Vraag & Antwoord

Beveiliging & privacy

Problemen met trojan-downloader.conhook en Virtumondo

Anoniem
juisterr
17 antwoorden
 • Beste juisterr.
  Via Hijackthis de regels die je aangeeft verwijderd. De regel "R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" kan ik niet vinden.
  Vervolgens de gegevens van ComboFix doorgelezen en het programma gedownload.
  Omdat de problemen die ik heb voorkomen in het gebruikersaccount "wij" doe ik alle handelingen in dit account. Ik sluit alle antispyware en firewallprogramma's. Mijn Norton antivirusprogramma kan ik niet afsluiten, ook niet als ik dit als administrator probeer.
  Als ik het ComboFix icoon dubbelklik, kies voor uitvoeren en me inlog als administrator, verschijnt er een klein boxje met bovenin de naam combifix en hieronder een balkje dat in 3 seconden vol loopt. Hierna gebeurt er niets meer. Ik wacht nu een minuut of 10 maar de processor heeft geen enkele activiteit. De computer hangt niet en is gewoon te gebruiken.
  Ik durf de handelingen niet zonder jouw goedkeuring te proberen in het administrator account.

  Ik heb wel een Hijackthis log gemaakt.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:28:24, on 5-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal
  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Utilities\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\Windows\system32\CTsvcCDA.exe
  C:\Windows\system32\dlcxcoms.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\PSIService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  C:\Program Files\Spyware Doctor\svcntaux.exe
  C:\Program Files\Spyware Doctor\swdsvc.exe
  C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  C:\Windows\system32\svchost.exe
  C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Program Files\Internet Explorer\ieuser.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Windows\explorer.exe
  C:\Windows\system32\conime.exe
  C:\Windows\system32\rundll32.exe
  C:\Utilities\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe –hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp\xtpbgwrj.dll",run (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\vwrhwhnv.dll",b (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\bnborpsg.dll",s (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

  End of file - 11938 bytes
 • Ik heb sinds een week problemen met trojan-downloader.conhook, Trojan.Agent en Trojan Virtumondo. Ik gebruik Norton virusscanner en de PC Tools SpywareDoctor. Daarnaast heb ik ook al Hitman Pro laten draaien. De genoemde virussen en/ of spyware worden steeds verwijderd maar komen na elke herstart direct weer terug. Ik heb hierdoor een zeer traag systeem en veel problemen met de Internet Explorer; traag en oneindig veel pop ups. Hierbij mijn HijackThis log. Ik hoop dat u mij kunt helpen.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 16:15:24, on 31-5-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Utilities\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070927
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
  O4 - HKCU\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup
  O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\wij\AppData\Local\Temp\yaywxYom.dll,#1
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\wij\AppData\Roaming\Microsoft\dtsc\3181.exe
  O4 - HKCU\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\ehscchet.dll",b
  O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp\nwnpkqoy.dll",run
  O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\cvtfokhu.dll",s
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 9326 bytes
 • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
  Kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:d8a62150bc]
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\wij\AppData\Local\Temp\yaywxYom.dll,#1
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
  O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\wij\AppData\Roaming\Microsoft\dtsc\3181.exe
  O4 - HKCU\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\ehscchet.dll",b
  O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp\nwnpkqoy.dll",run
  O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\cvtfokhu.dll",s
  [/b:d8a62150bc]
  Klik op 'Fix checked' om de items te verwijderen.

  Download ATF cleaner (gemaakt door Atribune)
  Dubbelklik op ATF cleaner om het programma te starten.
  Op het tabblad "Main", plaats je een vinkje bij [b:d8a62150bc]Select All[/b:d8a62150bc].
  Klik op de knop [b:d8a62150bc]Empty Selected[/b:d8a62150bc].

  Het volgende doen als je ook FireFox als browser hebt:
  Klik op tabblad "Firefox", plaats een vinkje bij [b:d8a62150bc]Select All[/b:d8a62150bc].
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
  Klik op de knop [b:d8a62150bc]Empty Selected[/b:d8a62150bc].

  Het volgende doen als je ook Opera als browser hebt:
  Klik op tabblad "Opera", plaats een vinkje bij [b:d8a62150bc]Select All[/b:d8a62150bc].
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  Klik op de knop [b:d8a62150bc]Empty Selected[/b:d8a62150bc].
  Ga naar het tabblad "Main" en klik op de knop [b:d8a62150bc]Exit[/b:d8a62150bc] om het programma af te sluiten.

