Vraag & Antwoord

Beveiliging & privacy

Google resultaten besmet hijack this.

Anoniem
PieterF
12 antwoorden
  • Bij een zoekopdracht in Google lijken de resultaten op het eerste gezicht normaal. Echter de links die onder de eerste 5 tot 10 resultaten staan kloppen niet en linken door naar ongewenste sites. Bijvoorbeeld aircanadaman.com of find.com. enz.
    Het maakt niet uit of ik dit in IE, Firefox of Chrome doe, steeds krijg ik besmette resultaten.
    Ik heb gescand met Ad-Aware Spybot S&D en Microsoft Windows Malicious Software Removal Tool. Geen resultaat.
    Nu heb ik een Hijack This scan gedaan. Zou iemand me kunnen helpen met de resultaten?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:45, on 18/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google

    Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"

    /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86} - (no file)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TOONDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    O24 - Desktop Component 1: (no name) - http://www.djindexes.com/mdsidx/images/search.gif
    O24 - Desktop Component 2: (no name) - http://europa.eu/abc/history/images/bg_content.jpg


    End of file - 10251 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    [b:32bdc4d5c4]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
    O22 - SharedTaskScheduler: headstock - {e517b912-2c97-4a94-8b15-e7fe902b8d86} - (no file)
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/TOONDE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    O24 - Desktop Component 1: (no name) - http://www.djindexes.com/mdsidx/images/search.gif
    O24 - Desktop Component 1: (no name) - http://www.djindexes.com/mdsidx/images/search.gif[/b:32bdc4d5c4]

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen


    Open een kladblokbestand.
    Kopieer onderstaande (alles wat vetgedrukt is) in dit kladblokbestand.

    [b:32bdc4d5c4]@ECHO OFF
    IF EXIST log.txt DEL log.txt
    ECHO Deleting files>>log.txt
    FOR %%g in (
    C:\Program Files\VirRL2009\VirRL2009.exe";) DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    START NOTEPAD.EXE log.txt[/b:32bdc4d5c4]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: Bureaublad
    Bij "Bestandsnaam" zet je: del.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Dubbelklik op del.bat en post de inhoud van de logfile die opent.


    Download [b:32bdc4d5c4] en sla het op je bureaublad op.
    Dubbelklik op [b:32bdc4d5c4]mbam-setup.exe[/b:32bdc4d5c4] om het programma te installeren.

    Zorg dat er na de installatie een vinkje is geplaatst bij:[list:32bdc4d5c4]
    [*:32bdc4d5c4]Update MalwareBytes' Anti-Malware
    [*:32bdc4d5c4]Start MalwareBytes' Anti-Malware
    [/list:u:32bdc4d5c4]Klik daarna op "[b:32bdc4d5c4]Voltooien[/b:32bdc4d5c4]".
    Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.[list:32bdc4d5c4]
    [*:32bdc4d5c4]Zodra het programma gestart is, ga dan naar het tabblad "[b:32bdc4d5c4]Instellingen[/b:32bdc4d5c4]".
    [*:32bdc4d5c4]Vink hier aan: "[b:32bdc4d5c4]Sluit Internet Explorer tijdens verwijdering van malware[/b:32bdc4d5c4]".
    [*:32bdc4d5c4]Ga daarna naar het tabblad "[b:32bdc4d5c4]Scanner[/b:32bdc4d5c4]", kies hier voor "[b:32bdc4d5c4]Snelle Scan[/b:32bdc4d5c4]".
    [*:32bdc4d5c4]Druk vervolgens op "[b:32bdc4d5c4]Scannen[/b:32bdc4d5c4]" om de scan te starten.
    [*:32bdc4d5c4]Het scannen kan een tijdje duren, dus wees geduldig.

