
  Herstart de computer in normale windowsmodus.
  Meldt het resultaat van regsearch.

  Start HijackThis opnieuw, maak een nieuwe log en post deze.
 • Beste hulpverlener

  Alle handelingen zoals aangegeven uitgevoerd. RegSrch.vbs leverde geen resultaten op. Nieuwe HijackThis lof-file is als volgt:
  Logfile of HijackThis v1.99.1
  Scan saved at 22:46:24, on 29-12-05
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Nhksrv.exe
  C:\Program Files\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\WINDOWS\DELLMMKB.EXE
  C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  C:\WINDOWS\System32\devldr32.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  C:\Program Files\Netropa\OSD.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\System32\rundll32.exe
  C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\HJT\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
  O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
  O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html
  O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
  O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
  O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
  O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\hrj4051qe.dll
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
 • Fix met hijackthis deze sleutel:
  [b:e5760dd381]O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\ [/b:e5760dd381]
  Download de L2Mfix hier.
  Plaats het bestand op je buroblad. Klik op l2mfix.exe.
  Klik op "Accept". Zorg dat de l2mfix-map op je bureaublad geplaatst wordt. Klik op "Install".
  Op je bureaublad open je de map l2mfix.
  Klik op l2fix.bat.
  Klik op "1" om optie te 1 selecteren: Run Find Log.
  Dit gaat even duren. Na een tijdje wordt er een kladblokbestand geopend.
  Kopieer en plak de inhoud van dit bestand in je volgende post.

  Let op: Optie 2 mag je voorlopig NIET gebruiken. Gebruik ook geen andere bestanden die zich in de map l2mfix bevinden!
 • Beste hulpverlener,

  Zojuist nieuwe instructies uitgevoerd. Hierbij resultaat:

  L2MFIX find log 122705
  These are the registry keys present
  **********************************************************************************
  Winlogon/notify:
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled\SideBySide]
  "Asynchronous"=dword:00000000
  "DllName"="C:\\WINDOWS\\system32\\n6r2lg9o16.dll"
  "Impersonate"=dword:00000000
  "Logon"="WinLogon"
  "Logoff"="WinLogoff"
  "Shutdown"="WinShutdown"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
  "Asynchronous"=dword:00000000
  "DllName"="C:\\WINDOWS\\system32\\hrj0051me.dll"
  "Impersonate"=dword:00000000
  "Logon"="WinLogon"
  "Logoff"="WinLogoff"
  "Shutdown"="WinShutdown"

  **********************************************************************************
  useragent:
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  "{671E2027-3E76-1260-EE5C-618C9F6181B3}"=""

  **********************************************************************************
  Shell Extension key:
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webmappen"
  "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
  "MP3-Info extension"="{448f4a40-2602-11d1-b4c0-080000051171}"
  "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
  "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
  "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
  "{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"
  "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
  "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
  "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
  "{661825E5-B9A4-4D3E-8B74-3B6B63C32A80}"="Shell Extensions for The Font Creator Program"
  "{EBDF1F20-C829-1010-8233-0020AFCE97A9}"="iolo File Terminator"
  "{6EE51AA0-77A0-11D7-B4E1-000347126E46}"="Window Washer Shell Shredding Utility"
  "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
  "{CD652064-7A92-4767-844E-CF33B94CED23}"="AOEV Context Menu Shell Extension"
  "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1"
  "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter"
  "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
  "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
  "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
  "{9C8A2F1F-8B7D-46F9-843E-1A907BCA67D0}"="File and Folder Protector Context Menu Handler"
  "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"=""
  "{00B5EB2F-B259-4053-BE9F-CA1739285BD5}"=""
  "{F7C42E95-00B1-4DEC-A208-20DD7117D47C}"=""

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\AutorunsDisabled]
  "{B057D231-6D70-4343-B9FC-4E54E2D5680D}"=""
  "{DDD7B0C4-F819-4642-BF24-C2632E4635D9}"=""
  "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"=""
  "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"

  **********************************************************************************
  HKEY ROOT CLASSIDS:
  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32]
  @="C:\\WINDOWS\\system32\\smesrv.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\InprocServer32]
  @="C:\\WINDOWS\\system32\\wwnetmgr.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\InprocServer32]
  @="C:\\WINDOWS\\system32\\llcalsec.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\InprocServer32]
  @="C:\\WINDOWS\\system32\\wydmtp.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\InprocServer32]
  @="C:\\WINDOWS\\system32\\mihcp.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32]
  @="C:\\WINDOWS\\system32\\smesrv.dll"
  "ThreadingModel"="Apartment"