  Download Malwarebytes' Anti-Malware via [b:d8a62150bc]hier[/b:d8a62150bc] of [b:d8a62150bc]hier[/b:d8a62150bc].

  Dubbelklik mbam-setup.exe om het programma te installeren.[list:d8a62150bc]
  [*:d8a62150bc]Zorg ervoor dat er een vinkje geplaatst is voor [b:d8a62150bc]Update Malwarebytes' Anti-Malware[/b:d8a62150bc] en [b:d8a62150bc]Launch Malwarebytes' Anti-Malware[/b:d8a62150bc], Klik daarna op "finish".
  [*:d8a62150bc]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  [*:d8a62150bc]Wanneer het programma volledig up to date is, selecteer "[b:d8a62150bc]Perform Quick Scan[/b:d8a62150bc]", daarna klik [b:d8a62150bc]Scan[/b:d8a62150bc].
  [*:d8a62150bc]Het scannen kan een tijdje duren, dus wees geduldig.
  [*:d8a62150bc]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  [*:d8a62150bc]Zorg ervoor dat daar [b:d8a62150bc]alles aangevinkt is[/b:d8a62150bc], daarna klik: [b:d8a62150bc]Remove Selected[/b:d8a62150bc].
  [*:d8a62150bc]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  [*:d8a62150bc]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  [*:d8a62150bc]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
  [/list:u:d8a62150bc]
  Extra opmerking:
  [b:d8a62150bc]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:d8a62150bc]
  Herstart de computer en plaats ook een nieuw HJT logje
 • Beste juisterr. Fijn dat je me wilt helpen. Hierbij de logs.

  Malwarebytes' Anti-Malware 1.14
  Database versie: 824
  20:06:05 4-6-2008
  mbam-log-6-4-2008 (20-06-05).txt
  Scan type: Snelle Scan
  Objecten gescand: 49719
  Verstreken tijd: 9 minute(s), 15 second(s)
  Geheugenprocessen geïnfecteerd: 0
  Geheugenmodulen geïnfecteerd: 0
  Registersleutels geïnfecteerd: 0
  Registerwaarden geïnfecteerd: 0
  Registerdata bestanden geïnfecteerd: 0
  Mappen geïnfecteerd: 0
  Bestanden geïnfecteerd: 39
  Geheugenprocessen geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  Geheugenmodulen geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  Registersleutels geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  Registerwaarden geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  Registerdata bestanden geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  Mappen geïnfecteerd:
  (Geen kwaadaardige items gevonden)
  Bestanden geïnfecteerd:
  C:\Users\wij\AppData\Local\Temp\mgtsbwci.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000a10f (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000a5df (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000b309 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000b691 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000bfa6 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000cf9d (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000d73b (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000e53f (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000ebf3 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0000fdbe (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp00013f50 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp000181fb (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0001e31d (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp00040f8a (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp000458d9 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp00067915 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp000c2155 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0013193a (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0013a1e9 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp002ad162 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp002d82e5 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp002db4be (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp003c6e7c (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp00424911 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0051587c (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp005a533f (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp00606845 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp006ff9bb (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp008daee7 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp0120ff1b (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp012f237d (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp013c1116 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp01bc3635 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp01dbb3dd (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp01e2b8ad (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\AppData\Local\Temp\tmp01fdb110 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\Local Settings\Temporary Internet Files\Content.IE5\UZHIESR0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Users\wij\Local Settings\Temporary Internet Files\Content.IE5\UZHIESR0\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 20:31:24, on 4-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\system32\Dwm.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Windows\ehome\ehtray.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\System32\mobsync.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Program Files\Internet Explorer\ieuser.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Utilities\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.nl/ig/dell?hl=nl&client=dell-row&channel=nl&ibd=3070927
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O1 - Hosts: ::1 localhost
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
  O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
  O4 - HKCU\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup
  O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
  O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ksybgjui.dll",s
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Send image to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O8 - Extra context menu item: Send page to &Bluetooth Device… - C:\Utilities\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 9161 bytes
 • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
  Kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:9a8b1d41b9]
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c
  O4 - HKCU\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ksybgjui.dll",s
  [/b:9a8b1d41b9]
  Klik op 'Fix checked' om de items te verwijderen.
  Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

  Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
  Is er iets niet duidelijk, dan vraag je het.
  Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
 • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
  Kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:8a09f79789]
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [Visual Subst] "C:\Utilities\VisualSubst\Install\VSubst.exe" /startup (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [MS Juan] rundll32 "C:\Users\wij\AppData\Local\Temp\xtpbgwrj.dll",run (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [2ab91582] rundll32.exe "C:\Users\wij\AppData\Local\Temp\vwrhwhnv.dll",b (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\bnborpsg.dll",s (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  [/b:8a09f79789]
  Klik op 'Fix checked' om de items te verwijderen.


  Run combofix als administrator <<<<<<
 • -ingelogd als gebruiker "wij"
  -hijackthis uitvoeren als admin en de opgegeven regels verwijderd.
  -afgemeld en ingelogt als admin
  -alle scanners afgesloten en zoveel mogelijk in de norton virusscanner afgesloten
  -combofix opgestart, op "onbekende uitgever" uitvoeren geklikt, UAC waarschuwing ook gezien en op "doorgaan" geklikt
  -het eerder genoemde combofix boxje verschijnt en loopt weer vol
  -de iconen op mijn bureaublad gaan een keer uit en weer aan
  -hierna gebeurt er niets meer :oops:
  -na 10 minuten afmelden en terug naar "wij" account
  -hijackthis uitvoeren als admin en de volgende, teruggekomen regels weer verwijderd:
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\bnborpsg.dll",s (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  -de andere 3 regels zijn nu weg
  -een nieuwe log gemaakt

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 20:57:11, on 7-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Utilities\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\Windows\system32\CTsvcCDA.exe
  C:\Windows\system32\dlcxcoms.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\PSIService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  C:\Program Files\Spyware Doctor\svcntaux.exe
  C:\Program Files\Spyware Doctor\swdsvc.exe
  C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Utilities\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 11413 bytes
 • Hallo, start opnieuw op als gebruiker ‘wij’

  Ga naar Start - Uitvoeren en geef daar het volgende in:
  [b:d0e1011fb9]%appdata%\Local\Temp
  [/b:d0e1011fb9]
  Druk op OK.
  Er zal een map openen, verwijder alles dat zich in deze map bevindt.

  Plaats een nieuw HJT logje
 • Er opent een temp map waaruit ik 182 items kan verwijderen.
  2 bestanden krijg ik niet weg, ook niet als admin nml.
  ponhwnqs.dll en rqRIaBSi.dll

  Hier de nieuwe HJT log

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:36:13, on 7-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Utilities\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\Windows\system32\CTsvcCDA.exe
  C:\Windows\system32\dlcxcoms.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\PSIService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  C:\Program Files\Spyware Doctor\svcntaux.exe
  C:\Program Files\Spyware Doctor\swdsvc.exe
  C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Windows\system32\SearchProtocolHost.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Utilities\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 11567 bytes
 • Ook niet in veilige modus ????
 • Ja, ze zijn nu wel weg te halen.
  Als ik daarna terug ga naar het "wij" account om een nieuwe HJT log te maken, krijg ik 2 foutmeldingen waarin aangegeven wordt dat de 2 verwijderde dll files niet gevonden worden.

  Nieuwe log

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 22:51:40, on 7-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Utilities\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\Windows\system32\CTsvcCDA.exe
  C:\Windows\system32\dlcxcoms.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\PSIService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  C:\Program Files\Spyware Doctor\svcntaux.exe
  C:\Program Files\Spyware Doctor\swdsvc.exe
  C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\SearchProtocolHost.exe
  C:\Windows\system32\SearchFilterHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Utilities\HijackThis\HijackThis.exe

  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 11594 bytes
 • Natuurlijk zegt hij dat.


  Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
  Kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:700a7d2499]
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [cmds] rundll32.exe C:\Users\wij\AppData\Local\Temp\rqRIaBSi.dll,c (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [BM298a261e] Rundll32.exe "C:\Users\wij\AppData\Local\Temp\ponhwnqs.dll",s (User 'wij')
  [/b:700a7d2499]
  Klik op 'Fix checked' om de items te verwijderen.  Volg de instructies zoals beschreven op de volgende pagina: hoe-dient-combofix-gebruikt-te-worden

  Gebruik je Vista, dan hoeft de Recovery Console niet te worden geinstalleerd.
  Is er iets niet duidelijk, dan vraag je het.
  Als het tooltje klaar is, opent er een logfile (C:\combofix.txt).
  Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.
 • Hallo juisterr
  De items verwijderd. Daarna in het "wij" account Combofix gestart. Dit keer is dit gelukt. :D
  Hier de beide logs.

  ComboFix 08-06-05.3 - beheerder 10-06-2008 18:58:06.1 - NTFSx86
  Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1043.18.863 [GMT 2:00]
  Gestart vanuit: C:\Users\wij\Desktop\ComboFix.exe
  * Nieuw herstelpunt werd aangemaakt
  .

  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
  .

  C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
  C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

  —– BITS: Mogelijk geïnfecteerde sites —–

  hxxp://theinstalls.com
  .
  (((((((((((((((((((( Bestanden Gemaakt van 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))
  .

  Geen nieuwe bestanden aangemaakt in deze periode

  .
  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-10 16:58 6,736 —-a-w C:\Windows\system32\drivers\PROCEXP90.SYS
  2008-06-10 16:48 ——— d—–w C:\Program Files\Dl_cats
  2008-06-10 15:26 ——— d—a-w C:\ProgramData\TEMP
  2008-06-10 09:20 ——— d—–w C:\Program Files\Spyware Doctor
  2008-06-10 09:12 ——— d—–w C:\ProgramData\Google Updater
  2008-06-07 21:17 3,766 –sha-w C:\Windows\System32\KGyGaAvL.sys
  2008-06-05 20:04 ——— d—–w C:\Program Files\Norton Security Scan
  2008-06-04 21:22 ——— d—–w C:\Users\internet\AppData\Roaming\Winamp
  2008-06-04 17:45 ——— d—–w C:\Users\beheerder\AppData\Roaming\Malwarebytes
  2008-06-04 17:45 ——— d—–w C:\ProgramData\Malwarebytes
  2008-06-04 17:13 41,288 —-a-w C:\Windows\system32\drivers\ikfilesec.sys
  2008-06-03 15:50 805 —-a-w C:\Windows\system32\drivers\SYMEVENT.INF
  2008-06-03 15:50 123,952 —-a-w C:\Windows\system32\drivers\SYMEVENT.SYS
  2008-06-03 15:50 10,671 —-a-w C:\Windows\system32\drivers\SYMEVENT.CAT
  2008-06-03 15:50 ——— d—–w C:\Program Files\Symantec
  2008-06-02 18:18 ——— d—–w C:\Users\internet\AppData\Roaming\Corel
  2008-06-02 18:00 ——— d—–w C:\Users\internet\AppData\Roaming\Nero
  2008-06-01 21:45 ——— d—–w C:\Users\internet\AppData\Roaming\GrabIt
  2008-06-01 15:44 ——— d—–w C:\Users\wij\AppData\Roaming\GrabIt
  2008-05-31 11:39 ——— d—–w C:\Program Files\CommonTime
  2008-05-31 11:36 ——— d—–w C:\Program Files\Common Files\Real
  2008-05-30 12:43 ——— d—–w C:\Program Files\Microsoft.NET
  2008-05-30 07:38 ——— d–h–w C:\Users\internet\AppData\Roaming\GTek
  2008-05-29 23:06 34,296 —-a-w C:\Windows\system32\drivers\mbamcatchme.sys
  2008-05-29 23:06 15,864 —-a-w C:\Windows\system32\drivers\mbam.sys
  2008-05-29 16:24 74,240 —-a-w C:\Windows\system32\drivers\iksyssec.sys
  2008-05-29 16:24 56,832 —-a-w C:\Windows\system32\drivers\iksysflt.sys
  2008-05-29 15:59 ——— d—–w C:\Users\beheerder\AppData\Roaming\PC Tools
  2008-05-29 15:36 ——— d—–w C:\ProgramData\Spybot - Search & Destroy
  2008-05-29 15:32 ——— d—–w C:\Users\beheerder\AppData\Roaming\Lavasoft
  2008-05-28 15:42 ——— d—–w C:\ProgramData\Prevx
  2008-05-27 20:26 ——— d—–w C:\ProgramData\Symantec
  2008-05-25 09:49 ——— d—–w C:\Users\wij\AppData\Roaming\FrostWire
  2008-05-20 21:22 ——— d—–w C:\Program Files\Google
  2008-05-19 18:34 ——— d—–w C:\Users\wij\AppData\Roaming\NCH Swift Sound
  2008-05-17 12:06 ——— d—–w C:\ProgramData\NCH Swift Sound
  2008-05-17 12:06 ——— d—–w C:\Program Files\NCH Swift Sound
  2008-05-17 12:03 ——— d—–w C:\Users\beheerder\AppData\Roaming\NCH Swift Sound
  2008-05-14 19:54 ——— d—–w C:\Program Files\Windows Mail
  2008-05-12 19:52 ——— d—–w C:\Users\wij\AppData\Roaming\AVS4YOU
  2008-05-12 19:52 ——— d—–w C:\ProgramData\AVS4YOU
  2008-05-12 19:51 ——— d—–w C:\Program Files\Common Files\AVSMedia
  2008-05-12 19:43 ——— d—–w C:\Users\beheerder\AppData\Roaming\AccurateRip
  2008-05-12 19:38 4,230,520 —-a-w C:\Windows\System32\SpoonUninstall.exe
  2008-05-11 20:37 ——— d—–w C:\ProgramData\Hema Album Software Advanced
  2008-05-11 17:15 ——— d—–w C:\Users\wij\AppData\Roaming\ZoomBrowser EX
  2008-05-11 17:12 ——— d—–w C:\ProgramData\ZoomBrowser
  2008-05-04 20:27 ——— d—–w C:\Users\wij\AppData\Roaming\Zylom
  2008-04-22 17:36 ——— d—–w C:\Users\wij\AppData\Roaming\Switchball
  2008-04-22 17:35 ——— d—–w C:\ProgramData\Trymedia
  2008-04-22 17:30 ——— d–h–w C:\Program Files\InstallShield Installation Information
  2008-04-12 18:40 ——— d—–w C:\ProgramData\TomTom
  2008-04-12 18:39 ——— d—–w C:\Users\wij\AppData\Roaming\TomTom
  2008-04-12 18:39 ——— d—–w C:\Program Files\TomTom HOME 2
  2008-03-10 19:37 307,968 —-a-w C:\Windows\System32\TuneUpDefragService.exe
  2007-10-07 18:00 104 —-a-w C:\Users\wij\AppData\Roaming\wklnhst.dat
  2007-10-02 17:45 174 –sha-w C:\Program Files\desktop.ini
  2008-02-13 15:50 16,384 –sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  2008-02-13 15:50 32,768 –sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  2008-02-13 15:50 16,384 –sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  2007-11-05 21:00 88 –sh–r C:\Windows\System32\927314FA20.sys
  .