    [*:32bdc4d5c4]Wanneer de scan voltooid is, klik op [b:32bdc4d5c4]OK[/b:32bdc4d5c4], daarna "[b:32bdc4d5c4]Bekijk Resultaten[/b:32bdc4d5c4]" om de resultaten te zien.
    [*:32bdc4d5c4]Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "[b:32bdc4d5c4]Verwijder geselecteerde[/b:32bdc4d5c4]".
    [*:32bdc4d5c4]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [/list:u:32bdc4d5c4]Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "[b:32bdc4d5c4]Logs[/b:32bdc4d5c4]" tab te klikken in het programma.

    Plaats dit logje samen met een nieuw logje van HijackThis
  • Beste Othuroyo, bedankt voor je supersnelle reactie. Helaas geeft Google nog steeds besmette resultaten. Hier zijn de logs:

    log del.bat:
    Deleting files

    Malwarebytes' Anti-Malware 1.33
    Database versie: 1665
    Windows 5.1.2600 Service Pack 3

    18/01/2009 13:22:34
    mbam-log-2009-01-18 (13-22-24).txt

    Scan type: Snelle Scan
    Objecten gescand: 56582
    Verstreken tijd: 7 minute(s), 33 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 3
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 4

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a81ebfd7-0fa3-41ec-b60d-6dae78b4d31a} (Trojan.Zlob) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> No action taken.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    C:\Documents and Settings\Toon de Gee\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
    C:\Documents and Settings\Toon de Gee\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
    C:\Documents and Settings\Toon de Gee\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
    C:\Documents and Settings\Toon de Gee\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:27:34, on 18/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: UvA - Informatiseringscentrum CISCO VPN Client.lnk = C:\Program Files\Cisco Systems\vpngui.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\McShield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 2: (no name) - http://europa.eu/abc/history/images/bg_content.jpg


    End of file - 9735 bytes
  • Start hijackthis en kies voor 'do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:
    [b:95c329c49a]O24 - Desktop Component 2: (no name) - http://europa.eu/abc/history/images/bg_content.jpg[/b:95c329c49a]
    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Zou je alles wat gevonden is door MBAM ook willen verwijderen en de volledige del.bat nog een keer uitvoeren en dan de [b:95c329c49a]volledige[/b:95c329c49a] inhoud ervan hier posten.
  • Heb het hijack this resultaat gefixt.
    De resultaten van MBAM had ik voor mijn vorige post al laten verwijderen. Ik heb nu een nieuwe scan met mbam gedaan en nu vindt hij niets.
    De log.txt bij del.bat is nog steeds: deleting files. Meer kan ik er niet van maken.
    Heb de handeling nog eens over gedaan zoals je in jouw eerste post uitlegde maar helaas verandert er niets.
  • Download Combofix naar je Bureaublad.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Klik op OK in het "NirCmd" venstertje.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
    Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen plaats die in je volgende post.
  • Combofix gedaan. Ik kreeg een leeg buroblad na afloop terwijl het scannen echt afgelopen was.
    Opnieuw opgestart en… [b:0dd8fd2ea5]alle resultaten in Google zijn schoon. Heel erg bedankt! [/b:0dd8fd2ea5]
    Hier de log:

    ComboFix 09-01-17.04 - Toon de Gee 2009-01-18 15:41:50.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.588 [GMT 1:00]
    Running from: c:\documents and settings\Toon de Gee\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\update.exe
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\wdmaud.sys

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
    .