  **********************************************************************************
  Files Found are not all bad files:

  C:\WINDOWS\SYSTEM32\
  aplib01.dll Mon 26 Dec 2005 10:54:34 ..S.R 235.529 230,01 K
  enr8l1~1.dll Mon 26 Dec 2005 16:19:40 ..S.R 235.209 229,70 K
  fppmon2.dll Mon 21 Nov 2005 10:45:10 ….. 299.008 292,00 K
  fppr232.dll Mon 21 Nov 2005 10:45:48 ….. 118.784 116,00 K
  gccoll~1.dll Tue 15 Nov 2005 12:12:08 A…. 126.680 123,71 K
  gcunco~1.dll Tue 15 Nov 2005 12:12:06 A…. 95.448 93,21 K
  gdi32.dll Thu 6 Oct 2005 4:21:54 A…. 260.608 254,50 K
  h04m0a~1.dll Tue 27 Dec 2005 23:56:32 ..S.R 234.248 228,76 K
  hashlib.dll Tue 15 Nov 2005 12:12:08 A…. 117.976 115,21 K
  hrj005~1.dll Thu 29 Dec 2005 22:39:08 ..S.R 233.630 228,15 K
  i6nm0g~1.dll Fri 30 Dec 2005 12:34:04 ..S.R 233.786 228,30 K
  llcalsec.dll Thu 29 Dec 2005 22:35:08 ..S.R 233.630 228,15 K
  mcinsctl.dll Tue 18 Oct 2005 11:08:04 A…. 349.760 341,56 K
  mshtml.dll Tue 4 Oct 2005 12:34:58 A…. 2.700.288 2,57 M
  smesrv.dll Fri 30 Dec 2005 12:34:04 ..S.R 233.630 228,15 K
  wwnetmgr.dll Mon 26 Dec 2005 14:11:38 ..S.R 235.209 229,70 K

  16 items found: 16 files (8 H/S), 0 directories.
  Total of file sizes: 5.943.423 bytes 5,67 M
  Locate .tmp files:

  No matches found.
  **********************************************************************************
  Directory Listing of system files:
  Het volume in station C heeft geen naam.
  Het volumenummer is 2006-F7F2

  Map van C:\WINDOWS\System32

  30-12-05 12:48 <DIR> ..
  30-12-05 12:48 <DIR> .
  30-12-05 12:34 233.630 smesrv.dll
  30-12-05 12:34 233.786 i6nm0g51e6.dll
  29-12-05 22:39 233.630 hrj0051me.dll
  29-12-05 22:35 233.630 llcalsec.dll
  29-12-05 22:33 <DIR> dllcache
  27-12-05 23:56 234.248 h04m0ah1ed4.dll
  26-12-05 16:19 235.209 enr8l19u1.dll
  26-12-05 14:11 235.209 wwnetmgr.dll
  26-12-05 10:54 235.529 aplib01.dll
  23-10-02 22:02 <DIR> Microsoft
  8 bestand(en) 1.874.871 bytes
  4 map(pen) 42.169.151.488 bytes beschikbaar


  en de nieuwe log van HijackThis:

  Logfile of HijackThis v1.99.1
  Scan saved at 12:52:35, on 30-12-05
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\Nhksrv.exe
  C:\Program Files\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\WINDOWS\DELLMMKB.EXE
  C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  C:\WINDOWS\System32\devldr32.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  C:\Program Files\Netropa\OSD.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\System32\rundll32.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\wincmd\WINCMD32.EXE
  c:\HJT\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
  O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html
  O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
  O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
  O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
 • Hallo,

  Sluit alle openstaande programma's.
  Dubbelklik op l2mfix.bat.
  Klik op "2" om optie 2 te selecteren: Run Fix.
  Druk op Enter.
  De iconen op je bureaublad zullen verdwijnen en de L2Mfix gaat je computer scannen. Als het scannen klaar is, zal de computer aangeven dat hij opnieuw gaat opstarten.
  Druk op Enter en de pc zal automatisch herstarten.
  Als de computer opnieuw gestart is, opent er een kladblokbestandje.
  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
 • Beste hulpverlener,

  Wederom instructies uitgevoerd met volgende resultaat:

  L2mfix Beta 122705
  Creating Account.
  De opdracht is voltooid.