  ——- Sigcheck ——-

  .
  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
  31-01-2008 19:29 116088 –a—— C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [27-09-2007 11:15 77824]
  "NvSvc"="C:\Windows\system32\nvsvc.dll" [28-05-2007 06:59 86016]
  "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28-05-2007 06:59 81920]
  "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28-05-2007 06:58 8429568]
  "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01-03-2007 15:57 153136]
  "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [04-11-2006 03:04 304008]
  "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31-01-2008 14:15 51048]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-01-2008 23:16 39792]
  "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [29-05-2008 18:04 1065800]

  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
  "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
  "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe"

  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
  "Corel File Shell Monitor"=C:\Foto's\Corel\Paint Shop Pro X2 demo\CorelIOMonitor.exe
  "UpdReg"=C:\Windows\UpdReg.EXE
  "dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
  "dscactivate"=c:\dell\dsca.exe 3
  "ECenter"=C:\Dell\E-Center\EULALauncher.exe
  "FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" /s
  "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
  "DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
  "VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
  "RtHDVCpl"=RtHDVCpl.exe
  "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
  "Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
  "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
  "Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe

  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "UacDisableNotify"=dword:00000001
  "InternetSettingsDisableNotify"=dword:00000001
  "AutoUpdateDisableNotify"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=dword:00000001