    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\documents and settings\Toon de Gee\Application Data\Malwarebytes
    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-18 13:10 . 2009-01-14 16:11 38,496 –a—— c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2009-01-18 13:10 . 2009-01-14 16:11 15,504 –a—— c:\windows\SYSTEM32\DRIVERS\mbam.sys
    2009-01-17 17:18 . 2009-01-17 17:18 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2009-01-17 16:26 . 2009-01-17 17:05 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-17 16:26 . 2009-01-17 17:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-17 14:09 . 2009-01-17 15:46 <DIR> d——– c:\program files\EsetOnlineScanner
    2009-01-17 12:55 . 2009-01-17 12:55 0 –a—— c:\windows\nsreg.dat
    2009-01-14 16:39 . 2009-01-17 17:19 <DIR> d——– c:\program files\Lavasoft
    2009-01-14 16:39 . 2009-01-17 17:17 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-13 19:25 . 2009-01-13 19:25 <DIR> d——– c:\program files\Windows Defender
    2009-01-11 23:40 . 2009-01-12 14:57 4 –a—— C:\WebData.csv
    2009-01-10 15:08 . 2009-01-10 15:08 98,951 –a—— C:\ms.htm
    2009-01-09 11:36 . 2009-01-09 11:36 410,984 –a—— c:\windows\SYSTEM32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-15 10:29 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-14 10:07 ——— d—–w c:\program files\Cisco Systems
    2009-01-10 10:32 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
    2009-01-09 10:36 ——— d—–w c:\program files\Java
    2008-12-27 13:43 ——— d—–w c:\program files\Google
    2008-12-13 06:40 3,593,216 ——w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ——w c:\windows\SYSTEM32\DLLCACHE\srv.sys
    2008-12-11 10:40 ——— d—–w c:\program files\McAfee
    2008-11-19 09:59 ——— d—–w c:\documents and settings\Toon de Gee\Application Data\AdobeUM
    2008-10-24 11:21 455,296 ——w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
    2008-10-23 12:36 286,720 —-a-w c:\windows\SYSTEM32\gdi32.dll
    2008-10-23 12:36 286,720 ——w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
    2007-08-16 18:10 167,936 —-a-w c:\program files\axcws32.dll
    2007-08-16 18:10 1,236,992 —-a-w c:\program files\adsloc32.dll
    2007-08-16 18:10 1,003,568 —-a-w c:\program files\ace32.dll
    2007-05-29 14:12 2,810,368 —-a-w c:\program files\C@shflowApp.exe
    2007-05-02 08:43 1,230 —-a-w c:\program files\BTDownload.ini
    2007-02-28 12:01 209 —-a-w c:\program files\adslocal.cfg
    2006-09-12 06:10 28,348 —-a-w c:\program files\extend.chr
    2006-09-12 06:10 24,128 —-a-w c:\program files\ansi.chr
    2006-07-03 14:30 537,740 —-a-w c:\program files\Handleiding.pdf
    2006-06-28 16:30 852,992 —-a-w c:\program files\C@shflow.exe
    2005-09-07 07:58 836 —-a-w c:\documents and settings\Toon de Gee\Application Data\ViewerApp.dat
    2004-05-07 14:28 195 —-a-w c:\program files\wizard.htm
    2004-02-16 15:29 176 —-a-w c:\program files\www.bankingtools.nl.url
    2001-12-17 05:00 311,296 —-a-w c:\program files\SDENSX60.DLL
    2001-12-17 05:00 307,200 —-a-w c:\program files\SDECDX60.dll
    2001-12-17 05:00 278,528 —-a-w c:\program files\SDENTX60.DLL
    2001-12-17 05:00 200,704 —-a-w c:\program files\SDE60.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 68856]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
    "Google Update"="c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-17 133104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\SYSTEM32\CTHELPER.EXE]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
    UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-02-06 1528880]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-04-01 106560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= wdmaud.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Outlook Express\\MSIMN.EXE"=
    "c:\\Program Files\\VoipBuster\\VoipBuster.exe"=
    "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\C@shflowApp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 206096]
    R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3036141038-2246288971-3422156299-1005.job
    - c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 12:42]

    2008-10-08 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2008-10-08 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2009-01-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    .
    ——- Supplementary Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.nl/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\Toon de Gee\Application Data\Mozilla\Firefox\Profiles\zdolzcew.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 15:44:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-01-18 15:47:26
    ComboFix-quarantined-files.txt 2009-01-18 14:47:13

    Pre-Run: 129,694,298,112 bytes free
    Post-Run: 129,713,377,280 bytes free

    160 — E O F — 2009-01-16 11:18:00
  • Ga naar Virustotal.com
    Upload het volgende bestand door het volgende te kopiëren/plakken (dus niet via "Bladeren…" opzoeken!): [b:6ee2167fc2]C:\WebData.csv[/b:6ee2167fc2]
    Wacht totdat het resultaat verschijnt. Post dit mee in je volgende reactie

    Heb jij deze bestanden zelf aangemaakt?
    c:\program files\www.bankingtools.nl.url
    c:\program files\wizard.htm



    Open een kladblokbestand.
    Kopieer de onderstaande code, en plak deze in het kladblokbestand.