  Adding Administrative privleges.
  Checking for L2MFix account(0=no 1=yes):
  1
  Granting SeDebugPrivilege to L2MFIX … successful

  Running From:
  C:\WINDOWS\system32

  Killing Processes!

  Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  Killing PID 368 'smss.exe'

  Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  Killing PID 480 'winlogon.exe'
  Killing PID 480 'winlogon.exe'
  Killing PID 480 'winlogon.exe'

  Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  Killing PID 1176 'explorer.exe'
  Killing PID 1176 'explorer.exe'
  Killing PID 1176 'explorer.exe'

  Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
  Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
  Killing PID 1064 'rundll32.exe'
  Killing PID 1648 'rundll32.exe'
  Restoring Sedebugprivilege:
  Granting SeDebugPrivilege to Administrators … successful

  Scanning First Pass. Please Wait!

  First Pass Completed

  Second Pass Scanning

  Second pass Completed!
  moving: C:\WINDOWS\system32\aplib01.dll
  Successfully Moved: C:\WINDOWS\system32\aplib01.dll
  moving: C:\WINDOWS\system32\enr8l19u1.dll
  Successfully Moved: C:\WINDOWS\system32\enr8l19u1.dll
  moving: C:\WINDOWS\system32\h04m0ah1ed4.dll
  Successfully Moved: C:\WINDOWS\system32\h04m0ah1ed4.dll
  moving: C:\WINDOWS\system32\hrj0051me.dll
  Successfully Moved: C:\WINDOWS\system32\hrj0051me.dll
  moving: C:\WINDOWS\system32\i6nm0g51e6.dll
  Successfully Moved: C:\WINDOWS\system32\i6nm0g51e6.dll
  moving: C:\WINDOWS\system32\llcalsec.dll
  Successfully Moved: C:\WINDOWS\system32\llcalsec.dll
  moving: C:\WINDOWS\system32\smesrv.dll
  Successfully Moved: C:\WINDOWS\system32\smesrv.dll
  moving: C:\WINDOWS\system32\wwnetmgr.dll
  Successfully Moved: C:\WINDOWS\system32\wwnetmgr.dll
  Restoring Windows Update Certificates.:

  The following Is the Current Export of the Winlogon notify key:
  ****************************************************************************
  Windows Registry Editor Version 5.00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
  "Logoff"="ChainWlxLogoffEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  "Asynchronous"=dword:00000000
  "Impersonate"=dword:00000000
  "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Logoff"="CryptnetWlxLogoffEvent"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  "DLLName"="cscdll.dll"
  "Logon"="WinlogonLogonEvent"
  "Logoff"="WinlogonLogoffEvent"
  "ScreenSaver"="WinlogonScreenSaverEvent"
  "Startup"="WinlogonStartupEvent"
  "Shutdown"="WinlogonShutdownEvent"
  "StartShell"="WinlogonStartShellEvent"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  "DLLName"="wlnotify.dll"
  "Logon"="SCardStartCertProp"
  "Logoff"="SCardStopCertProp"
  "Lock"="SCardSuspendCertProp"
  "Unlock"="SCardResumeCertProp"
  "Enabled"=dword:00000001
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "StartShell"="SchedStartShell"
  "Logoff"="SchedEventLogOff"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  "Logoff"="WLEventLogoff"
  "Impersonate"=dword:00000000
  "Asynchronous"=dword:00000001
  "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  "DLLName"="WlNotify.dll"
  "Lock"="SensLockEvent"
  "Logon"="SensLogonEvent"
  "Logoff"="SensLogoffEvent"
  "Safe"=dword:00000001
  "MaxWait"=dword:00000258
  "StartScreenSaver"="SensStartScreenSaverEvent"
  "StopScreenSaver"="SensStopScreenSaverEvent"
  "Startup"="SensStartupEvent"
  "Shutdown"="SensShutdownEvent"
  "StartShell"="SensStartShellEvent"
  "PostShell"="SensPostShellEvent"
  "Disconnect"="SensDisconnectEvent"
  "Reconnect"="SensReconnectEvent"
  "Unlock"="SensUnlockEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  "Asynchronous"=dword:00000000
  "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
  "Impersonate"=dword:00000000
  "Logoff"="TSEventLogoff"
  "Logon"="TSEventLogon"
  "PostShell"="TSEventPostShell"
  "Shutdown"="TSEventShutdown"
  "StartShell"="TSEventStartShell"
  "Startup"="TSEventStartup"
  "MaxWait"=dword:00000258
  "Reconnect"="TSEventReconnect"
  "Disconnect"="TSEventDisconnect"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Uninstall]
  "Asynchronous"=dword:00000000
  "DllName"="C:\\WINDOWS\\system32\\hrj0051me.dll"
  "Impersonate"=dword:00000000
  "Logon"="WinLogon"
  "Logoff"="WinLogoff"
  "Shutdown"="WinShutdown"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  "DLLName"="wlnotify.dll"
  "Logon"="RegisterTicketExpiredNotificationEvent"
  "Logoff"="UnregisterTicketExpiredNotificationEvent"
  "Impersonate"=dword:00000001
  "Asynchronous"=dword:00000001


