[OPGELOST] Pop ups, internet explorer loopt vast

Goedemiddag,

Ik heb sinds vandaag zwaar problemen met pop-upvensters wanneer ik een internetsite open.

Meestal zijn het advertenties over anti-spyware programma's en dergelijke... maar soms blijft er eenzelfde site zich onafgebroken openen waardoor ik plots 25 vensters heb.

Daarom heb ik even een HJT logje gemaakt...

Als iemand mij kan helpen, ik zou je heel dankbaar zijn!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:56:29, on 27/06/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\drivers\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\msdtc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [{98-86-63-35-DW}] c:\windows\system32\rwwnw64d.exe DWram1

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\tcntaxdm.exe DWram1

O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe

O4 - HKLM\..\Run: [bMe7dab506] Rundll32.exe "C:\WINDOWS\System32\fvlpaonq.dll",s

O4 - HKLM\..\Run: [e4e9869a] rundll32.exe "C:\WINDOWS\System32\aggttxyu.dll",b

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - S-1-5-21-789336058-764733703-842925246-1003 Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe (User '?')

O4 - S-1-5-21-789336058-764733703-842925246-1003 Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User '?')

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.storageguardsoft.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--

End of file - 7561 bytes

Start Hijackthis op en kies voor 'Do a system scan only'. Selecteer alleen de items hieronder genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKLM\..\Run: [{98-86-63-35-DW}] c:\windows\system32\rwwnw64d.exe DWram1

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139

O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\tcntaxdm.exe DWram1

O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe

O4 - HKLM\..\Run: [bMe7dab506] Rundll32.exe "C:\WINDOWS\System32\fvlpaonq.dll",s

O4 - HKLM\..\Run: [e4e9869a] rundll32.exe "C:\WINDOWS\System32\aggttxyu.dll",b

O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe

O4 - S-1-5-21-789336058-764733703-842925246-1003 Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe (User '?')

O4 - S-1-5-21-789336058-764733703-842925246-1003 Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe (User '?')

O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntaxdm.exe

O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rwwnw64d.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

ALLE 015-LIJNEN

Klik op 'Fix checked' om de items te verwijderen.

Verwijder volgende vetgedrukte bestand met Windows Verkenner

C:\WINDOWS\System32\drivers\svchost.exe

Download MBAM (Malwarebytes' Anti-Malware).

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder)

De log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in MBAM.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken.Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Ik heb de stappen uitgevoerd die jij me hebt opgegeven... en dit is het resultaat van MBAM + een nieuw HJT logje.

Alvast bedankt!

Malwarebytes' Anti-Malware 1.18

Database versie: 895

17:21:40 27/06/2008

mbam-log-6-27-2008 (17-21-40).txt

Scan type: Snelle Scan

Objecten gescand: 40882

Verstreken tijd: 18 minute(s), 24 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 3

Registersleutels geïnfecteerd: 34

Registerwaarden geïnfecteerd: 5

Registerdata bestanden geïnfecteerd: 2

Mappen geïnfecteerd: 3

Bestanden geïnfecteerd: 35

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:

C:\WINDOWS\system32\aggttxyu.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\cbXRLbBT.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\fccdbAqr.dll (Trojan.Vundo) -> Unloaded module successfully.

