Vraag & Antwoord

Beveiliging & privacy

reclame van antivirusscherm e.a.

Anoniem
juisterr
8 antwoorden
 • Schakel [b:7c80dd181f]Spybot's TeaTimer[/b:7c80dd181f] even uit, omdat deze de fix in de weg kan zitten:
  - Start Spybot
  - Ga naar Mode > selecteer Advanced Mode
  - Ga naar Tools en klik op het Resident-icoon in de lijst
  - Haal het vinkje weg bij Resident [b:7c80dd181f]TeaTimer[/b:7c80dd181f] en klik OK
  - Herstart de computer

  Download vervolgens ResetTeaTimer.bat naar je Bureaublad.
  Dubbelklik op [b:7c80dd181f]ResetTeaTimer.bat[/b:7c80dd181f] om alle entries in [b:7c80dd181f] TeaTimer[/b:7c80dd181f] te verwijderen.
  [i:7c80dd181f]Als de computer schoon is, kun je [b:7c80dd181f]TeaTimer[/b:7c80dd181f] weer aan zetten [/i:7c80dd181f]  Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:7c80dd181f]
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  O2 - BHO: {19b6ea69-7bb0-7b48-0524-e4c9b0667de0} - {0ed7660b-9c4e-4250-84b7-0bb796ae6b91} - C:\WINDOWS\system32\qnilnbpj.dll
  O2 - BHO: (no name) - {5AD4A838-4D24-4B01-AB06-5C4AA0B7663A} - C:\WINDOWS\system32\hgGyWpnn.dll (file missing)
  O2 - BHO: (no name) - {7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} - C:\WINDOWS\system32\wvUmliHX.dll
  O2 - BHO: (no name) - {91D72CDF-59FC-4F05-973E-9CA9EB23C944} - C:\WINDOWS\system32\pmnkHYsp.dll (file missing)
  O4 - HKLM\..\Run: [BM2fa08031] Rundll32.exe "C:\WINDOWS\system32\dkcpaxeg.dll",s
  O4 - HKLM\..\Run: [2c93b3ad] rundll32.exe "C:\WINDOWS\system32\mktkmqkl.dll",b
  O4 - HKLM\..\RunOnce: [SpybotDeletingA1219] command /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKLM\..\RunOnce: [SpybotDeletingC1596] cmd /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKCU\..\RunOnce: [SpybotDeletingB2064] command /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKCU\..\RunOnce: [SpybotDeletingD5429] cmd /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O20 - Winlogon Notify: wvUmliHX - C:\WINDOWS\SYSTEM32\wvUmliHX.dll
  [/b:7c80dd181f]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.
  Download ATF cleaner (gemaakt door Atribune)
  Dubbelklik op ATF cleaner om het programma te starten.
  Op het tabblad "Main", plaats je een vinkje bij [b:7c80dd181f]Select All[/b:7c80dd181f].
  Klik op de knop [b:7c80dd181f]Empty Selected[/b:7c80dd181f].

  Het volgende doen als je ook FireFox als browser hebt:
  Klik op tabblad "Firefox", plaats een vinkje bij [b:7c80dd181f]Select All[/b:7c80dd181f].
  Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  (dit haalt het vinkje weer weg bij "Firefox saved passwords";)
  Klik op de knop [b:7c80dd181f]Empty Selected[/b:7c80dd181f].

  Het volgende doen als je ook Opera als browser hebt:
  Klik op tabblad "Opera", plaats een vinkje bij [b:7c80dd181f]Select All[/b:7c80dd181f].
  Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op "No".
  Klik op de knop [b:7c80dd181f]Empty Selected[/b:7c80dd181f].
  Ga naar het tabblad "Main" en klik op de knop [b:7c80dd181f]Exit[/b:7c80dd181f] om het programma af te sluiten.

  Download Malwarebytes' Anti-Malware via [b:7c80dd181f]hier[/b:7c80dd181f] of [b:7c80dd181f]hier[/b:7c80dd181f].