  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
  "{B3C078DB-B300-4177-AC34-BB382355351D}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
  "{ECEB57EC-F044-49CA-AE9E-F04BEEEFD269}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
  "{3C0C09CE-BC26-4067-BE60-D8FDD0AAF235}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
  "{D1007CA5-E547-4107-AE41-BB41C809A0FC}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
  "{BD69E679-B96F-4772-A4AC-41FC109E08DD}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
  "{07E59648-0EAD-4793-8E6E-61179F6C978E}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
  "{F70FD3DA-BA4E-4714-A802-8046015C0809}"= Disabled:UDP:135:TCP Port 135
  "{15C5DF8B-8018-4628-B15A-3B57B41808EB}"= Disabled:UDP:5000:TCP Port 5000
  "{9F36112A-A31D-46C8-A061-FC4DFA0AF453}"= Disabled:UDP:5001:TCP Port 5001
  "{27A8DC24-E5ED-4839-8C4A-86299CD898CE}"= Disabled:UDP:5002:TCP Port 5002
  "{F5E9CCAD-E88C-4539-9F9D-ED20CE26A45C}"= Disabled:UDP:5003:TCP Port 5003
  "{6058BD8A-A2C4-4C52-BEB1-1FC24D6E136C}"= Disabled:UDP:5004:TCP Port 5004
  "{F12BB214-D3C1-453F-8CB9-AC5DDC95D064}"= Disabled:UDP:5005:TCP Port 5005
  "{06E2F5F7-9230-4867-9384-2B613AB35206}"= Disabled:UDP:5006:TCP Port 5006
  "{AA060DB0-F559-4076-91F5-07F46D5FDA27}"= Disabled:UDP:5007:TCP Port 5007
  "{0DBDE849-2C73-4FB0-AC7F-CFCA48D44A49}"= Disabled:UDP:5008:TCP Port 5008
  "{502A7B0C-36B2-4B77-8E77-88293DDCD71E}"= Disabled:UDP:5009:TCP Port 5009
  "{EB25C0E6-F4D3-4F0D-AB40-49A1CF4A5E47}"= Disabled:UDP:5010:TCP Port 5010
  "{EFB21B16-1B4A-4FC8-83C0-CF1330571042}"= Disabled:UDP:5011:TCP Port 5011
  "{AEBACF19-7E9F-4FC0-98B2-61196E2090D0}"= Disabled:UDP:5012:TCP Port 5012
  "{D28143E9-F096-4E3A-897F-2D772FC7A460}"= Disabled:UDP:5013:TCP Port 5013
  "{B1F4ABF1-FE75-4AF6-8FBB-3A4BF0D5F9F8}"= Disabled:UDP:5014:TCP Port 5014
  "{AF9EDDBA-24BE-425D-8602-2277999A8041}"= Disabled:UDP:5015:TCP Port 5015
  "{0B35C11A-D547-49AA-9B06-F0B985A4301B}"= Disabled:UDP:5016:TCP Port 5016
  "{69BC28EA-599E-45DF-B707-C1A0CD85840E}"= Disabled:UDP:5017:TCP Port 5017
  "{59D4F47D-E68F-4B1B-A54D-55D6B419960A}"= Disabled:UDP:5018:TCP Port 5018
  "{6B61A0CD-FAF4-4BC8-946F-AB66FA6B2592}"= Disabled:UDP:5019:TCP Port 5019
  "{3B3B5807-63B6-4767-B88D-C09DA8589C46}"= Disabled:UDP:5020:TCP Port 5020
  "TCP Query User{F2DE2411-F6F9-4C61-9E12-B29AA2A95DBF}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
  "UDP Query User{70DA0D45-E0D6-46FD-B0E8-68F120093A78}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
  "{E9EB90D2-1E1A-4F1E-890E-35E51A73E54B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
  "{FF860C12-E9F1-4EEC-B6DB-39315D97BB75}"= Disabled:UDP:C:\Program Files\GrabIt\GrabIt.exe:GrabIt
  "{C240E400-5A50-45F0-A506-F06BE39E49E6}"= Disabled:TCP:C:\Program Files\GrabIt\GrabIt.exe:GrabIt
  "{B7A722DF-5EC5-4FC7-B3A0-C8ABB2273A3E}"= UDP:C:\Games\Test Drive Unlimited\TestDriveUnlimited.exe:Test Drive Unlimited starten
  "{8A171F24-FB6C-4EE8-90A2-CA6188636AD0}"= TCP:C:\Games\Test Drive Unlimited\TestDriveUnlimited.exe:Test Drive Unlimited starten