  • plakken naar virustotal ging niet dus heb ik toch "browse" moeten gebruiken.
    Wizard zegt me niets.
    Banking Tools is de uitgever van cashflow manager, software die ik gebruik. Zelf maak ik over het algemeen niets aan in "program files". Dat moet die software er zelf dus ingezet hebben.

    Virustotal:
    File WebData.csv received on 01.18.2009 16:56:31 (CET)
    Current status: finished
    Result: 0/37 (0%)
    Compact
    Print results
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

    Email:



    Antivirus Version Last Update Result
    a-squared 4.0.0.73 2009.01.18 -
    AhnLab-V3 2009.1.15.0 2009.01.17 -
    AntiVir 7.9.0.57 2009.01.18 -
    Authentium 5.1.0.4 2009.01.17 -
    Avast 4.8.1281.0 2009.01.16 -
    AVG 8.0.0.229 2009.01.18 -
    BitDefender 7.2 2009.01.18 -
    CAT-QuickHeal 10.00 2009.01.17 -
    ClamAV 0.94.1 2009.01.18 -
    Comodo 935 2009.01.18 -
    DrWeb 4.44.0.09170 2009.01.18 -
    eSafe 7.0.17.0 2009.01.18 -
    eTrust-Vet 31.6.6312 2009.01.17 -
    F-Prot 4.4.4.56 2009.01.17 -
    F-Secure 8.0.14470.0 2009.01.18 -
    Fortinet 3.117.0.0 2009.01.15 -
    GData 19 2009.01.18 -
    Ikarus T3.1.1.45.0 2009.01.18 -
    K7AntiVirus 7.10.594 2009.01.17 -
    Kaspersky 7.0.0.125 2009.01.18 -
    McAfee+Artemis 5498 2009.01.17 -
    Microsoft 1.4205 2009.01.18 -
    NOD32 3774 2009.01.17 -
    Norman 5.93.01 2009.01.16 -
    nProtect 2009.1.8.0 2009.01.16 -
    Panda 9.5.1.2 2009.01.18 -
    Prevx1 V2 2009.01.18 -
    Rising 21.12.62.00 2009.01.18 -
    SecureWeb-Gateway 6.7.6 2009.01.18 -
    Sophos 4.37.0 2009.01.18 -
    Sunbelt 3.2.1835.2 2009.01.16 -
    Symantec 10 2009.01.18 -
    TheHacker 6.3.1.5.222 2009.01.17 -
    TrendMicro 8.700.0.1004 2009.01.16 -
    VBA32 3.12.8.10 2009.01.17 -
    ViRobot 2009.1.17.1563 2009.01.17 -
    VirusBuster 4.5.11.0 2009.01.18 -
    Additional information
    File size: 4 bytes
    MD5…: 0ae9bcd0c0b0aa5aab99d84beca26ce8
    SHA1..: 95ae2add76d30dc377e774ec0d5abc17a7832865
    SHA256: 91a4e2f100227487a802ac040b85700f03520b347fbfe4c23b7bf2d97b43d9fa
    SHA512: 2e5bce2521d799135a10bb14cc127a0f794d8cdd2bcd97ed90a7f2d4279f72ab
    af45a58daf7635472b3d845db21f13f03708fc40f89b1963c8344a89df2b3bd0
    ssdeep: 3:yn:yn
    PEiD..: -
    TrID..: File type identification
    Unknown!
    PEInfo: -

    [b:ceda7c6bda]ComboFix[/b:ceda7c6bda] 09-01-17.04 - Toon de Gee 2009-01-18 17:08:46.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.631 [GMT 1:00]
    Running from: c:\documents and settings\Toon de Gee\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Toon de Gee\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    c:\windows\nsreg.dat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\nsreg.dat

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
    .