  Dubbelklik mbam-setup.exe om het programma te installeren.[list:7c80dd181f]
  [*:7c80dd181f]Zorg ervoor dat er een vinkje geplaatst is voor [b:7c80dd181f]Update Malwarebytes' Anti-Malware[/b:7c80dd181f] en [b:7c80dd181f]Launch Malwarebytes' Anti-Malware[/b:7c80dd181f], Klik daarna op "finish".
  [*:7c80dd181f]Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
  [*:7c80dd181f]Wanneer het programma volledig up to date is, selecteer "[b:7c80dd181f]Perform Quick Scan[/b:7c80dd181f]", daarna klik [b:7c80dd181f]Scan[/b:7c80dd181f].
  [*:7c80dd181f]Het scannen kan een tijdje duren, dus wees geduldig.
  [*:7c80dd181f]Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
  [*:7c80dd181f]Zorg ervoor dat daar [b:7c80dd181f]alles aangevinkt is[/b:7c80dd181f], daarna klik: [b:7c80dd181f]Remove Selected[/b:7c80dd181f].
  [*:7c80dd181f]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
  [*:7c80dd181f]De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
  [*:7c80dd181f]Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.
  [/list:u:7c80dd181f]
  Extra opmerking:
  [b:7c80dd181f]Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten… dus sta toe dat MBAM de computer opnieuw opstart.[/b:7c80dd181f]
  Herstart de computer en plaats ook een nieuw HJT logje
 • Hallo,

  Sinds een paar dagen heb ik last van reclame van antivirusscherm en anderen van dit soort. Ook is mijn internet trager geworden.

  Inmiddels heb ik de volgende scans al gedaan: McAfee, ad-aware, spybot S & D, coolwebshredder en als laatste Hijackthis. Daar is het onderstaande log uit gekomen.

  Graag zou ik tips willen van de experts. Ben zelf nogal een leek met computers. Alvast bedankt voor de moeite.

  Groet Astrid

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 12:34:50, on 6-6-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
  C:\WINDOWS\system32\slserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
  C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
  C:\WINDOWS\NCLAUNCH.EXe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\DrvMon.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\rundll32.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: {19b6ea69-7bb0-7b48-0524-e4c9b0667de0} - {0ed7660b-9c4e-4250-84b7-0bb796ae6b91} - C:\WINDOWS\system32\qnilnbpj.dll
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O2 - BHO: (no name) - {5AD4A838-4D24-4B01-AB06-5C4AA0B7663A} - C:\WINDOWS\system32\hgGyWpnn.dll (file missing)
  O2 - BHO: (no name) - {7D7DB869-3021-4CD2-AF0A-B3CAD75ECE31} - C:\WINDOWS\system32\wvUmliHX.dll
  O2 - BHO: (no name) - {91D72CDF-59FC-4F05-973E-9CA9EB23C944} - C:\WINDOWS\system32\pmnkHYsp.dll (file missing)
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
  O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
  O4 - HKLM\..\Run: [BM2fa08031] Rundll32.exe "C:\WINDOWS\system32\dkcpaxeg.dll",s
  O4 - HKLM\..\Run: [2c93b3ad] rundll32.exe "C:\WINDOWS\system32\mktkmqkl.dll",b
  O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
  O4 - HKLM\..\RunOnce: [SpybotDeletingA1219] command /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKLM\..\RunOnce: [SpybotDeletingC1596] cmd /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
  O4 - HKCU\..\RunOnce: [SpybotDeletingB2064] command /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKCU\..\RunOnce: [SpybotDeletingD5429] cmd /c del "C:\WINDOWS\system32\pmnkHYsp.dll_old"
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: Sitecom Wireless LAN Utility.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/VS2/bin/myCioAgt.cab
  O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.picturefactory.nl/picturefactory/BPImageEditor.cab
  O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.picturefactory.nl/picturefactory/DragDropUploader.cab
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.picturefactory.nl/picturefactory/BPPrintClient.cab
  O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
  O18 - Filter hijack: text/html - (no CLSID) - (no file)
  O20 - Winlogon Notify: wvUmliHX - C:\WINDOWS\SYSTEM32\wvUmliHX.dll
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
  O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
  O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


  End of file - 10011 bytes
 • Allereerst wil ik je alvast bedanken dat je me wilt helpen.

  Ik ben inmiddels begonnen met het uitvoeren van de stappen die je hebt beschreven. Helaas blijf ik hangen bij de ATF-cleaner. De link naar dit programma werkt namelijk niet. Is er nog een andere link naar dit programma? Of kan ik deze stap overslaan?

  [i:372e08d4be]Edit: De link werkt inmiddels weer, dus ik ga gewoon weer verder met het volgen van de beschreven stappen. [/i:372e08d4be]
 • Bij deze het MBAM log en Hijackthis log. Ik wacht de volgende stappen weer af.

  Malwarebytes' Anti-Malware 1.15
  Database version: 840

  17:02:37 8-6-2008
  mbam-log-6-8-2008 (17-02-37).txt

  Scan type: Quick Scan
  Objects scanned: 41239
  Time elapsed: 9 minute(s), 26 second(s)

  Memory Processes Infected: 0
  Memory Modules Infected: 3
  Registry Keys Infected: 21
  Registry Values Infected: 3
  Registry Data Items Infected: 2
  Folders Infected: 0
  Files Infected: 17

  Memory Processes Infected:
  (No malicious items detected)

  Memory Modules Infected:
  C:\WINDOWS\system32\byXNhExW.dll (Trojan.Vundo) -> Unloaded module successfully.
  C:\WINDOWS\system32\psulnlel.dll (Trojan.Vundo) -> Unloaded module successfully.
  C:\WINDOWS\system32\wvUmliHX.dll (Trojan.FakeAlert) -> Unloaded module successfully.