  The following are the files found:
  ****************************************************************************
  C:\WINDOWS\system32\aplib01.dll
  C:\WINDOWS\system32\enr8l19u1.dll
  C:\WINDOWS\system32\h04m0ah1ed4.dll
  C:\WINDOWS\system32\hrj0051me.dll
  C:\WINDOWS\system32\i6nm0g51e6.dll
  C:\WINDOWS\system32\llcalsec.dll
  C:\WINDOWS\system32\smesrv.dll
  C:\WINDOWS\system32\wwnetmgr.dll

  Registry Entries that were Deleted:
  Please verify that the listing looks ok.
  If there was something deleted wrongly there are backups in the backreg folder.
  ****************************************************************************
  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32]
  @="C:\\WINDOWS\\system32\\smesrv.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}\InprocServer32]
  @="C:\\WINDOWS\\system32\\wwnetmgr.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}\InprocServer32]
  @="C:\\WINDOWS\\system32\\llcalsec.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}\InprocServer32]
  @="C:\\WINDOWS\\system32\\wydmtp.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}\InprocServer32]
  @="C:\\WINDOWS\\system32\\mihcp.dll"
  "ThreadingModel"="Apartment"

  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
  @=""

  [HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}\InprocServer32]
  @="C:\\WINDOWS\\system32\\smesrv.dll"
  "ThreadingModel"="Apartment"

  REGEDIT4

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
  "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"=-
  "{00B5EB2F-B259-4053-BE9F-CA1739285BD5}"=-
  "{F7C42E95-00B1-4DEC-A208-20DD7117D47C}"=-
  "{B057D231-6D70-4343-B9FC-4E54E2D5680D}"=-
  "{DDD7B0C4-F819-4642-BF24-C2632E4635D9}"=-
  "{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}"=-
  [-HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}]
  [-HKEY_CLASSES_ROOT\CLSID\{00B5EB2F-B259-4053-BE9F-CA1739285BD5}]
  [-HKEY_CLASSES_ROOT\CLSID\{F7C42E95-00B1-4DEC-A208-20DD7117D47C}]
  [-HKEY_CLASSES_ROOT\CLSID\{B057D231-6D70-4343-B9FC-4E54E2D5680D}]
  [-HKEY_CLASSES_ROOT\CLSID\{DDD7B0C4-F819-4642-BF24-C2632E4635D9}]
  [-HKEY_CLASSES_ROOT\CLSID\{3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9}]
  REGEDIT4

  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
  "SV1"=""
  ****************************************************************************
  Desktop.ini Contents:
  ****************************************************************************