    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\program files\Malwarebytes' Anti-Malware
    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\documents and settings\Toon de Gee\Application Data\Malwarebytes
    2009-01-18 13:10 . 2009-01-18 13:10 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-18 13:10 . 2009-01-14 16:11 38,496 –a—— c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
    2009-01-18 13:10 . 2009-01-14 16:11 15,504 –a—— c:\windows\SYSTEM32\DRIVERS\mbam.sys
    2009-01-17 17:18 . 2009-01-17 17:18 <DIR> d——– c:\program files\Common Files\Wise Installation Wizard
    2009-01-17 16:26 . 2009-01-17 17:05 <DIR> d——– c:\program files\Spybot - Search & Destroy
    2009-01-17 16:26 . 2009-01-17 17:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-01-17 14:09 . 2009-01-17 15:46 <DIR> d——– c:\program files\EsetOnlineScanner
    2009-01-14 16:39 . 2009-01-17 17:19 <DIR> d——– c:\program files\Lavasoft
    2009-01-14 16:39 . 2009-01-17 17:17 <DIR> d——– c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-13 19:25 . 2009-01-13 19:25 <DIR> d——– c:\program files\Windows Defender
    2009-01-11 23:40 . 2009-01-12 14:57 4 –a—— C:\WebData.csv
    2009-01-10 15:08 . 2009-01-10 15:08 98,951 –a—— C:\ms.htm
    2009-01-09 11:36 . 2009-01-09 11:36 410,984 –a—— c:\windows\SYSTEM32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-15 10:29 ——— d–h–w c:\program files\InstallShield Installation Information
    2009-01-14 10:07 ——— d—–w c:\program files\Cisco Systems
    2009-01-10 10:32 ——— d—–w c:\documents and settings\LocalService\Application Data\SACore
    2009-01-09 10:36 ——— d—–w c:\program files\Java
    2008-12-27 13:43 ——— d—–w c:\program files\Google
    2008-12-13 06:40 3,593,216 ——w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
    2008-12-11 10:57 333,952 —-a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ——w c:\windows\SYSTEM32\DLLCACHE\srv.sys
    2008-12-11 10:40 ——— d—–w c:\program files\McAfee
    2008-11-19 09:59 ——— d—–w c:\documents and settings\Toon de Gee\Application Data\AdobeUM
    2008-10-24 11:21 455,296 ——w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
    2008-10-23 12:36 286,720 —-a-w c:\windows\SYSTEM32\gdi32.dll
    2008-10-23 12:36 286,720 ——w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
    2007-08-16 18:10 167,936 —-a-w c:\program files\axcws32.dll
    2007-08-16 18:10 1,236,992 —-a-w c:\program files\adsloc32.dll
    2007-08-16 18:10 1,003,568 —-a-w c:\program files\ace32.dll
    2007-05-29 14:12 2,810,368 —-a-w c:\program files\C@shflowApp.exe
    2007-05-02 08:43 1,230 —-a-w c:\program files\BTDownload.ini
    2007-02-28 12:01 209 —-a-w c:\program files\adslocal.cfg
    2006-09-12 06:10 28,348 —-a-w c:\program files\extend.chr
    2006-09-12 06:10 24,128 —-a-w c:\program files\ansi.chr
    2006-07-03 14:30 537,740 —-a-w c:\program files\Handleiding.pdf
    2006-06-28 16:30 852,992 —-a-w c:\program files\C@shflow.exe
    2005-09-07 07:58 836 —-a-w c:\documents and settings\Toon de Gee\Application Data\ViewerApp.dat
    2004-05-07 14:28 195 —-a-w c:\program files\wizard.htm
    2004-02-16 15:29 176 —-a-w c:\program files\www.bankingtools.nl.url
    2001-12-17 05:00 311,296 —-a-w c:\program files\SDENSX60.DLL
    2001-12-17 05:00 307,200 —-a-w c:\program files\SDECDX60.dll
    2001-12-17 05:00 278,528 —-a-w c:\program files\SDENTX60.DLL
    2001-12-17 05:00 200,704 —-a-w c:\program files\SDE60.DLL
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-18_15.45.56.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-18 10:41:15 32,768 —-a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    + 2009-01-18 15:13:06 32,768 —-a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    - 2009-01-18 10:41:15 32,768 —-a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-18 15:13:06 32,768 —-a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-18 10:41:15 32,768 —-a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-18 15:13:06 32,768 —-a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-18 14:57:49 16,384 —-atw c:\windows\Temp\Perflib_Perfdata_2f4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 68856]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
    "Google Update"="c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-17 133104]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\SYSTEM32\CTHELPER.EXE]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
    UvA - Informatiseringscentrum CISCO VPN Client.lnk - c:\program files\Cisco Systems\vpngui.exe [2007-02-06 1528880]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-04-01 106560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"= wdmaud.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Outlook Express\\MSIMN.EXE"=
    "c:\\Program Files\\VoipBuster\\VoipBuster.exe"=
    "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\C@shflowApp.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 206096]
    R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