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
  "EnableFirewall"= 0 (0x0)

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
  "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
  "EnableFirewall"= 0 (0x0)

  R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080607.001\IDSvix86.sys [13-02-2008 18:18]
  R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [04-11-2006 03:07]
  R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
  R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [02-11-2006 11:45]
  R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [11-07-2007 09:15]
  R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\Windows\System32\svchost.exe [02-11-2006 11:45]
  R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [02-11-2006 11:45]
  R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [13-08-2007 14:50]
  S3 btwaudio;Bluetooth-audioapparaat;C:\Windows\system32\drivers\btwaudio.sys [20-11-2006 14:59]
  S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [20-11-2006 14:59]
  S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [20-11-2006 14:59]
  S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [02-11-2006 09:36]
  S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\Windows\system32\DRIVERS\se46bus.sys [30-11-2006 16:11]
  S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\se46mdfl.sys [30-11-2006 16:11]
  S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\se46mdm.sys [30-11-2006 16:11]
  S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\se46mgmt.sys [30-11-2006 16:11]
  S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\Windows\system32\DRIVERS\se46nd5.sys [30-11-2006 16:11]
  S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\se46obex.sys [30-11-2006 16:11]
  S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\Windows\system32\DRIVERS\se46unic.sys [30-11-2006 16:11]
  S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [10-03-2008 21:37]

  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  bthsvcs REG_MULTI_SZ BthServ
  WindowsMobile REG_MULTI_SZ wcescomm rapimgr
  LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  UxTuneUp

  *Newly Created Service* - CATCHME
  .
  Inhoud van de 'Gedeelde Taken' map
  "2008-06-02 18:00:00 C:\Windows\Tasks\Norton AntiVirus - Volledige systeemscan uitvoeren - beheerder.job"
  - C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
  "2008-06-10 16:50:13 C:\Windows\Tasks\User_Feed_Synchronization-{5D577E6B-684A-4940-8A88-E5C53E927F6E}.job"
  - C:\Windows\system32\msfeedssync.exe
  .
  **************************************************************************

  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-10 19:03:10
  Windows 6.0.6000 NTFS

  detected NTDLL code modification:
  ZwClose

  scannen van verborgen processen …

  scannen van verborgen autostart items …

  scannen van verborgen bestanden …

  Scan succesvol afgerond
  verborgen bestanden: 0

  **************************************************************************
  .
  Voltooingstijd: 10-06-2008 19:04:54
  ComboFix-quarantined-files.txt 2008-06-10 17:04:48

  Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.
  Kan het bericht voor berichtnummer 0x2379 niet vinden in berichtenbestand voor Application.

  225 — E O F — 2008-06-05 19:43:18


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 19:07:32, on 10-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Utilities\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\Windows\system32\CTsvcCDA.exe
  C:\Windows\system32\dlcxcoms.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\PSIService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  C:\Program Files\Spyware Doctor\svcntaux.exe
  C:\Program Files\Spyware Doctor\swdsvc.exe
  C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\Dwm.exe
  C:\Program Files\Java\jre1.6.0\bin\jusched.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\system32\conime.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\Explorer.exe
  C:\Utilities\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 10551 bytes
 • Klik met de rechtermuis op het programma Hijackthis en kies voor "Uitvoeren als Administrator"
  Kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:26d2ee912a]
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  [/b:26d2ee912a]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.