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b3a289e2-ac5c-4784-99a3-278856ace04e} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{b3a289e2-ac5c-4784-99a3-278856ace04e} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{b7c9058d-0f9c-32c0-83b6-740dfd8a6726} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0979850f-6c3e-4294-b225-b3d3c4a6f2a1} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1bb2da5f-b78f-44ea-bda1-771cbe1dec68} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2a4e73c5-ba3c-4391-b7e5-ffe8d3bd6245} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{44a923ca-f430-4f85-9f84-5153ecdb882e} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4e6e21ec-9d72-4164-8a53-74786a467872} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{631e9e48-b066-43da-92ac-6dadf61b173b} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{65c1361c-e696-4af0-9e21-81910193f352} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{77dce805-c8ce-48aa-a47f-bfa6cc7704b3} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d42769f-07d8-494d-aab4-aa1652c541fa} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a1922071-390c-418d-916d-91209e95d286} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a1f8cd95-cfb3-43d1-a956-63441cc058c1} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a63b46ad-96a7-4a2c-bd8f-8cd097e1593a} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a65f98dd-2360-468c-b76e-b1b84c0d547c} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ae2aeed0-be1b-4ba2-826e-20d1991081b8} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d7f73787-6206-4bba-bdc0-7cfa9940dbcb} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e770f739-2968-4ed9-a63c-dc1938dc82a2} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{cfafa83c-855b-4e3d-92b9-a587995b675a} (Rogue.VirusProtect) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3wPlayer_is1 (Trojan.Adware) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccdbaqr (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe7dab506 (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9c28eafb-ff50-4f42-8d39-a006129cc907} (Trojan.Vundo) -> Delete on reboot.

Registerdata bestanden geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxrlbbt -> Delete on reboot.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxrlbbt -> Delete on reboot.

Mappen geïnfecteerd:

C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\skins (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

C:\WINDOWS\system32\aggttxyu.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\uyxttgga.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cbXRLbBT.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\TBbLRXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TBbLRXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tcntaxdm.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\17PHolmes572.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1000106.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu572.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu572.exe.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\Documents and Settings\pc\Local Settings\Temp\winvsnet.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\3wPlayer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\settings.ini (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\settings.stp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\SkinCrafterDll.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\test.gif (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\unins000.dat (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\unins000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\3wPlayer\skins\Stylish.skf (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\Online Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\Online Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fvlpaonq.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\sysools.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xxyabxWP.dll (Backdoor.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mlJYrroP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fccdbAqr.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\pc\Local Settings\Temp\snapsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\pc\Local Settings\Temp\yazzsnet.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:30:30, on 27/06/2008

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dslagent.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O2 - BHO: {77614b67-6ec3-2a28-d8c4-b3db21f87c4d} - {d4c78f12-bd3b-4c8d-82a2-3ce676b41677} - C:\WINDOWS\System32\lsmddrka.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\TrayServer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')

O4 - HKUS\S-1-5-21-789336058-764733703-842925246-1003\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (User '?')

O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F53270D3-0E32-48B7-B63B-159E33210F70} (Livelink ActiveX Control) - https://livelink.groenkennisnet.nl/livelinksupport/webedit/lledit.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CF785CA6-5FDE-4CAE-B8EF-CF396AEB46E6}: NameServer = 195.238.2.22 195.238.2.21

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--

End of file - 5978 bytes

Daar heb je al een flinke opruiming mee gehouden.

Deze mag je nog fixen met HiJackThis :

O2 - BHO: {77614b67-6ec3-2a28-d8c4-b3db21f87c4d} - {d4c78f12-bd3b-4c8d-82a2-3ce676b41677} - C:\WINDOWS\System32\lsmddrka.dll

en weet dan meteen eens te vertellen hoe het met je pop-ups gesteld is.

Ik heb nu een paar uurtjes rondgesurfd op het internet en geen enkele pop-up gekregen.

Volgens mij is het probleem van de baan.

Heel erg bedankt!

Prima. Dat is wat ik ook wel verwacht had. Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder MBAM met Windows Verkenner.

Download CCleaner.

Installeer het en start het op. Start CCleaner op en klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Opschonen'. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scannen voor fouten’. Als er fouten gevonden worden klik je op ”alle fouten herstellen” en ”OK”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That’s it !

Vermits er geen reactie meer volgt, mogen we aannemen dat TS deze laatste onderrichtingen heeft uitgevoerd en zetten we een "slotje" op dit onderwerp. Mocht je dit toch nog willen heropenen, geef dan een seintje aan één van de moderators.