    2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3036141038-2246288971-3422156299-1005.job
    - c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-17 12:42]

    2008-10-08 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2008-10-08 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

    2009-01-18 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    .
    ——- Supplementary Scan ——-
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.nl/
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    FF - ProfilePath - c:\documents and settings\Toon de Gee\Application Data\Mozilla\Firefox\Profiles\zdolzcew.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Toon de Gee\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-18 17:11:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-01-18 17:13:45
    ComboFix-quarantined-files.txt 2009-01-18 16:13:33
    ComboFix2.txt 2009-01-18 14:47:27

    Pre-Run: 129,706,795,008 bytes free
    Post-Run: 129,689,710,592 bytes free

    170 — E O F — 2009-01-16 11:18:00
  • Hoe staat het met de problemen?
  • Probleem is opgelost. Nogmaals heel veel dank! Ik kan eindelijk weer normaal van Google gebruik maken. :D
  • Graag gedaan,

    Doe nog even dit:

    Download ATF cleaner (mirror)(gemaakt door Atribune)

    Belangrijk: Sluit al je browservensters(IE en/of Firefox en/of Opera) om de tool goed te kunnen laten werken.

    Dubbelklik op

    ATF cleaner om het programma te starten.
    Op het tabblad Main, plaats je een vinkje bij Select All.
    Klik op de knop Empty Selected.

    Het volgende doen als je ook FireFox als browser hebt:

    Klik op tabblad Firefox, plaats een vinkje bij Select All.
    Wil je de door Firefox opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    (dit haalt het vinkje weer weg bij Firefox saved passwords)
    Klik op de knop Empty Selected.

    Het volgende doen als je ook Opera als browser hebt:

    Klik op tabblad Opera, plaats een vinkje bij Select All.
    Wil je de door Opera opgeslagen wachtwoorden behouden, dan klik je in het venster dat verschijnt op No.
    Klik op de knop Empty Selected.
    Ga naar het tabblad Main en klik op de knop Exit om het programma af te sluiten.3. Je mag alle gebruikte tools en aangemaakte mappen terug verwijderen.


    - Ga naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Klik in de linkerhelft van het venster op "Instellingen van systeemherstel".
    - Zet een vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Windows vraagt of je dat zeker weet.
    - Klik "Ja".
    - Klik "OK".
    - Start de pc opnieuw op.
    - Ga weer naar Start/Alle programma's/Bureau-accessoires/Systeemwerkset/Systeemherstel.
    - Je krijgt de melding: "Systeemherstel is uitgeschakeld. Wilt u systeemherstel nu inschakelen?"
    - Klik "Ja".
    - Verwijder het vinkje voor "Systeemherstel uitschakelen".
    - Klik "Toepassen".
    - Klik "OK".
    - Start de pc opnieuw op
    - Er is nu een nieuw schoon herstel punt aangemaakt

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.