  Registry Keys Infected:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2631cf8b-55e7-4913-8653-bc2b43e42833} (Trojan.Vundo) -> Delete on reboot.
  HKEY_CLASSES_ROOT\CLSID\{2631cf8b-55e7-4913-8653-bc2b43e42833} (Trojan.Vundo) -> Delete on reboot.
  HKEY_CLASSES_ROOT\CLSID\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.FakeAlert) -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.FakeAlert) -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvumlihx (Trojan.FakeAlert) -> Delete on reboot.
  HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\AntiSpywareMaster (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

  Registry Values Infected:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2c93b3ad (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7d7db869-3021-4cd2-af0a-b3cad75ece31} (Trojan.FakeAlert) -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM2fa08031 (Trojan.Agent) -> Delete on reboot.

  Registry Data Items Infected:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnhexw -> Delete on reboot.
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnhexw -> Delete on reboot.

  Folders Infected:
  (No malicious items detected)

  Files Infected:
  C:\WINDOWS\system32\byXNhExW.dll (Trojan.Vundo) -> Delete on reboot.
  C:\WINDOWS\system32\WxEhNXyb.ini (Trojan.Vundo) -> Delete on reboot.
  C:\WINDOWS\system32\WxEhNXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\debhtxpf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\fpxthbed.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\jhbnkaim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\miaknbhj.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\mktkmqkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\lkqmktkm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\psulnlel.dll (Trojan.Vundo) -> Delete on reboot.
  C:\WINDOWS\system32\lelnlusp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\wvUmliHX.dll (Trojan.FakeAlert) -> Delete on reboot.
  C:\Documents and Settings\astrid\Local Settings\Temporary Internet Files\Content.IE5\0HERSDY3\kb456456[2] (Trojan.Vundo) -> Delete on reboot.
  C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\jclhvxtc.dll (Trojan.Agent) -> Delete on reboot.
  C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Documents and Settings\astrid\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.


  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:08:01, on 8-6-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
  C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe
  C:\WINDOWS\system32\slserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wscntfy.exe
  C:\WINDOWS\System32\svchost.exe
  C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: (no name) - {5AD4A838-4D24-4B01-AB06-5C4AA0B7663A} - (no file)
  O2 - BHO: (no name) - {721022E9-974F-4E8B-B5B2-342D4AD00AB6} - C:\WINDOWS\system32\geBqonmm.dll (file missing)
  O2 - BHO: {57b3707b-3892-535b-d024-eb8ff7bb0b27} - {72b0bb7f-f8be-420d-b535-2983b7073b75} - C:\WINDOWS\system32\ukcwpsle.dll
  O2 - BHO: (no name) - {91D72CDF-59FC-4F05-973E-9CA9EB23C944} - (no file)
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O2 - BHO: (no name) - {BF56E01C-6185-4618-BFD0-559E641484EF} - C:\WINDOWS\system32\geBqPHWp.dll (file missing)
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
  O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: Sitecom Wireless LAN Utility.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/VS2/bin/myCioAgt.cab
  O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.picturefactory.nl/picturefactory/BPImageEditor.cab
  O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.picturefactory.nl/picturefactory/DragDropUploader.cab
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.picturefactory.nl/picturefactory/BPPrintClient.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
  O18 - Filter hijack: text/html - (no CLSID) - (no file)
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
  O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
  O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


  End of file - 8586 bytes
 • Start Hijackthis op en kies voor 'Do a system scan only'
  Selecteer alleen de items die hieronder zijn genoemd:
  [b:5301b66303]
  O2 - BHO: (no name) - {5AD4A838-4D24-4B01-AB06-5C4AA0B7663A} - (no file)
  O2 - BHO: (no name) - {721022E9-974F-4E8B-B5B2-342D4AD00AB6} - C:\WINDOWS\system32\geBqonmm.dll (file missing)
  O2 - BHO: {57b3707b-3892-535b-d024-eb8ff7bb0b27} - {72b0bb7f-f8be-420d-b535-2983b7073b75} - C:\WINDOWS\system32\ukcwpsle.dll
  O2 - BHO: (no name) - {91D72CDF-59FC-4F05-973E-9CA9EB23C944} - (no file)
  O2 - BHO: (no name) - {BF56E01C-6185-4618-BFD0-559E641484EF} - C:\WINDOWS\system32\geBqPHWp.dll (file missing)
  [/b:5301b66303]
  Sluit alle vensters behalve Hijackthis
  Klik op 'Fix checked' om de items te verwijderen.