  Download [b:26d2ee912a].
  [list:26d2ee912a][*:26d2ee912a]Scroll omlaag naar : "[i:26d2ee912a]Java Runtime Environment (JRE) 6 Update 6[/i:26d2ee912a]".
  [*:26d2ee912a]Klik op de "[b:26d2ee912a]Download[/b:26d2ee912a]" knop aan de rechterkant.
  [*:26d2ee912a]Vink aan: "[b:26d2ee912a]Accept License Agreement[/b:26d2ee912a]", en klik op [b:26d2ee912a]Continue[/b:26d2ee912a].
  [*:26d2ee912a]De pagina zal herladen.
  [*:26d2ee912a]Klik op de [b:26d2ee912a]Windows Offline Installation, Multi-language[/b:26d2ee912a] link ONDER [b:26d2ee912a]Windows Platform - Java SE Runtime Environment 6 Update 6[/b:26d2ee912a] en bewaar het op je Bureaublad.
  [*:26d2ee912a]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  [*:26d2ee912a]Ga dan naar [b:26d2ee912a]Start[/b:26d2ee912a] > [b:26d2ee912a]Configuratiescherm[/b:26d2ee912a] > [b:26d2ee912a]Software[/b:26d2ee912a] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
  [*:26d2ee912a]Herhaal dit tot alle oudere versies verdwenen zijn.
  [*:26d2ee912a]Na het verwijderen van alle oudere versies, [b:26d2ee912a]herstart[/b:26d2ee912a] je pc.
  [*:26d2ee912a]Dubbelklik vervolgens op [b:26d2ee912a]jre-6u6-windows-i586-p.exe[/b:26d2ee912a] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:26d2ee912a]
 • Done.
  2 oude versies van Java verwijderd.
  opnieuw opgestart.
  nieuwste Java geinstalleerd.
  weer opnieuw opgestart.
  nieuwe hijackthis log gemaakt.

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 21:30:39, on 10-6-2008
  Platform: Windows Vista (WinNT 6.00.1904)
  MSIE: Internet Explorer v7.00 (7.00.6000.16643)
  Boot mode: Normal

  Running processes:
  C:\Windows\System32\smss.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\wininit.exe
  C:\Windows\system32\csrss.exe
  C:\Windows\system32\services.exe
  C:\Windows\system32\winlogon.exe
  C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsm.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\SLsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe
  C:\Utilities\Ad-Aware 2007\aawservice.exe
  C:\Windows\System32\spoolsv.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\Dwm.exe
  C:\Windows\Explorer.EXE
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  C:\Windows\system32\CTsvcCDA.exe
  C:\Windows\system32\dlcxcoms.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\system32\PSIService.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  C:\Program Files\Spyware Doctor\svcntaux.exe
  C:\Program Files\Spyware Doctor\swdsvc.exe
  C:\Program Files\Spyware Doctor\SDTrayApp.exe
  C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  C:\Windows\system32\svchost.exe
  C:\Windows\System32\svchost.exe
  C:\Windows\system32\SearchIndexer.exe
  C:\Windows\System32\rundll32.exe
  C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
  C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
  C:\Windows\ehome\ehtray.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
  C:\Windows\system32\WUDFHost.exe
  C:\Program Files\Dell Support Center\bin\sprtcmd.exe
  C:\Program Files\Windows Media Player\wmpnscfg.exe
  C:\Windows\System32\rundll32.exe
  C:\Windows\ehome\ehmsas.exe
  C:\Windows\system32\wbem\wmiprvse.exe
  C:\Program Files\Windows Sidebar\sidebar.exe
  C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\system32\taskeng.exe
  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  C:\Windows\System32\mobsync.exe
  C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
  C:\Windows\system32\taskeng.exe
  C:\Windows\system32\svchost.exe
  C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  C:\Utilities\HijackThis\HijackThis.exe
  C:\Windows\system32\wbem\wmiprvse.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xs4all.nl/~mjkoster/index.html
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O1 - Hosts: ::1 localhost
  O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
  O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
  O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
  O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
  O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'wij')
  O4 - HKUS\S-1-5-21-165155568-409165063-1121616804-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'wij')
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Utilities\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
  O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
  O13 - Gopher Prefix:
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
  O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Utilities\Ad-Aware 2007\aawservice.exe
  O23 - Service: Planner voor Automatische LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
  O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
  O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
  O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
  O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
  O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
  O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
  O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
  O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
  O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
  O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
  O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
  O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
  O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe


  End of file - 10421 bytes
 • Volgens mij toch weer terug schoon dit logje
 • computer snel, internet zonder pop-ups, diverse scanners geven geen meldingen meer bij scans. Ik denk dat alles weer OK is.
  Juisterr, heel veel dank voor je hulp. Je hebt me geweldig geholpen. :D

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.