  ****************************************************************************
  Checking for L2MFix account(0=no 1=yes):
  0
  Zipping up files for submission:
  adding: dlls/aplib01.dll (124 bytes security) (deflated 5%)
  adding: dlls/enr8l19u1.dll (124 bytes security) (deflated 5%)
  adding: dlls/h04m0ah1ed4.dll (124 bytes security) (deflated 4%)
  adding: dlls/hrj0051me.dll (124 bytes security) (deflated 4%)
  adding: dlls/i6nm0g51e6.dll (124 bytes security) (deflated 4%)
  adding: dlls/llcalsec.dll (124 bytes security) (deflated 4%)
  adding: dlls/smesrv.dll (124 bytes security) (deflated 4%)
  adding: dlls/wwnetmgr.dll (124 bytes security) (deflated 5%)
  adding: backregs/00B5EB2F-B259-4053-BE9F-CA1739285BD5.reg (188 bytes security) (deflated 70%)
  adding: backregs/3FB6F06C-2D78-4EFB-82FF-E0C5EC4C04B9.reg (188 bytes security) (deflated 70%)
  adding: backregs/B057D231-6D70-4343-B9FC-4E54E2D5680D.reg (188 bytes security) (deflated 70%)
  adding: backregs/DDD7B0C4-F819-4642-BF24-C2632E4635D9.reg (188 bytes security) (deflated 70%)
  adding: backregs/F7C42E95-00B1-4DEC-A208-20DD7117D47C.reg (188 bytes security) (deflated 70%)
  adding: backregs/notibac.reg (164 bytes security) (deflated 63%)
  adding: backregs/shell.reg (164 bytes security) (deflated 66%)

  ===========================================================================================================================

  Logfile of HijackThis v1.99.1
  Scan saved at 15:45:46, on 30-12-05
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\WINDOWS\DELLMMKB.EXE
  C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  C:\WINDOWS\System32\devldr32.exe
  C:\WINDOWS\Nhksrv.exe
  C:\Program Files\Netropa\OSD.exe
  C:\Program Files\BlueSoleil\BTNtService.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\WINDOWS\System32\rundll32.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wdfmgr.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\wuauclt.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\Program Files\wincmd\WINCMD32.EXE
  c:\HJT\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

  file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

  file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

  C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
  O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

  C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

  c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

  files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
  O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: &Google Search - res://c:\program

  files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program

  files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program

  files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

  files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program

  Files\NetTransport\NTAddList.html
  O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html
  O8 - Extra context menu item: Similar Pages - res://c:\program

  files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program

  files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

  C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program

  Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft

  ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

  C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

  Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

  Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
  O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} -

  http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

  http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -

  https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

  http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

  http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller

  .exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

  http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -

  http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

  http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
  O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll (file missing)
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

  C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

  Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program

  files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

  C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc -

  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program

  Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

  C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

  ================================================================================================

  Het valt me nu op dat ik -sinds ik online ben- voor het eerst nog geen popups heb gehad. Zijn we er nu of moet er nog iets gebeuren?
  Weer met alle dank!
 • Zeg maar Marc hoor.

  L2M logje ziet er goed uit.
  Het hijackthislogje is moeilijk leesbaar zo.
  Kan je dit even doen:
  Ga naar Start - Uitvoeren en tik in: notepad.exe
  Klik op OK.

  Ga in Kladblok naar Opmaak, en haal het vinkje voor "Automatische terugloop" weg.
  Sluit Notepad terug af.

  Maak een nieuwe HijackThislog. Post deze.
 • Beste Marc,

  Sorry, ik had deze keer de twee files in NoteTab aan elkaar geplakt en die staat standaard op autom. omloop. SInds mijn laatste bericht staat de machine nog steeds online en nog steeds geen popups verschenen.

  Nog een keer het log-filetje:

  Logfile of HijackThis v1.99.1
  Scan saved at 15:45:46, on 30-12-05
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\notepad.exe
  C:\WINDOWS\DELLMMKB.EXE
  C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  C:\WINDOWS\System32\devldr32.exe
  C:\WINDOWS\Nhksrv.exe
  C:\Program Files\Netropa\OSD.exe
  C:\Program Files\BlueSoleil\BTNtService.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  c:\program files\mcafee.com\agent\mcagent.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\WINDOWS\System32\rundll32.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wdfmgr.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  C:\WINDOWS\System32\wuauclt.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\Program Files\wincmd\WINCMD32.EXE
  c:\HJT\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
  O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
  O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html
  O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
  O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
  O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll (file missing)
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
 • Dit leest een stuk makkelijker.

  Sluit alle open vensters, run HijackThis nog een keer en plaats een vinkje bij de volgende items:

  [b:733c8634bb]O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\hrj0051me.dll (file missing)[/b:733c8634bb]

  Klik daarna op "Fix checked" en sluit HijackThis af.