  Download [b:5301b66303].
  [list:5301b66303][*:5301b66303]Scroll omlaag naar : "[i:5301b66303]Java Runtime Environment (JRE) 6 Update 6[/i:5301b66303]".
  [*:5301b66303]Klik op de "[b:5301b66303]Download[/b:5301b66303]" knop aan de rechterkant.
  [*:5301b66303]Vink aan: "[b:5301b66303]Accept License Agreement[/b:5301b66303]", en klik op [b:5301b66303]Continue[/b:5301b66303].
  [*:5301b66303]De pagina zal herladen.
  [*:5301b66303]Klik op de [b:5301b66303]Windows Offline Installation, Multi-language[/b:5301b66303] link ONDER [b:5301b66303]Windows Platform - Java SE Runtime Environment 6 Update 6[/b:5301b66303] en bewaar het op je Bureaublad.
  [*:5301b66303]Sluit alle programma's die eventueel open zijn - Zeker je web browser!
  [*:5301b66303]Ga dan naar [b:5301b66303]Start[/b:5301b66303] > [b:5301b66303]Configuratiescherm[/b:5301b66303] > [b:5301b66303]Software[/b:5301b66303] en verwijder alle oudere versies van Java uit de Softwarelijst. (met Java Runtime Environment (JRE of J2SE) in de naam.
  [*:5301b66303]Herhaal dit tot alle oudere versies verdwenen zijn.
  [*:5301b66303]Na het verwijderen van alle oudere versies, [b:5301b66303]herstart[/b:5301b66303] je pc.
  [*:5301b66303]Dubbelklik vervolgens op [b:5301b66303]jre-6u6-windows-i586-p.exe[/b:5301b66303] op je Bureaublad om de nieuwste versie van Java te installeren.[/list:u:5301b66303]


  run mbam nogmaals en start opnieuw op.

  vertel even hoe het gaat.
 • Hallo Juisterr,

  Het ziet er naar uit dat alles weer goed is. De problemen waar ik tegen aan liep zijn er nu niet meer. Google kan weer gewoon zoeken, geen popup's meer, geen foutmeldingen meer.

  Nogmaals heel erg bedankt voor je hulp!!

  Groet Astrid

  Voor de zekerheid nog even een logje:

  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 20:30:12, on 8-6-2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal

  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\System32\Ati2evxx.exe
  C:\Program Files\Bonjour\mDNSResponder.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
  C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
  C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
  C:\WINDOWS\system32\slserv.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
  C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  C:\Program Files\Sitecom Wireless LAN\WLANUTL.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
  O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
  O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
  O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
  O4 - Global Startup: BTTray.lnk = ?
  O4 - Global Startup: Sitecom Wireless LAN Utility.lnk = ?
  O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
  O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap.4sure.it/VS2/bin/myCioAgt.cab
  O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.picturefactory.nl/picturefactory/BPImageEditor.cab
  O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.picturefactory.nl/picturefactory/DragDropUploader.cab
  O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScopeLite.cab
  O16 - DPF: {DF304508-B304-11D3-B860-00201857EBF5} (Pixami Print Layout Control) - http://www.picturefactory.nl/picturefactory/BPPrintClient.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.hema.nl/site/xupload/XUpload.ocx
  O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
  O18 - Filter hijack: text/html - (no CLSID) - (no file)
  O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
  O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
  O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
  O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
  O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
  O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
  O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


  End of file - 8331 bytes
 • Ja netjes zo, klachten over zie ik.
  Om herinfectie via systeemherstel te voorkomen, is het raadzaam de bestaande systeemherstelpunten te verwijderen door systeemherstel tijdelijk uit te schakelen.


  - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
  - Zet een vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Windows vraagt of je dat zeker weet.
  - Klik "Ja".
  - Klik "OK".
  - Start de pc opnieuw op.
  - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
  - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
  - Klik "Ja".
  - Verwijder het vinkje voor "Systeemherstel uitschakelen".
  - Klik "Toepassen".
  - Klik "OK".
  - Start de pc opnieuw op
  - Er is nu een nieuw schoon herstel punt aangemaakt

  Hier nog wat tips. Beveiligings Tips
 • Ook de laatste stap over systeemherstel gedaan. De beveiligingstips zal ik in acht nemen.

  De een maakt een sudoku puzzel, de ander lost een hijackthis log op. Het verschil is dat je met het oplossen van een log een ander persoon heel blij en dankbaar maakt.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.