  Herstart de computer.

  Start HijackThis opnieuw, maak een nieuwe log en post deze.

  Ik denk inderdaad dat de problemen opgelost zijn.
 • Hoi Marc,

  Aldus geschiedde. Hierbij weer het logje:

  Logfile of HijackThis v1.99.1
  Scan saved at 17:15:03, on 30-12-05
  Platform: Windows XP SP1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\csrss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\savedump.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\DELLMMKB.EXE
  C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  C:\WINDOWS\System32\devldr32.exe
  C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
  C:\PROGRA~1\mcafee.com\agent\mcagent.exe
  c:\progra~1\mcafee.com\vso\mcvsescn.exe
  C:\Program Files\Netropa\OSD.exe
  C:\Program Files\Spyware Doctor\swdoctor.exe
  C:\WINDOWS\Nhksrv.exe
  C:\Program Files\BlueSoleil\BTNtService.exe
  C:\WINDOWS\System32\CTsvcCDA.EXE
  C:\WINDOWS\System32\rundll32.exe
  c:\program files\mcafee.com\agent\mcdetect.exe
  c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  C:\Program Files\Norton Utilities\NPROTECT.EXE
  C:\WINDOWS\System32\nvsvc32.exe
  C:\Program Files\Spyware Doctor\sdhelp.exe
  C:\Program Files\Speed Disk\nopdb.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\System32\wdfmgr.exe
  C:\WINDOWS\System32\MsPMSPSv.exe
  c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  C:\WINDOWS\System32\wuauclt.exe
  C:\Program Files\wincmd\WINCMD32.EXE
  c:\HJT\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/DOCUMENTEN/PRIVE/Informatie/Overigen/bookmark.htm
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
  O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
  O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
  O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
  O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
  O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
  O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
  O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
  O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
  O8 - Extra context menu item: Ontvang alle bestanden door Net Transport - C:\Program Files\NetTransport\NTAddList.html
  O8 - Extra context menu item: Ontvangst door Net Transport - C:\Program Files\NetTransport\NTAddLink.html
  O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
  O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
  O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
  O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
  O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
  O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
  O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
  O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
  O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/nl/win/QuickTimeFullInstaller.exe
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121163982240
  O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/nl/big/1.1.62-big/GoogleNav.cab
  O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
  O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\BlueSoleil\BTNtService.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
  O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
  O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
  O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
  O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
  O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
  O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
  O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

  Nog steeds geen popups….fantastisch!!
 • Logje ziet er goed uit hoor.

  Als alle problemen opgelost zijn, doe je dit nog even:

  Wis alle bestaande systeemherstelpunten.
  Schakel Systeemherstel uit. Herstart de computer. Schakel Systeemherstel weer in.
  Systeemherstel uitschakelen.

  Nog wat tips:
  Bezoek regelmatig de Windows Update Site. Alleen zo ben je zeker dat je de nieuwste patches voor je besturingssysteem geïnstalleerd hebt. Als er nieuwe updates beschikbaar zijn, dan dowload en installeer je alle essentiële updates en service packs. Reboot je computer en controleer opnieuw. Herhaal deze procedure tot dat er geen essentiële updates meer zijn.

  Installeer ook SpywareBlaster en Spywareguard.
  Gebruik je de laatste versie van Spybot Search & Destroy, en je maakt gebruik van de realtime protectie TeaTimer, dan moet je Spywareguard niet installeren.
  Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.

  Happy surfing again.
 • Beste Marc,

  Alle problemen lijken inderdaad verholpen, er zijn althans de hele middag geen popups meer geweest. De machine lijkt ook weer zijn oude snelheid terug te hebben (voor zover die er nog was).
  Ik vind het grandioos dat je me zo fantastisch hebt geholpen. Dit was het eerste probleem in 10 jaar waar ik niet meer zelf uitkwam. Ik dank je heel hartelijk voor je tijd en moeite.
  Ook zal ik je waardevolle tips ter harte nemen. Ik hoop je nooit meer nodig te hebben, maar mocht dat wel zo zijn dan hoop ik weer iemand te treffen die net zo spontaan, doelmatig en ook zo snel helpt als jij.

  Een heel fijne jaarwisseling en alle goeds voor 2006.
 • Graag gedaan en voor jou ook prettige eindejaarsfeesten.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.